Tag Archives: personal information

Breach Brief – T-Mobile

Mobile phone service provider T-Mobile has announced a data breach of its customer information.

According to a post on  the carrier’s website  the hack was discovered on August 20 by its cybersecurity team. The team shut down unauthorized access to certain information and T-Mobile quickly reported the incident to authorities. T-Mobile reported that the attackers did not get access to financial information, social security numbers, or passwords. However  the company did admit that some personal information may have been compromised including name, billing zip code, phone number, email address, account number and account type.

In a statement T-Mobile said, “Out of an abundance of caution, we wanted to let you know about an incident that we recently handled that may have impacted some of your personal information. We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access. We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you.”

T-Mobile did not report any exact number of customers affected by the breach.  But a spokesperson for the company told Motherboard that it impacted roughly  “3 percent” of its 77 million customers amounting to around two million people. “Fortunately not many,” the spokesperson said in a text message, adding she could not say the exact number, reported Motherboard.

T-Mobile is the third largest cell service provider in the U.S. with 77 million customers. The company has about half the customers of Verizon and AT&T  with 152 million and 147 million customers respectively.

Breach Brief – SunTrust Bank

SunTrust Bank has reported a data breach that may have compromised the personal information of up to 1.5 million customers. According to reports the bank believes a former employee may have stolen customer information to give to a criminal third party.

SunTrust first became aware of improper access to customer records in February. An internal investigation implicated the ex-employee for the alleged theft. According to the Wall Street Journal the employee tried to print the records and share them with a “criminal third party.”

According to SunTrust the names, addresses, phone numbers and account balances of 1.5 million customers were breached. However the bank does not believe that Social Security numbers, account numbers, passwords, and driver’s license information were accessed. SunTrust also stated that there’s no indication that fraudulent activity has occurred with the affected accounts.

The bank has begun  the process of contacting customers whose info may have been compromised. SunTrust is also planing to provide free identity protection to all its customers whether they have been impacted by the breach or not. 

SunTrust customers can go to this website to see if they are affected by the breach.

The incident is under investigation and the bank continues to work closely with law enforcement and outside experts.

Breach Brief – Best Buy, Delta, Sears, K-Mart

Delta Airlines, Sears, Kmart and Best Buy and others have all been hit with a data breach that is connected with  Indian Company [24]7.ai. According to a statement from the company, it “discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified.”  The incident took place Sept. 26 and was finally shut down on Oct. 12, 2017. The company has notified notified law enforcement.

[24]7.ai claims the breach affected a small number of clients but, in reality, that small number contains some the biggest, most well known, companies in the U.S. and the world.

[24]7.ai is a third party vendor that provides online and mobile chat services. According to CNET in addition to the above mentioned companies other big name companies potentially impacted by the breach include Hilton, AT&T, Citi, American Express, eBay and Farmers Insurance. Both American Express and Farmers Insurance have confirmed they were unaffected by the breach.

According to Sears, owners of K-Mart, unauthorized access to customer payment information was limited to less than 100,000 of its customer’s credit card information. Sears says there was no evidence that stores were compromised or that any internal Sears systems were inappropriately accessed.

Delta airlines, among the worlds largest, reported that certain customer payment information may have been accessed but denied other customer personal information, such as passport, government ID, security or SkyMiles information was impacted. “As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function.”  But Delta also stated that it can’t confirm if customer data was actually compromised. Delta is continuing its investigation and has launched a dedicated website to provide the latest developments to customers.

Delta stated that software used by [24]7.ai may have exposed the payment information of as many as several hundred thousand customers using Delta’s PC-accessed website. The company is especially concerned because customers didn’t have to interact with the chat tool to be hit by the hack.

According to Delta customer information compromised includes names, addresses, payment card numbers, CVV numbers, and expiration dates. Customers using the Delta’s Wallet service are considered safe as the malware could only grab information entered on the screen. Delta Wallet “masks” this sensitive information.

Electronic retailers Best Buy also acknowledged  it was hit by the same data breach related to [24]7.ai. In a blog post Best Buy said that [24]7.ai  had informed the company that an “illegal intrusion” had occurred between September 27 and October 12, 2017. Best Buy says it will inform affected customers directly and they will not be liable for fraudulent charges. It will also offer free credit monitoring.

 

 

Breach Brief – U.S. Government, TimeWarner Cable, Instagram,

U.S. Government

The personal information of thousands of U.S. citizens and employees holding security clearances up to Top Secret have been compromised.

The security breach was revealed by Chris Vickery Director of cyber risk research firm UpGuard.  Vickery found the information of over 9,000 job application files on an un-secure Amazon Web Services S3 storage server that required no password to access.

The data included details about the past duties and responsibilities of thousands of federal employees. It is unclear if these people continue to work for the government, the U.S. Department of Defense and other agencies in the U.S. intelligence community.

Even so the information is extremely sensitive including personal information such as social security numbers, driver’s license and passport numbers, home addresses and other contact details. A leak of this magnitude represents a significant security failure that comes after a major government Office of Personnel Management (OPM) data breach in 2015.

TigerSwan, a US-based private security firm has pointed the finger of blame at TalentPen, a third-party vendor contracted by the company to process new job applicants.

In a statement Tiger Swan said, “We learned that our former recruiting vendor TalentPen used a bucket site on Amazon Web Services for the transfer of resumes to our secure server but never deleted them after our login credentials expired. Since we did not control or have access to this site, we were not aware that these documents were still on the web, much less, were publicly facing.

Among the hundreds of exposed files UpGuard discovered were the resumes of people with Top Secret U.S. security clearances, other documents revealed details about Iraqi and Afghan nationals who cooperated with U.S. forces. Some of those exposed by this data breach were involved in highly classified military operations. To add insult to injury UpGuard stated that the highly sensitive information remained exposed even after it notified TigerSwan about the leak.

TimeWarner Cable

Spectrum Communications,  owner of TimeWarner Cable, announced a data breach affecting the records of 4 million former customers.  TimeWarner Cable (TWC) customer’s data were left unsecured on a cloud server last month. TWC and said there is no evidence of illegal activity on its former customer’s accounts. The company did however urge subscribers using the MyTWC app to change their user names and passwords as a precaution.

TimeWarner Cable provides cable television service to major metropolitan areas including New York, Boston, Chicago, St. Louis and major part of the Carolinas and throughout the country.

The breach was uncovered by a third party firm attempting to resolve a data breach at another company. According to reports, BroadSoft, a TWC partner and global communications provider may have accidentally configured an Amazon Web Services server to allow public access.

According to Bob Diachenko, chief communications officer at security vendor Kromtech, the error exposed over 600GB of sensitive data to the public internet.

“It is most likely that they were forgotten by engineers and never closed the public configuration. This would allow anyone with an Internet connection to access extremely sensitive documents,” he said.

Instagram

A hack originally intended to target celebrities has instead impacted over six million Instagram user accounts.
Instagram sent out warnings of the hack after singer, Selena Gomez, appeared to be one of the first celebrity compromised. Hackers used a bug in the application programming interface (API), to access phone numbers and email addresses.

The news of the hack came after Instagram assured it users on August 30th that only celebrity accounts were targeted.

Instagram CTO, Mike Krieger released a statement acknowledging the scale of the breach; “We care deeply about the safety and security of the Instagram community, so we want to let you know that we recently discovered a bug on Instagram that could be used to access some people’s email address and phone number even if they were not public.”

Originally Instagram stated that only a “low percentage” of accounts were affected but quickly back tracked when hackers refuted the information. Instagram, which is owned by Facebook, then advised users how to protect themselves from such an attack. “Additionally, we’re encouraging you to report any unusual activity through our reporting tools,” Instagram said.

