Tag Archives: Data Breach

Posted on Author Atlantic Computer Services Categories Blog

JCrew Retailer Customers May Have Had Information Accessed

Another week, another data breach. This time, the target being US clothing retailer J. Crew.

The company announced that sometime in April of 2019, an unknown group of hackers utilized a credential stuffing attack to breach one of the company’s databases and accessed some of its customer account data.

Credential stuffing, as you may know, is an attack type that sees hackers utilizing large sets of stolen user names and passwords, which can be found in vast numbers on the Dark Web. Granted, many of the username and password combinations are old and defunct, but the data is cheap and hackers can buy hundreds of thousands of sets of credentials.

With so many in play, they’re bound to get a few hits and all they really need is one. One thing that vastly increases the chances of this kind of attack succeeding is the shocking percentage of users who still utilize the same username and password on multiple different websites.

When J. Crew discovered evidence of the breach via a routine scan, they immediately sent a notification to the potentially impacted customers. That notification read, in part, as follows:

“…the information that would have been accessible in your jcrew.com account includes the last four digits of credit card numbers you have stored in your account, the expiration dates, card types and billing addresses connected to those cards, and order numbers, shipping confirmation numbers, and shipment status of those orders…

We do not have reason to believe that the unauthorized party gained access to any additional information within your account, but you should change your password on any other account where your use the same password discovered in this incident.”

Along with the sending of this notification, J. Crew disabled the accounts of all impacted users.

It’s a decent response but the ‘routine sweep’ conducted by the company didn’t discover evidence of the breach for almost a year, so things aren’t quite adding up yet. Our hope is that the company will clarify things as their forensic investigation into the hack is concluded. In any case, if you’re a JCrew customer, take heed.

0
Posted on Author Atlantic Computer Services Categories Blog

Tax Information Theft Is On The Rise This Year

It’s tax season, and if you’re like many people, you make use of one of the numerous e-file platforms offered by TurboTax, TaxAct, and similar companies. Unfortunately, tax season also presents a tremendous opportunity for hackers. So much that the IRS has issued a formal warning to accountants and taxpayers alike, urging them to enable two-factor authentication to minimize the risk of identity theft.

The IRS warning grew out of the fact that over the last few weeks, they received dozens of reports from accountants around the country about data theft.

If you use a third-party, online tax service like the ones we mentioned above, it pays to heed the IRS’ warning and enable 2FA on your account. That is, in order to provide better security and minimize the risk that your tax account could be hacked. If it is hacked, it will give hackers access to everything they need to steal your identity and make your life miserable for months, and possibly years to come.

If you have an accountant who handles your taxes for you, then it pays to at least have the conversation and find out what they’re doing and how they’re filing your taxes for you. You should find out if/when/where e-filing enters into the equation to be sure they’re using 2FA as well to better protect your data. If they’re not, it’s a serious enough issue that it may be worth considering switching to someone who takes security more seriously.

Since 2015, the IRS has been working with Security Summit Partners, which is a cooperative agency that includes state tax agencies, tax preparation firms, software developers, payroll processors and banks. The purpose of the collaboration with the group is to ensure that multi-factor authentication features are widely available to everyone in the tax and tax preparation business.

Unfortunately, availability does not always translate into adoption. Either way, kudos to the IRS for being proactive and doing all they can to help protect taxpayers from opportunists. Long story short: If you’re filing your taxes digitally, or someone’s doing that for you, make sure 2FA is enabled.

0
Posted on Author Atlantic Computer Services Categories Blog

New Healthcare Breach Blamed On Stolen Laptop

There have been a dizzying number of high-profile data breaches in recent months, and now we have one more to add to the growing list.

Health Share of Oregon is a Medicaid Coordinated Care Organization. They recently disclosed that they lost control of health and personal information belonging to more than 650,000 people.

The root cause in this case wasn’t an elaborate hack. One of their employees had a laptop computer stolen while making use of a third-party vendor responsible for non-emergent medical transportation.

