, including PIN numbers . Verizon Communications suffered a major data leakAttack.Databreachdue to a misconfigured cloud server that exposedAttack.Databreachdata on 6 million of its customers . The leak was the result of its third-party provider NICE Systems incorrectly configuring Verizon 's cloud-based file repository housed in an Amazon Web Services S3 bucket on NICE 's cloud server , according to UpGuard , which issued a report on the breach today . Verizon customer names , addresses , account information , including account personal identification numbers ( PINs ) , were compromisedAttack.Databreach. UpGuard in its data estimated that up to 14 million customer records were exposedAttack.Databreach, but Verizon stated that data on 6 million of its users was affected . In one file alone , there were 6,000 PINs that were publicly exposedAttack.Databreach, according to Dan O'Sullivan , a cyber resilience analyst for UpGuard . What 's unique about this leakAttack.Databreachis that it was not just personal data that was publicly exposedAttack.Databreachbut also PINs , according to O'Sullivan . `` The PINs are used to identify a customer to a customer care person , '' O'Sullivan says , noting that an attacker could impersonate the user by using the PIN and then gain access to that individual 's account . Verizon issued a statement acknowledging the public exposureAttack.Databreachof its customer data , but stressed that no loss or theftAttack.Databreachof Verizon or Verizon customer information occurred . The telecom giant also noted : `` To the extent PINs were included in the data set , the PINs are used to authenticate a customer calling our wireline call center , but do not provide online access to customer accounts , '' Verizon stated . `` An employee of one of our vendors put information into a cloud storage area and incorrectly set the storage to allow external access , '' Verizon said . How it Went Down NICE was hired to help Verizon improve its residential and small business wireline self-service call center portal , according to Verizon 's statement . As part of this project , NICE needed certain data that included a limited amount of personal and cell phone number information . None of the information stored for the project included social security numbers , according to Verizon . Meanwhile , on June 8 , UpGuard 's cyber risk research director Chris Vickery came across the AWS S3 data repository and its subdomain `` verizon-sftp . '' The repository held six folders with titles spanning `` Jan-2017 '' to `` June-2017 '' and a number of other files with a .zip format . Vickery was able to fully download the repository because it was configured to be publicly accessible to anyone entering the S3 URL . Following the discovery , UpGuard contacted Verizon on June 13 to inform the telecom giant of the data leakageAttack.Databreachand then on June 22 the exposure was sealed up , according to UpGuard 's report . `` There was a fairly long duration of time before it was fixed , which is troubling , '' O'Sullivan says . Verizon is not the first company to encounter data leakageAttack.Databreachas a result of permissions set to public rather than private on Amazon 's S3 bucket . Earlier this year , UpGuard also discovered a similar situation that involved the Republican National Committee ( RNC ) , which left millions of voter records exposedAttack.Databreachon the cloud account . As in the Verizon case , the RNC relied on a third party vendor to handle its cloud storage needs and it too used Amazon 's AWS S3 . That third-party also improperly set the database to public rather than private . `` The number one thing to keep in mind if you are a CISO is evaluating your third-party vendors . You can have the best security in the world and the best visibility into your systems , but if you pass it onto a third-party vendor without checking out how well they handle their security , then you have done that all in vain , '' O'Sullivan says . `` Verizon did not own the server that was involved here , but it will own the consequences . '' Rich Campagna , CEO of Bitglass , stressed the importance of security teams ensuring services used are configured securely . `` This massive data leakAttack.Databreachcould have been avoided by using specific data-centric security tools , which can ensure appropriate configuration of cloud services , deny unauthorized accessAttack.Databreach, and encrypt sensitive data at rest , '' Campagna said in a statement .