Some reports indicate that one of the accounts compromised includes that of President Donald Trump. That account is operated by White House social media team.

ALERT! – Cloudflare Discovers Major Bug – ALERT!

Cloudflare, a content delivery and security service, announced a major bug has been discovered that may have exposed users sensitive data on millions of websites. The bug, dubbed ‘Cloudbleed’, was discovered in Cloudflare’s content optimization systems. Exposed data includes passwords, session cookies, authentication tokens and even private messages. The consequences are considerd extremely dangerous. Web users are urged to change their passwords on ALL websites immediately!

You may not have heard of  Cloudflare but it is one of the world’s largest Internet security companies. Cloudflare’s technology is running on millions of websites and in Fortune 500 compnaies. Cloudflare describes itself as a “web performance and security company.”

Cloudfare’s systems modifies HTML pages passing through its servers in order to rewrite HTTP links to HTTPS. This process hides certain content from bots, conceals email addresses, enables Accelerated Mobile Pages (AMP) and more. Cloudflare’s clients include huge companies like Uber, OKCupid,  FitBit and 1Password. 1Password claims its user data is safeBut with the millions of websites using the service it makes this bug an extremely serious threat.  The result is that massive amounts of sensitive data has potentially been compromised.

The data leak was accidently discovered on February 18th by Google security engineers. They immediately alerted Cloudflare. The company responded by quickly assembling an incident response team and shut down the feature causing most of the data leakage within hours. By the 2oth a complete fix was in place. The rest of the time, until the incident was publicly revealed, Cloudflare worked with search engines like Yahoo! Bing and Google to remove the sensitive data from their caches.

According to a blog post from John Graham-Cumming, Cloudflare’s CTO, the leaks could have been going on since September 22. However the period of greatest impact was between February 13 and February 18, when the email obfuscation feature was being migrated. Cloudflare estimates that around one in every 3.3 million HTTP requests that passed through its system potentially resulted in memory leakage.  That equals roughly 0.00003 percent of all requests.

But that does not negate the seriousness of the data leak. Sites that don’t use Cloudflare’s service, but have a lot of Cloudflare users, might have compromised data on their servers. This means the problem has spread all over the Internet. 

In an interview with Gizmodo Cloudflare CEO and co-founder Matthew Prince said, “This is a big deal for us. This is a really bad bug. This is something that our customers should be very cognizant of and should take very seriously.”

Everybody that uses any website is strongly urged to change your passwords immediately. As in right now!

 

ALERT! – Amazon Email Scam – ALERT!

amazon-logoCyber criminals are sending out fake Amazon emails telling you that there is a problem with your order.

Customers are being told to resolve the problem by clicking on a link to confirm certain information. The scam warns victims failure to do so will freeze their Amazon account. 

The email directs people to a replica Amazon website. These websites are excellent forgeries and can fool even experts. It makes it very easy to fall for the scam.

Once on the fake website the customer/victim is asked to input personal information. When customers/victims have entered in their details, they are asked to click a ‘Save & Continue’ button. This then takes them to Amazon’s official website making it even more difficult for most people to suspect or detect any fraudulent activity.

Don’t fall for this scam. If you receive this email contact Amazon customer support to check your account. Do not click on any link in the email and don’t use the phone number in the email. That could be the scammer as well. Even if the email is real you are better off being safe than sorry. You can learn more about this scam and how to protect yourself by visiting Get Safe Online.

Breach Brief – Newkirk Solutions, Bon Secours

canstockphoto24985079The largest data breach of 2016 so far has hit a data server operated by Albany, N.Y. based Newkirk Products. Newkirk Products is a third-party vendor providing health insurance ID cards for the health care industry. According to Newkirk the breach was discovered on July 6th but actually occured on May 21st. Newkirk shut down the affected server and is working with forensic investigators to analyze the extent of the breach.

