Breach Brief – T-Mobile, Elasticsearch, Church’s Chicken

Published On November 26, 2019 | By Tom Huskerson | Breach Briefs, News and Analysis

Cell carrier T-Mobile reported a data breach affecting its pre-paid customers. According to T-Mobile the data breach took place on its network sometime in early November and is affecting less than 1.5 percent of its customers. But that is no small number and equates to roughly a million customers.

Although passwords and Social Security numbers were not lost other important information was. The breached data includes customer name, billing address, phone number, account number, and details of your T-Mobile rate plan. The information is easily enough to get access to your account by impersonating you. Cyber criminals could use the information to perform a SIM swapping attack.

T-Mobile is notifying the customers affected. If you receive a notification the company recommends either confirming or updating your account’s PIN by dialing 611 from your T-Mobile device. You can also reach customer service by dialing 1-800-TMOBILE from any phone.

Elasticsearch

Another helluva of data leak has occurred and the numbers will stagger you. Try one billion records belonging to at least two different companies.

The two companies, People Data Labs and OxyData, are known as data enrichment or aggregation providers. They sell access to massive stores of data merged from multiple third-party sources. The data is used by companies to expand their knowledge and insight into potential and current customers. The companies also provide data on millions of businesses.

The exposed data was found by Bob Diachenko and Vinny Troia in mid-October. The two men found a completely unsecured Elasticsearch server holding over four billion user accounts among 4TB of data.

Troia, chief of threat intelligence at DataViper.io said, “A total count of unique people across all data sets reached more than 1.2 billion people, making this one of the largest data leaks from a single source organization in history. The leaked data contained names, email addresses, phone numbers, LinkedIn and Facebook profile information.”

In total around 622 million unique email addresses associated with People Data Labs and OxyData were found exposed. OxyData’s information appeared to have been a complete harvest from LinkedIn accounts.

Church’s Chicken

Church’s Chicken has reported a breach of its payment systems. Cajun Operating Company, commonly known as Church’s Chicken or Church’s, operates a string of restaurants in the United States and throughout the world.

The fast food chain is investigating after suspicious behavior on its systems was detected at the end of October. According to the company any previous unauthorized third-party access that may have occurred has been halted. In a statement released on its website, the company said that the possible breach would only impact some of the company-owned restaurants in the United States.

The data breach seems to confined to the southern United States and a list of 130 restaurants in Alabama, Arkansas, Florida, Georgia, Illinois, Louisiana, Mississippi, Missouri, South Carolina, Tennessee, and Texas that may have been impacted has been published by the company on its website. 

In a statement a company spokesperson said, “Our company immediately retained a leading cybersecurity forensics firm to help us contain and remediate the activity, and launch an investigation to determine the extent to which information in Church’s systems may have been impacted. In addition, we are continuing to cooperate with federal law enforcement and have notified payment card networks and credit monitoring agencies.” 

The investigation into a possible breach is continuing. The company is trying to determine which restaurants may have been involved and when the incidents may have occurred. The company has not specified how many customers have been affected or what information was lost.

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle.com. Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *