Skip to content

data breach

I’ll take some Customer info with my Burger & Fries please

Windy's hacked
Quote

Wendy’s, the nationwide chain of fast-food restaurants, says it is investigating claims of a possible credit card breach at some locations. The acknowledgment comes in response to questions from KrebsOnSecurity about banking industry sources who discovered a pattern of fraud on cards that were all recently used at various Wendy’s locations….“We have received this month from our payment industry contacts reports of unusual activity involving payment cards at some of our restaurant locations,” Bertini said. “Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants. We’ve hired a cybersecurity firm and launched a comprehensive and active investigation that’s underway to try to determine the facts.”

When will businesses start taking IT Security Seriously? (…not until a few get put of business I fear..)

Card Breach Hits America’s Thrift Stores

Quote

America’s Thrift Stores, which operates 18 donation-based thrift stores across five states, is the latest organization to discover it has been hit by a cyberattack.

The company recently learned it was a victim of a data breach that originated through software used by a third-party service provider.

America’s Thrift Stores confirmed it has been working with an independent external forensic expert, as well as the U.S. Secret Service, to investigate the breach, which it believes affected sales transactions between Sept. 1, 2015 and Sept. 27, 2015.

The malware-driven security breach resulted in the theft of customers’ payment card numbers and expiration dates, but America’s Thrift Stores confirmed the U.S. Secret Service does not believe customer names, phone numbers, addresses or email addresses were compromised in the attack.

“This breach allowed criminals from Eastern Europe unauthorized access to some payment card numbers,” the company’s CEO, Kenneth Sobaski, said in a statement.

“This virus/malware is one of several infecting retailers across North America.”

According to security blogger Brian Krebs, sources at several banks reported a pattern of fraud on payment cards used to make purchases at America’s Thrift Stores, meaning the cybercriminals may have used “data stolen from the compromised point-of-sale devices to counterfeit new cards.”

As PYMNTS reported yesterday (Oct. 12), the costs of cybercrime for businesses is rising at an alarming rate, with U.S. companies feeling the brunt of the financial burden.

In the latest report on the true costs of cybercrime, Hewlett-Packard issued a report in tandem with Ponemon via the latter’s Institute on Cyber Crime earlier this month. The report states that the U.S. is especially hard hit by hacking, as cyberattacks cost U.S. firms, on average, $15.4 million annually, which is double the $7.7 million global average (which is a bump of 1.9 percent over last year, after adjusting for currency changes). For the U.S., the latest average costs represent a significant jump from the $12.7 million seen in 2014.

Not PCI DSS Compliant: Experian

Quote

Hackers broke into a server and made off with names, driver license numbers, and other personal information belonging to more than 15 million US consumers who applied for cellular service from T-Mobile.

The breach was the result of an attack on a database maintained by credit-reporting service Experian, which was contracted to process credit applications for T-Mobile customers, T-Mobile CEO John Legere said in a statement posted online. The investigation into the hack has yet to be completed, but so far the compromise is known to affect people who applied for T-Mobile service from September 1, 2013 through September 16 of this year. It’s at least the third data breach to affect Experian disclosed since March 2013.

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” Legere wrote. “I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.”

 

I am not sure where to file this: perhaps Cyber Hypocrisy? Wow, if the Credit Card companies do not take cyber seriously, then we are all in deep do do.

Internal actors responsible for 43% of data loss

Quote

Among companies experiencing data breaches (and that is to say, a majority), internal actors were responsible for 43% of data loss, half of which was intentional, and half accidental.

That’s a staggering amount of risk lingering inside organizations, especially when one considers that the report, from Intel, also revealed that security professionals have experienced an average of six significant security breaches each.

Interestingly, insider threats aren’t recognized as the gaping issue that they are. Breaches perpetrated by disgruntled employees and other forms of inside jobs come in at sixth place for most of the world in terms of security concerns, except in Asia-Pacific, where it’s No. 2. Cloud deployments, in contrast, brought with them increased anxiety of more security breaches, although there was no indication of increased risk with cloud applications.

Intel also found that in 68% of data breach incidents, the data exfiltrated from the network was serious enough to require public disclosure or have a negative financial impact on the company. The same was true for 70% of incidents in smaller commercial organizations, and in 61% of breaches in enterprises.