Data belonging to over 3.3 million people across the U.S including 277,000 Blue Cross and Blue Shield customers in North Carolina have been compromised.

According to Newkirk the server did not contain the most sensitive customer information like Social Security numbers, banking or credit card information, medical information or insurance claims. However information found on Blue Cross’s Medicare ID cards includes customer name, mailing address, type of plan, and member and group ID number maybe compromised. In a press release dated August 5th, Newkirk admitted hackers has gained unauthorized access to a server containing names, mailing addresses, plan types, member and group ID numbers, dependent names, primary care providers, dates of birth, premium invoice information, and Medicaid ID numbers. 

Customers affected by the breach will receive letters from Newkirk explaining the attack and offering two years of free identity pretection and restoration service. Blue Cross is instructing customers to check their accounts for suspicious activity. These customers are insured by a dozen organizations, including Blue Cross organizations in Kansas City as well as western and northeastern New York.

Currently there is no evidence that any of the personal information obtained in the attack has been misused. However Newkirk is urging affected customers to monitor their account statements and medical bills for suspicious activity.

For additional information customers are advised to call 855-303-9773 or go to http://newkirkproductsfacts.com.

 

Bon Secours

logo-bon-secoursBon Secours Health Systems of Richmond, VA is notifying approximately 655,000 of its patients that their information may have been compromised during an incident with a contractor in April. 

R-C Healthcare Management, a company doing work for Bon Secours accidently left files containing patient information accessible via the Internet while attempting to adjust their network settings from April 18th to April 21st. Bon Secours staff members discovered the error on June 14th  and they immediately notified R-C Healthcare to secure the files.

Information possibly compromised in the exposure include files that may have included patient name, health insurer’s name, health insurance identification number, social security number and limited clinical information.

A spokesperson for Bon Secours says 435,000 patients were affected in Virginia and an uknown number in South Carolina and Kentucky.

R-C Healthcare CEO said in a statement, “Upon learning of the incident R-C promptly hired a highly regarded outside forensic investigator. The investigator confirmed the incident has been fully remediated. All R-C customers who might be affected have been notified of the situation and its resolution. “

Bon Secours custmers affected by the data exposure have been sent a letter notifying them of the breach. Any patients with concerns or questions may call toll free at 1-888-522-8917, 9 a.m. – 9 p.m. EST, Monday-Friday.

See also: The real reason hackers want your medical records.

 

 

 

 

Tax Season 2016 – Hackers Attack IRS

irs-logoHackers are hell bent on stealing tax refunds. On Tuesday the IRS announced an attack that occurred last month in which cyber criminals were able to steal taxpayer identification numbers before the Internal Revenue Service detected and shut down the attack. Hackers stole customer “Electronic Filing PINs,” meant to ensure information security. These PINs would enable hackers to file fraudulent tax returns.

More and more Americans are filing their taxes online. Officials expect 80 percent of the 150 million returns will be filed online this tax season. As a result the number of attempts by hackers to file fake returns and steal tax refunds is on the rise.

In a statement the IRS said that the hackers used a sophisticated automated software that used more than 450,000 stolen Social Security numbers to try to generate e-filing PINs. Even though the attack was stopped they were successful in securing about 100,000 PINS.

According to the IRS the SSN’s were “stolen elsewhere outside the IRS.” The agency added, “no personal taxpayer data was compromised or disclosed” by its systems. The IRS said it will notify taxpayers affected by the attack and will flag their accounts to guard against identity theft.

The IRS and the federal government are in possession of incredible amounts of personal data of U.S. citizens, Yet the government appears almost helpless to protect this data from cyber theives. Last year alone the government lost the data, including electronic finger print files,  of over  20 million Americans in a historic data breach of the Office of Personnel Management.

On Tuesday President Barack Obama proposed to spend $19 billion on more-secure technology for the government. If approved by Congress the money would be used to recruit cyber security experts, reducing reliance on unsafe items like SSNs, and overhauling the government’s computers.