Health Share has begun the daunting task of sending out letters to every patient who had their information compromised. They’re offering a free year of identity monitoring, credit monitoring, fraud consultation and identity theft restoration. That is pretty standard fare in situations like these, but also small comfort for those who have been impacted. In addition to the individual patient contact letters, the company also released a statement.

Their statement reads, in part, as follows:

Though the theft took place at an external vendor, we take our members’ privacy and security very seriously. Therefore, we are ensuring that members, partners, regulator, and the community are made fully aware of this issue.”

The company also tried to reassure impacted individuals by letting them know that their personal health histories were not exposed.

That’s a good thing, but the data that was stolen was extensive. It included members’ names, addresses, phone numbers, dates of birth, Medicaid ID numbers, and Social Security numbers. All that is more than enough information to steal 650,000+ identities.

Health Share has set up a toll-free call center, open Monday through Friday from 8:00am to 5:30pm. The service is available to any impacted individuals with questions or concerns, which is a fantastic additional step we don’t often see when things like this happen. Now, if only it hadn’t happened in the first place.

0
Posted on Author Atlantic Computer Services Categories Blog

Wawa Data Breach Includes Information On 30 Million Customers

Another week, another high-profile data breach. This time, it’s a big one.

In December 2019, the convenience store chain Wawa disclosed that they had discovered malware on their point of sale system and that tens of millions of customer records were at risk. Those at risk were potentially anyone who had paid for their gas and other sundries with a debit or credit card.

Further, they admitted that the breach impacted all 860 of its locations. Worse, the company discovered that the malware had been in place for at least four months, which makes it a positively massive breach.

A recently published Gemini Security Advisory described it this way:

Since the breach may have affected over 850 stores and potentially exposed 30 million sets of payment records, it ranks among the largest payment card breaches of 2019, and of all time. It is comparable to Home Depot’s 2014 breach exposing 50 million customers’ data or to Target’s 2013 breach exposing 40 million sets of payment card data.”

It was only a matter of time before a haul that large showed up on the Dark Web, and that has now happened. Recently, security researchers have spotted a file called “BigBadaBoom-III.” The payment card data it contains traces back to Wawa.

At present, the records are being sold for an average of $17 each. Given the size of the breach, that represents a breathtaking payday for the hackers.

If you’ve been to a Wawa convenience store in the last six months, the safe bet is to assume that your payment card has been compromised and proceed accordingly. Doing nothing is a recipe for disaster, especially given that the database containing the card data is already up for sale. It’s only a matter of time until someone gets their hands on your payment data and starts making illicit use of it.

0
Posted on Author Atlantic Computer Services Categories Blog

Data Breach Hits Microsoft Customer Service Database

Over the last twelve months, we’ve heard reports from companies of all shapes and sizes that have suffered from data breaches.

Many of them were caused by an act of carelessness on the part of an employee that accidentally left an important database exposed to the world. It raises eyebrows though, to hear that Microsoft was the target of such an action.

Surprising or not, Microsoft recently disclosed that a total of five servers storing a variety of customer support analytics were accidentally exposed online in December 2019.

Credit goes to Bob Diachenko, a researcher with Security Discovery. He found the leaky database, which consisted of a cluster of five ElasticSearch servers. According to Diachenko, all five servers stored the same data, appearing to be mirrors of each other.

The servers contained nearly 250 million entries that included IP addresses, email addresses and support case details. Upon learning of the incident, Microsoft responded quickly. They secured the servers in question and made an announcement, which also reassured users that “as part of Microsoft’s standard operating procedures, data stored in the support case analytics database is redacted using automated tools to remove personal information.”

After conducting an in-depth investigation, the company concluded that the data had not been copied or maliciously used by third parties. The leak was caused by a misconfiguration of the Azure security rules it deployed on December 5th, 2019.

The company made the following changes and now:

  • Audits the established network security rules for internal resources
  • Has expanded the scope of the mechanisms that detect security rule misconfigurations
  • Has added additional alerting to service teams when security rule misconfigurations are detected
  • Has begun implementing additional redaction automation

No company is immune, not even Microsoft. Kudos to the company for their rapid response and deft handling of the issue. That’s how it’s done.

0
1 16 17 18 19