Hard Rock Hotels & Casinos alongside Loews Hotels have warned customers that a security failure may have resulted in the theft of their information . Both incidents appear to have been linked to a third-party reservation platform , SynXis , which only begun informing client hotels of the security breach in June , months after the attacks took place . Hard Rock Hotels & Casinos issued a statement informing customers of the data breachAttack.Databreachlast week , which took place due to the Sabre Hospitality Solutions SynXis third-party reservation system . The hotel chain , which operates 176 cafes , 24 hotels and 11 casinos in 75 countries , said SynXis , the backbone infrastructure for reservations made through hotels and travel agencies , provided the avenue for data theftAttack.Databreachand the exposureAttack.Databreachof customer information . `` The unauthorized party first obtained accessAttack.Databreachto payment card and other reservation information on August 10 , 2016 , '' the hotel chain said. `` The last accessAttack.Databreachto payment card information was on March 9 , 2017 . '' Hard Rock Hotel & Casino properties in Biloxi , Cancun , Chicago , Goa , Las Vegas , Palm Springs , Panama Megapolis , Punta Cana , Rivera Maya , San Diego and Vallarta are all affected . According to Sabre , an `` unauthorized party gained accessAttack.Databreachto account credentials that permitted unauthorized accessAttack.Databreachto payment card information , as well as certain reservation information '' for a `` subset '' of reservations . The attacker was able to grabAttack.Databreachunencrypted payment card information for hotel reservations , including cardholder names , card numbers , and expiration dates . In some cases , security codes were also exposedAttack.Databreach, alongside guest names , email addresses , phone numbers , and addresses . In May , Sabre said an investigation into a possible breach was underway . In a quarterly SEC filing , the company said , `` unauthorized access has been shut off , and there is no evidence of continued unauthorized activity at this time . '' While Sabre has not revealed exactly how the system was breached , the company has hired third-party cybersecurity firm Mandiant to investigate . Loews Hotels also appears to be a victim of the same security failure . According to NBC , Sabre was also at fault and cyberattackers were able to slurpAttack.Databreachcredit card , security code , and password information through the booking portal . In some cases , email addresses , phone numbers , and street addresses were also allegedly exposedAttack.Databreach. According to Sabre , its software is used by roughly 36,000 hotel properties . `` Not all reservations that were viewed included the payment card security code , as a large percentage of bookings were made without a security code being provided , '' Sabre said in a statement . `` Others were processed using virtual card numbers in lieu of consumer credit cards . Sabre has notified law enforcement and the credit card brands as part of our investigation . '' If you stayed in one of these properties on the dates mentioned above , you may be at risk of identity theft should the attackers choose to sell their stolen cache of data . Sabre suggests signing up for a free credit report -- available to US consumers once a year for free -- and notify their bank of any stolen activity . However , no compensation has yet been made available . These hotel chains are far from the only ones that have suffered a data breachAttack.Databreachin recent years . Back in April , InterContinental admitted that a data breachAttack.Databreachfirst believed to be isolated to 12 properties actually harmed roughly 1,200 , resulting in the exposureAttack.Databreachof customer credit card data .
Payday lender Wonga appears to be the latest big-name brand to suffer a damaging data breachAttack.Databreach, after admitting over the weekend “ there may have been illegal and unauthorized accessAttack.Databreach” to customers ’ personal details . The firm was tight-lipped on how many customers might have been affected , although reports suggest it is in the region of 270,000 , most of whom are based in the UK . The short-term loans company , which charges customers over 1200 % APR , was also short on details and hedged its bets somewhat as to the cause . The firm claimed in an FAQ on the incident that it is still trying to establish the details and contact those affected . What we do know is that customer names , e-mail addresses , home addresses and phone numbers may have been compromisedAttack.Databreach, along with the last four digits of their card number and/or bank account number and sort code . It added : “ We do not believe your Wonga account password was compromisedAttack.Databreachand believe your account should be secure , however if you are concerned you should change your account password . We also recommend that you look out for any unusual activity across any bank accounts and online portals ” . Wonga also advised customers to be on the lookout for follow-up scams , both online and over the phone . The kind of information that appears to have been compromisedAttack.Databreachwould certainly provide seasoned fraudsters with enough to socially engineer targets into divulging more details such as their full card numbers . This is just the latest in a long line of breaches at big-name companies . Data from over 130,000 customers of network operator Three was illegally obtainedAttack.Databreachby fraudsters back in November . The impact to brand and reputation can be a serious blow to breached organizations . TalkTalk is said to have lost 100,000 customers