previously announced in February as affecting 12 hotels in the chain has proven to have been far more extensive than was first thought . Last week the group announced that the breachAttack.Databreachaffected guests that used their credit cards to pay at franchisee hotels across the United States and in Puerto Rico between September 29 , 2016 and December 29 , 2016 . According to the chain ’ s website , the Intercontinental Hotels Group data breachAttack.Databreachpotentially affected guests who stayed at its Holiday Inn , Holiday Inn Express , Crowne Plaza , Staybridge Suites , Candlewood Suites , Hotel Indigo , and InterContinental Hotels . The full list of hotels that have potentially been affected by the malware incident has been listed on the IHG website . In total , 1,184 of the group ’ s hotels have potentially been affected . The Intercontinental Hotels Group data breachAttack.Databreachinvolved malware that had been downloaded onto its systems , which was capable of monitoring payment card systems and exfiltratingAttack.Databreachpayment card data . It does not appear that any other information other than card details and cardholders ’ names were stolenAttack.Databreachby the attackers . The hotel group does not believe the data breachAttack.Databreachextended past December 29 , 2016 , although that can not be entirely ruled out as it took until February/March for all of the affected hotels to be investigated and for confirmation to be received that the malware had been removed . Prior to the malware being installed , IHG had started installing the OHG Secure Payment Solution ( SPS ) , which provides point to point encryption to prevent incidents such as this from resulting in the theft of clients ’ data . Had the process started sooner , the Intercontinental Hotel Group data breachAttack.Databreachcould have been prevented . Hotels that had implemented the SPS prior to September 29 , 2016 were not affected and those that had implemented the solution between September 29 , 2016 and December 29 , 2016 stopped the malware from being able to locate and stealAttack.Databreachcredit card data . In those cases , only clients that used their credit cards at affected hotels between September 29 , 2016 and when the SPS system was installed were affected . Intercontinental Hotels Group Data Breach One of Many Affecting the Hospitality Sector The Intercontinental Hotels Group data breachAttack.Databreachstands out due to the extent to which the group was affected , with well over 1,100 hotels affected . However , this is far from the only hotel group to have been affected by POS malware . Previous incidents have also been reported by Hard Rock Hotels , Hilton Hotels , Omni Hotels & Resorts and Trump Hotels . Hotels , in particular hotel chains , are big targets for cybercriminals due to the size of the prize . Many hotel guests choose to pay for their rooms and services on credit cards rather than in cash , and each hotel services many thousands – often tens of thousands – of guests each year . Globally , IHG hotels service more than 150 million guests every year , which is a tremendous number of credit and debit cards . Such a widespread malware infection would be highly lucrative for the attackers . Credit card numbers may only sell for a couple of dollars a time , but with that number of guests , an attackAttack.Databreachsuch as this would be a huge pay day for the attackers .
HipChat has reset all its users ' passwords after what it called a security incident that may have exposedAttack.Databreachtheir names , email addresses and hashed password information . In some cases , attackers may have accessedAttack.Databreachmessages and content in chat rooms , HipChat said in a Monday blog post . But this happened in no more than 0.05 percent of the cases , each of which involved a domain URL , such as company.hipchat.com . HipChat did n't say how many users may have been affected by the incident . The passwords that may have been exposedAttack.Databreachwould also be difficult to crack , the company said . The data is hashed , or obscured , with the bcrypt algorithm , which transforms the passwords into a set of random-looking characters . For added security , HipChat `` salted '' each password with a random value before hashing it . HipChat warned that chat room data including the room name and topic may have also been exposedAttack.Databreach. But no financial or credit information was takenAttack.Databreach, the company said . HipChat is a popular messaging service used among enterprises , and an attackAttack.Databreachthat exposedAttack.Databreachsensitive work-related chats could cause significant harm . The service , which is owned by Atlassian , said it detected the security incident last weekend . It affectedVulnerability-related.DiscoverVulnerabilitya server in the HipChat Cloud and was caused by a vulnerability in an unnamed , but popular , third-party library that HipChat.com used , the company said . No other Atlassian systems were affected , the company said . “ We are confident we have isolated the affected systems and closed any unauthorized access , ” HipChat said in its blog post . This is not the first time the messaging service has faced problems keeping accounts secure . In 2015 , HipChat reset user passwords after detecting and blocking suspicious activity in which account information was stolenAttack.Databreachfrom less than 2 percent of its users . When breaches occur , security experts advise users to change their passwords for any accounts where they used the same login information . Users can consider using a password manager to help them store complex , tough-to-memorize passwords . HipChat has already sent an email to affected users , informing them of the password reset . In 2015 , rival chat application Slack reported its own breach , and as a result rolled out two-factor authentication to beef up its account security . HipChat does not offer two-factor authentication .
