Tag Archives: Data Breach

Posted on Author Atlantic Computer Services Categories Blog

New Ransomware Leaks Confidential Data To Public

There’s a disturbing emerging trend in the world of hackers who make use of ransomware to extort payment from companies. Increasingly, if a company won’t pay, their data that was stolen and encrypted is being published for all to see.

KrebsOnSecurity recently identified a website associated with the creators of the Maze ransomware strain that did exactly that.

The introductory message on the landing page reads as follows:

Represented here companies don’t wish to cooperate with us, and trying to hide our successful attack on their resources. Wait for their databases and private papers here. Follow the news!”

Many industry insiders and security experts have expressed shock and dismay at the emerging trend. They probably shouldn’t. After all, hackers who use ransomware almost always issue a warning that if their demands aren’t met, the data in question will be released to the public. It’s such a common threat that it’s almost become boilerplate.

The difference is that until recently, hackers haven’t actually followed through on the threat. That now appears to be changing, and it underscores an important point.

Hackers often snoop through and exfiltrate the data they encrypt prior to the encryption itself. Doing so essentially sees them get paid twice. If the company pays the ransom, they get the money. Meanwhile, they can auction off the juiciest bits of data to the highest bidder. Most commonly, this means selling personal information and credit card data, but it certainly can mean proprietary company data. In fact, it now appears that it does mean company data.

What this means though, is that ransomware attacks need to be considered data breaches and treated accordingly. If that’s not your company’s current stance where such attacks are concerned, it should be.

0
Posted on Author Atlantic Computer Services Categories Blog

Landrys Restaurant Chain Latest Victim Of Credit Card Breach

If you’re not familiar with Landry’s, you’re probably familiar with at least some of the restaurants the company owns.

The company recently issued a formal ‘Notification of Data Breach’ in which they disclosed that an unauthorized user was detected on their systems and that POS malware had been used between March 13 2019 and October 17, 2019.

In addition to that, in a few cases and locations, malware had been in place since January 18, 2019.

In all, they own more than six-hundred restaurants around the country, including:

  • Landry’s Seafood
  • Chart House
  • Saltgrass Steak House
  • The Bubba Gump Shrimp Co.
  • Claim Jumper
  • Morton’s
  • McCormick and Schmick’s
  • Mastro’s Restaurant
  • The Rainforest Café
  • Del Frisco’s Grill
  • And More

Fortunately, back in 2016, the company implemented a robust end-to-end encryption system, so any payment data sent through it would not have been compromised. Unfortunately, Landry’s restaurants also have order entry systems that have card readers attached. These are not part of the end-to-end encryption system. Thus, any credit cards swiped through these systems would have seen their payment information compromised.

There’s no way to be sure whether your card was swiped in a way that bypassed the encryption system. If you dined at any of Landry’s restaurants between January 18, 2019 and October 17, 2019, the safest course of action is to assume that your payment card data may have been compromised. You should report the incident to your credit card provider to have a new card issued.

The investigation into this mater is ongoing and at this time. The company has not released any estimates on the number of payment cards that may have been compromised. Even if you opt not to report your card compromised, it pays to keep a close eye out on your account to monitor it for suspicious activity.

0
1 17 18 19