and £60m as a result of a breach at the ISP . André Stewart , EMEA vice-president at Netskope , argued that coming European privacy laws will force organizations to be more accountable for their data practices . “ As a result , companies will be forced to take active measures to mitigate any threats to personal privacy , whether that data is stored on-premises or in the cloud . Any companies falling short of these standards could face hefty fines , ” he explained . “ Alongside demonstrating that they have coached employees on the GDPR and secure data handling , employers will also need to provide staff with the tools to do their jobs securely without sacrificing ease and convenience ” . Kevin Cunningham , president of SailPoint , added that staff from the board down need to be well-drilled in order to help protect sensitive customer information . “ In today ’ s market , it ’ s a matter of when , not if , a data breachAttack.Databreachwill happen . So the most important factors are prevention , education , and rapid response , ” he argued . “ When a breach does happen , it ’ s important to quickly find out how and why it occurred , assess the damage and required response , and put IT controls in place to address future attacks ”
The Intercontinental Hotels Group ( IHG ) has been forced to reveal yet another major data breachAttack.Databreachof customer card details over the latter part of 2016 . In a lengthy missive on Friday , the group explained that an unspecified number of IHG hotels run as franchises were affected between September 29 and December 29 last year . It added : “ Although there is no evidence of unauthorized accessAttack.Databreachto payment card data after December 29 2016 , confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017… `` The malware searched for track data ( which sometimes has cardholder name in addition to card number , expiration date , and internal verification code ) read from the magnetic stripe of a payment card as it was being routed through the affected hotel server . There is no indication that other guest information was affected. ” IHG-branded hotels which had implemented the firm ’ s Secure Payment Solution ( SPS ) – a point-to-point encryption ( P2PE ) payment acceptance product – are said to have been protected from the malware ’ s attempts to find card data . Although the hotel group didn ’ t explicitly mention how many outlets and/or customers may have been affected , a list of hotels impacted by the breach reveals a huge number across the US and Puerto Rico . Ilia Kolochenko , CEO of High-Tech Bridge , argued that the hotel industry remains relatively poorly secured . “ I frequently face well-known hotel brands asking to send a passport and two-sides of a credit card by email , or having their reception laptops connected to free Wi-Fis for guests , ” he explained . “ Such carelessness and negligence will unavoidably lead to huge data breachesAttack.Databreach, the majority of which will not be ever detected due to lack of technical skills and resources . Strict regulation , besides PCI DSS and the approaching GDPR , is certainly required to make hotel business safe. ” Hyatt , Marriott , Starwood and Intercontinental hotels were hit with point-of-sale malware revealed in August last year . Like the current IHG breach , it was the firms ’ card providers that alerted them , revealing a worrying lack of internal threat detection capabilities .
Northrop Grumman has admitted one of its internal portals was broken into , exposingAttack.Databreachemployees ' sensitive tax records to miscreants . In a letter [ PDF ] to workers and the California Attorney General 's office , the aerospace contractor said that between April 18 , 2016 and March 29 , 2017 , crooks infiltrated the website , allowing them to accessAttack.Databreachstaffers ' W-2 paperwork for the 2016 tax year . These W-2 forms can be used by identity thieves to claim tax rebates owed to employees , allowing the crims to pocket victims ' money . The corp sent out its warning letters on April 18 , the last day to file 2016 tax returns . `` The personal information that may have been accessedAttack.Databreachincludes your name , address , work email address , work phone number , Social Security number , employer identification number , and wage and tax information , as well as any personal phone number , personal email address , or answers to customized security questions that you may have entered on the W-2 online portal , '' the contractor told its employees . The Stealth Bomber maker says it will provide all of the exposed workers with three years of free identity-theft monitoring services . Northrop Grumman has also disabled access to the W-2 portal through any method other than its internal single sign-on tool . The aerospace giant said it farmed out its tax portal to Equifax Workforce Solutions , which was working with the defense giant to get to the bottom of the intrusion . `` Promptly after confirming the incident , we worked with Equifax to determine the details of the issue , '' Northrop told its teams . `` Northrop Grumman and Equifax are coordinating with law enforcement authorities to assist them in their investigation of recent incidentsAttack.Databreachinvolving unauthorized actors gaining accessAttack.Databreachto individuals ’ personal information through the W-2 online portal . '' According to Equifax , the portal was accessedAttack.Databreachnot by hackers but by someone using stolen login details . `` We are investigating alleged unauthorized accessAttack.Databreachto our online portal where a person or persons using stolen credentials accessedAttack.DatabreachW-2 information of a limited number of individuals , '' an Equifax spokesperson told El Reg on Monday . `` Based on the investigation to date , Equifax has no reason to believe that its systems were compromisedAttack.Databreachor that it was the source of the information used to gain accessAttack.Databreachto the online portal . ''
Breaches involving major players in the hospitality industry continue to pile up . Today , travel industry giant Sabre Corp. disclosed what could be a significant breachAttack.Databreachof payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments . In a quarterly filing with the U.S. Securities and Exchange Commission ( SEC ) today , Southlake , Texas-based Sabre said it was “ investigating an incident of unauthorized accessAttack.Databreachto payment information contained in a subset of hotel reservations processed through our Hospitality Solutions SynXis Central Reservations system. ” According to Sabre ’ s marketing literature , more than 32,000 properties use Sabre ’ s SynXis reservations system , described as an inventory management Software-as-a-Service ( SaaS ) application that “ enables hoteliers to support a multitude of rate , inventory and distribution strategies to achieve their business goals. ” Sabre said it has engaged security forensics firm Mandiant to support its investigation , and that it has notified law enforcement . “ The unauthorized access has been shut off and there is no evidence of continued unauthorized activity , ” reads a brief statement that Sabre sent to affected properties today . “ There is no reason to believe that any other Sabre systems beyond SynXis Central Reservations have been affected. ” Sabre ’ s software , data , mobile and distribution solutions are used by hundreds of airlines and thousands of hotel properties to manage critical operations , including passenger and guest reservations , revenue management , flight , network and crew management . Sabre also operates a leading global travel marketplace , which processes more than $ 110 billion of estimated travel spend annually by connecting travel buyers and suppliers . Sabre told customers that it didn ’ t have any additional details about the breach to share at this time , so it remains unclear what the exact cause of the breach may be or for how long it may have persisted . A card involving traveler transactions for even a small percentage of the 32,000 properties that are using Sabre ’ s impacted technology could jeopardize a significant number of customer credit cards in a short amount of time . The news comes amid revelations about a blossoming breach at Intercontinental Hotel Group ( IHG ) , the parent company that manages some 5,000 hotels worldwide , including Holiday Inn and Holiday Inn Express . KrebsOnSecurity first reported in December 2016 that cards used at IHG properties were being sold to fraudsters , but it took until February 2017 for IHG to announce it had found malicious software installed at front-desk systems at just a dozen of its properties . On April 18 , IHG disclosed in an update on the investigation that more than 1,200 properties were affected , and that there could well be more added in the coming days . According to Verizon ‘ s latest annual Data Breach Investigations Report ( DBIR ) , malware attacks on point-of-sale systems used at front desk and hotel restaurant systems “ are absolutely rampant ” in the hospitality sector . Accommodation was the top industry for point-of-sale intrusions in this year ’ s data , with 87 % of breaches within that pattern . “ Apparently , it is not only The Eagles that are destined for a long stay at the hotel , ” Verizon mused in its report . “ The hackers continue to be checked in indefinitely as well . Breach timelines continue to paint a rather dismal picture—with time-to-compromise being only seconds , time-to-exfiltration taking days , and times to discovery and containment staying firmly in the months camp. ” Card-stealing cyber thieves have broken into some of the largest hotel chains over the past few years . Hotel brands that have acknowledged card breachesAttack.Databreachover the last year after prompting by KrebsOnSecurity include Kimpton Hotels , Trump Hotels ( twice ) , Hilton , Mandarin Oriental , and White Lodging ( twice ) . Card breachesAttack.Databreachalso have hitAttack.Databreachhospitality chains Starwood Hotels and Hyatt . In many of those incidents , thieves planted malicious software on the point-of-sale devices at restaurants and bars inside of the hotel chains . Point-of-sale based malware has driven most of the credit card breachesAttack.Databreachover the past two years , including intrusions at Target and Home Depot , as well as breachesAttack.Databreachat a slew of point-of-sale vendors . The malicious code usually is installed via hacked remote administration tools . Once the attackers have their malware loaded onto the point-of-sale devices , they can remotely captureAttack.Databreachdata from each card swiped at that cash register . Thieves can then sell that data to crooks who specialize in encoding the stolen data onto any card with a magnetic stripe , and using the cards to purchase high-priced electronics and gift cards from big-box stores like Target and Best Buy . Readers should remember that they ’ re not liable for fraudulent charges on their credit or debit cards , but they still have to report the unauthorized transactions . There is no substitute for keeping a close eye on your card statements . Also , consider using credit cards instead of debit cards ; having your checking account emptied of cash while your bank sorts out the situation can be a hassle and lead to secondary problems ( bounced checks , for instance ) .