Get accessAttack.Databreachto essential strategic content , in-depth reports , industry intelligence , and exclusive data . Columbia Sportswear Co , is investigating an attackAttack.Databreachon one of its e-commerce sites . CEO Tim Boyle told analysts on Columbia ’ s fourth quarter 2016 earnings call that there was an unspecified cyber attackAttack.Databreachon its prAna brand ’ s online store . Columbia Sportswear acquired prAna in May 2014 for $ 190 million in cash . “ We immediately launched an investigation and engaged a leading third-party cyber security firm to assist us , ” he told analysts on the call , according to a transcript from Seeking Alpha . “ Protecting our customers ’ information is one of our top priorities and we are taking this very seriously . Until the investigation is completed , it ’ s difficult to characterize the scope or nature of the potential incident , but we are working vigilantly to address this issue ” . Boyle stressed that the attackAttack.Databreachwas limited to prAna ’ s site and did not affect Columbia ’ s other online stores . Online sales are growing fast for the outdoor apparel maker and retailer . Boyle told analysts the company generated about $ 220 million in online sales globally in 2016 .
The breach indicates even more capable Asian states are struggling to confront cyber threats . On February 28 , Singapore ’ s defense ministry ( MINDEF ) disclosed that a breachAttack.Databreachin an Internet-connected system earlier this month had resulted in the personal data of 850 national servicemen and employees being stolenAttack.Databreach. Though the impact of the breach was quite limited , it nonetheless highlights the difficulties that Singapore faces as it confronts its growing cyber challenge . According to MINDEF , the I-net system used by personnel to access the Internet through terminals at the ministry and other facilities was breachedAttack.Databreachby an attackAttack.Databreachin early February . While personal data , including identification numbers , phone numbers , and date of birth , were believed to have been stolenAttack.Databreachduring the incidentAttack.Databreach, the ministry said no classified information was compromisedAttack.Databreachbecause it is stored on a separate system not connected to the Internet . As I have noted before , it has been paying keen attention to the cyber domain as a developed , highly-networked country . Singapore is particularly vulnerable as it relies on its reputation for security and stability to serve as a hub for businesses and attract talent . Indeed , last year , Deloitte found that Singapore was among the five Asian countries most vulnerable to cyber attacks ( See : “ Singapore Among Most Vulnerable to Cyberattacks in Asia ” ) . In response , Singapore has unveiled a series of initiatives aimed at boosting cybersecurity , including creating new institutions , safeguarding critical infrastructure , training cyber security personnel , and collaborating more with the private sector ( See : “ Singapore ’ s Cyber War Gets a Boost ” ) . And as I noted before , Prime Minister Lee Hsien Loong also outlined Singapore ’ s overall cybersecurity strategy at the inaugural Singapore International Cyber Week in October last year ( See : “ Singapore Unveils New ASEAN Cyber Initiative ” ) . Nonetheless , the cyber attack this week is a reminder that even the more capable states in the Asia-Pacific continue to struggle with confronting threats in the cyber realm . This was the first publicly disclosed cyber attack that MINDEF has experienced , and the ministry has described it as “ targeted and carefully planned , ” with the purpose of gaining access to official secrets . And based on what Singaporean officials have discovered so far , the attack appears to be less like the work of regular hackers and more along the lines of sophisticated state or state-backed actors