OneLogin , an online service that lets users manage logins to sites and apps from a single platform , says it has suffered a security breachAttack.Databreachin which customer data was compromisedAttack.Databreach, including the ability to decrypt encrypted data . Headquartered in San Francisco , OneLogin provides single sign-on and identity management for cloud-base applications . OneLogin counts among its customers some 2,000 companies in 44 countries , over 300 app vendors and more than 70 software-as-a-service providers . A breachAttack.Databreachthat allowed intruders to decrypt customer data could be extremely damaging for affected customers . After OneLogin customers sign into their account , the service takes care of remembering and supplying the customer ’ s usernames and passwords for all of their other applications . In a brief blog post Wednesday , OneLogin chief information security officer Alvaro Hoyos wrote that the company detected unauthorized accessAttack.Databreachto OneLogin data . “ Today we detected unauthorized accessAttack.Databreachto OneLogin data in our US data region . We have since blocked this unauthorized access , reported the matter to law enforcement , and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident . We want our customers to know that the trust they have placed in us is paramount. ” “ While our investigation is still ongoing , we have already reached out to impacted customers with specific recommended remediation steps and are actively working to determine how best to prevent such an incident from occurring in the future and will update our customers as these improvements are implemented. ” OneLogin ’ s blog post includes no other details , aside from a reference to the company ’ s compliance page . The company has not yet responded to request for comment . However , Motherboard has obtained a copy of a message OneLogin reportedly sent to its customers about the incident , and that missive contains a critical piece of information : “ Customer data was compromisedAttack.Databreach, including the ability to decrypt encrypted data , ” reads the message OneLogin sent to customers . According to Motherboard , the message also directed customers to a list of required steps to minimize any damage from the breach , such as generating new API keys and OAuth tokens ( OAuth being a system for logging into accounts ) , creating new security certificates as well as credentials ; recycling any secrets stored in OneLogin ’ s Secure Notes feature ; and having end-users update their passwords . Gartner Inc. financial fraud analyst Avivah Litan said she has long discouraged companies from using cloud-based single sign-on services , arguing that they are the digital equivalent to an organization putting all of its eggs in one basket . “ It ’ s just such a massive single point of failure , ” Litan said . “ And this breach shows that other [ cloud-based single sign-on ] services are vulnerable , too . This is a big deal and it ’ s disruptive for victim customers , because they have to now change the inner guts of their authentication systems and there ’ s a lot of employee inconvenience while that ’ s going on. ” KrebsOnSecurity will likely update this story throughout the day as more details become available . “ Our review has shown that a threat actor obtained accessAttack.Databreachto a set of AWS keys and used them to access the AWS API from an intermediate host with another , smaller service provider in the US . Evidence shows the attack started on May 31 , 2017 around 2 am PST . Through the AWS API , the actor created several instances in our infrastructure to do reconnaissance . OneLogin staff was alerted of unusual database activity around 9 am PST and within minutes shut down the affected instance as well as the AWS keys that were used to create it. ” “ The threat actor was able to accessAttack.Databreachdatabase tables that contain information about users , apps , and various types of keys . While we encrypt certain sensitive data at rest , at this time we can not rule out the possibility that the threat actor also obtained the ability to decrypt data . We are thus erring on the side of caution and recommending actions our customers should take , which we have already communicated to our customers . ”
OneLogin , an online service that lets users manage logins to sites and apps from a single platform , says it has suffered a security breachAttack.Databreachin which customer data was compromisedAttack.Databreach, including the ability to decrypt encrypted data . Headquartered in San Francisco , OneLogin provides single sign-on and identity management for cloud-base applications . OneLogin counts among its customers some 2,000 companies in 44 countries , over 300 app vendors and more than 70 software-as-a-service providers . A breachAttack.Databreachthat allowed intruders to decrypt customer data could be extremely damaging for affected customers . After OneLogin customers sign into their account , the service takes care of remembering and supplying the customer ’ s usernames and passwords for all of their other applications . In a brief blog post Wednesday , OneLogin chief information security officer Alvaro Hoyos wrote that the company detected unauthorized accessAttack.Databreachto OneLogin data . “ Today we detected unauthorized accessAttack.Databreachto OneLogin data in our US data region . We have since blocked this unauthorized access , reported the matter to law enforcement , and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident . We want our customers to know that the trust they have placed in us is paramount. ” “ While our investigation is still ongoing , we have already reached out to impacted customers with specific recommended remediation steps and are actively working to determine how best to prevent such an incident from occurring in the future and will update our customers as these improvements are implemented. ” OneLogin ’ s blog post includes no other details , aside from a reference to the company ’ s compliance page . The company has not yet responded to request for comment . However , Motherboard has obtained a copy of a message OneLogin reportedly sent to its customers about the incident , and that missive contains a critical piece of information : “ Customer data was compromisedAttack.Databreach, including the ability to decrypt encrypted data , ” reads the message OneLogin sent to customers . According to Motherboard , the message also directed customers to a list of required steps to minimize any damage from the breach , such as generating new API keys and OAuth tokens ( OAuth being a system for logging into accounts ) , creating new security certificates as well as credentials ; recycling any secrets stored in OneLogin ’ s Secure Notes feature ; and having end-users update their passwords . Gartner Inc. financial fraud analyst Avivah Litan said she has long discouraged companies from using cloud-based single sign-on services , arguing that they are the digital equivalent to an organization putting all of its eggs in one basket . “ It ’ s just such a massive single point of failure , ” Litan said . “ And this breach shows that other [ cloud-based single sign-on ] services are vulnerable , too . This is a big deal and it ’ s disruptive for victim customers , because they have to now change the inner guts of their authentication systems and there ’ s a lot of employee inconvenience while that ’ s going on. ” KrebsOnSecurity will likely update this story throughout the day as more details become available . “ Our review has shown that a threat actor obtained accessAttack.Databreachto a set of AWS keys and used them to access the AWS API from an intermediate host with another , smaller service provider in the US . Evidence shows the attack started on May 31 , 2017 around 2 am PST . Through the AWS API , the actor created several instances in our infrastructure to do reconnaissance . OneLogin staff was alerted of unusual database activity around 9 am PST and within minutes shut down the affected instance as well as the AWS keys that were used to create it. ” “ The threat actor was able to accessAttack.Databreachdatabase tables that contain information about users , apps , and various types of keys . While we encrypt certain sensitive data at rest , at this time we can not rule out the possibility that the threat actor also obtained the ability to decrypt data . We are thus erring on the side of caution and recommending actions our customers should take , which we have already communicated to our customers . ”
GameStop customers received breachAttack.Databreachnotification warnings this week , cautioning them that their personal and financial information could have been compromisedAttack.Databreachnine months ago . According to postal letters sent to customers , GameStop said an undisclosed number of online customers had their credit card or bankcard data stolenAttack.Databreach, including the card numbers , expiration dates , names , addresses and the three-digit card verification values ( CVV2 ) . The breachAttack.Databreachoccurred between Aug 10 , 2016 to Feb 9 , 2017 , according to GameStop . In April , the company publicly acknowledged the breach . But , it wasn ’ t until last week that affected customers were individually notified that their cards were likely stolenAttack.Databreach. “ I ’ m pretty upset at GameStop . I should have been notified when they knew about it in April , ” said GameStop customer Ryan Duff , a former cyber operations tactician at U.S. Cyber Command . As a security professional , he said he expected better of GameStop when it came to notifying him of a possible breachAttack.Databreachof his credit card information . Subsequently , Duff said , the card used on GameStop.com back in November had been compromisedAttack.Databreach, according to his bank . “ There is no way it should have taken months to be notified , ” he said . Breach notification laws differ from state to state . But many states , such as Massachusetts , mandate victims be notified “ as soon as practicable and without unreasonable delay ” or the company may face civil penalties . The rules are there , in part , to allow for consumers to freeze accounts and avoid paying fees associated with having their card stolen . “ After receiving a report that data from payment card used on www.GameStop.com may have been obtainedAttack.Databreachby unauthorized individuals , we immediately began an investigation and hired a leading cybersecurity firm to assist us , ” wrote J. Paul Raines , chief executive officer of GameStop in a letter dated June 2 that was sent sent to impacted customers . “ Although the investigation did not identify evidence of unauthorized accessAttack.Databreachto payment card data , we determined on April 18 , 2017 that the potential for what to have occurred existed for certain transactions , ” he wrote . GameStop operates 7,500 retail stores and its consumer product network online includes GameStop.com , game site Kongregate.com and online retailer ThinkGeek . No retail customers were impacted by the breach , according to the company . “ GameStop identified and addressed a potential security incident that was related to transactions made on GameStop ’ s website during a specific period of time , ” the company said in a statement provided to Threatpost . “ GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take. ” Still unknown about the breachAttack.Databreachare how many customers may have been impacted , how was the data stolenAttack.Databreachand how was GameStop alerted to the fact the data had been stolenAttack.Databreach. In April , GameStop issued the statement : “ GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. ” Krebs on Security reported in April that GameStop had received an alert from a credit card processor stating that its website was potentially comprised . Originally , it was believed that the breachAttack.Databreachinvolved GameStop retail stores and that the company ’ s point-of-sale system may have been infected with malware . That was because the breachAttack.Databreachoccurred at the height of the holiday sales season and that stolen data included card verification values ( CVV2 ) . Online merchants are not supposed to store CVV2 codes on their e-commerce sites . However , since GameStop said no retail customers were impacted , it is now believed that GameStop.com was hacked and that the data was stolenAttack.Databreachthrough the use of malware . Over the past 12 months , there has been an unprecedented number of data breachesAttack.Databreach. Some of those impacted have been ecommerce sites running vulnerable versions of Magento and WordPress and ecommerce platforms Powerfront CMS and OpenCart . Criminals have used a number of techniques to siphonAttack.Databreachoff credit card data from these sites ranging from compromised ecommerce plugins that can perform reflected XSS ( cross-site scripting ) attacks , web-based keyloggers , and DOM-based XSS attacks . Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script .
PhishingAttack.Phishingand other hacking incidents have led to several recently reported large health data breachesAttack.Databreach, including one that UConn Health reports affected 326,000 individuals . In describing a phishing attackAttack.Phishing, UConn Health says that on Dec 24 , 2018 , it determined that an unauthorized third party illegally accessedAttack.Databreacha limited number of employee email accounts containing patient information , including some individuals ' names , dates of birth , addresses and limited medical information , such as billing and appointment information . The accounts also contained the Social Security numbers of some individuals . Several other healthcare entities also have recently reported to federal regulators data breachesAttack.Databreachinvolving apparent phishingAttack.Phishingand other email-related attacks . `` All of these incidents speak to the rampant attacks we are seeing across healthcare , and yet organizations are still not investing enough in protection or detection , '' says Mac McMillan , CEO of security consulting firm CynergisTek . UConn Health , an academic medical center , says in a media statement that it identified approximately 326,000 potentially impacted individuals whose personal information was contained in the compromisedAttack.Databreachemail accounts . For approximately 1,500 of these individuals , this information included Social Security numbers . `` It is important to note that , at this point , UConn Health does not know for certain if any personal information was ever viewed or acquiredAttack.Databreachby the unauthorized party , and is not aware of any instances of fraud or identity theft as a result of this incident , '' the statement notes . `` The incident had no impact on UConn Health 's computer networks or electronic medical record systems . '' UConn Health is offering prepaid identity theft protection services to individuals whose Social Security numbers may be impacted . The organization says it has notified law enforcement officials and retained a forensics firm to investigate the matter . Once the U.S.Department of Health and Human Services confirms the details , the attackAttack.Databreachon UConn Health could rank as the second largest health data breachAttack.Databreachreported so far this year , based on a snapshot of its HIPAA Breach Reporting Tool website on Monday . The largest health data breachAttack.Databreachrevealed so far this year , but not yet added to the tally , affected University of Washington Medicine . UW Medicine says a misconfigured database left patient data exposedAttack.Databreachon the internet for several weeks last December , resulting in a breachAttack.Databreachaffecting 974,000 individuals . Several other phishingAttack.Phishingand hacking incidents have been added to the HHS `` wall of shame '' tally in recent weeks . Among those is a hacking incident impacting 40,000 individuals reported on Feb 1 by Minnesota-based Reproductive Medicine and Infertility Associates . In a statement , the organization notes that on Dec 5 , 2018 , it discovered it had been the target of a `` criminal malware attack . '' An RMIA practice manager tells Information Security Media Group that independent computer forensics experts removed the malware , but did not definitively determine how the malware infection was launched . The practice suspects the malware was likely embedded in an email attachment , he says . RMIA 's statement notes that while the investigation did not identify any evidence of unauthorized accessAttack.Databreachto anyone 's personal information , `` we unfortunately could not completely rule out the possibility that patients ' personal information , including name , address , date of birth , health insurance information , limited treatment information and , for donors only , Social Security number , may have been accessibleAttack.Databreach. '' In the aftermath of the incident , RMIA says it 's adding another firewall , requiring changes to user credentials/passwords , implementing dual-factor authentication and providing additional staff training regarding information security . '' Also reporting a hacking incident in recent weeks was Charleston , S.C.-based Roper St.Francis Healthcare , which operates several hospitals in the region . The attack was reported as impacting nearly 35,300 individuals . In a Jan 29 statement , the entity says that on Nov 30 , 2018 , it learned that an unauthorized actor may have gained accessAttack.Databreachto some of its employees ' email accounts between Nov 15 and Dec 1 , 2018 , `` Our investigation determined that some patient information may have been contained in the email accounts , patients ' names , medical record numbers , information about services they received from Roper St.Francis , health insurance information , and , in some cases , Social Security numbers and financial information , '' the statement says . For those patients whose Social Security number was potentially exposedAttack.Databreach, the organization is offering prepaid credit monitoring and identity protection services . `` To help prevent something like this from happening again , we are continuing education with our staff on email protection and enhancing our email security , '' Roper St. Francis says . As phishingAttack.Phishingcontinues to menace healthcare entities , covered entities and business associates need to keep up with their defenses , some experts note . `` Phishing techniques have become more sophisticated than in the past , '' note Kate Borten , president of security and privacy consulting firm The Marblehead Group . `` Workforce training should include simulated phishing attacksAttack.Phishingto make people better prepared to recognize and thwart a real attack . '' To help mitigate breach risks , organizations should be deploying next-generation firewalls and multifactor authentication , plus employing advanced malware detection solutions , McMillan says . Too many organizations are overlooking the value of multifactor authentication , Borten adds . `` Two-factor user authentication was intended to be required over the internet and public networks in the proposed HIPAA Security Rule , '' she notes . `` Unfortunately , since that requirement was dropped in the final rule , healthcare is lagging on multifactor authentication , which is easier now than ever to implement . '' But McMillan advises healthcare organizations to avoid using multifactor authentication systems that use SMS to transmit a one-time password because those messages can be interceptedAttack.Databreach. `` The software- or hardware-based solutions are preferred , '' McMillan says . So what other technologies or best practices should covered entities and business associates consider to prevent falling victim to phishingAttack.Phishingand other attacks ? `` Unfortunately we have n't seen any silver bullets here yet , but one thing we might want to begin exploring is just what an attacker has accessAttack.Databreachto when they compromiseAttack.Databreacha user 's account , '' McMillan notes . `` All too often , we hear that the accounts compromisedAttack.Databreachhad incredibly large numbers of emails immediately accessibleAttack.Databreachto the attacker . The question is , are their better ways to deal with retention that mitigate risk as well ? ''