2017 has witnessed several high-profile data breaches. Having become a fact of digital life, these breaches have put millions of victims at a high risk of identity theft. Data breaches happen daily but on different scales. In this article, learn about the latest high-profile breaches.
Equifax Data Breach Can Lead To a Lifelong Identity Theft Threat
On July 29, Equifax, a consumer credit score company, announced that hackers have made their way to up to 143 million American customer account details that included credit card numbers, names, social security numbers, drivers licenses and other personal information. According to experts in the cybercrime field, each “specific cyber breach has a starting date or the day of intrusion. But if the hackers get their hands on data that has a long shelf life, such as a social security number, there is no end point to when the stolen information can be used”.
Richard Smith, the CEO of the company states that this data breach occurred as a result of a vulnerability in their website. He adds that “this is clearly a disappointing event for our company and one that strikes at the heart of who we are and what we do”. Customers of Equifax who would like to know if they are part of those who have been affected should provide their last name and the last six digits of their social security number so that they can check.
Unauthorised Third Party Accesses CeX Customer Account Data
With over 300 stores across the Uk, CeX is a second-hand gaming retailer that allows people to trade in old gadgets and games. The account details of up to two million customers of CeX have been stolen, which included personal information such as names, addresses, phone numbers, as well as old credit card numbers. CeX states that they have “no indication that in-store personal membership information has been compromised”.
However, according to the company, although some credit card information has been stolen, they had stopped storing credit card information since 2009. This means that the data that the cyberhackers have is useless to them. All customers who have been affected by this data breach have received an email regarding the steps to be followed to protect their accounts, in case they use similar passwords and details for other transactions online.
Xbox and PlayStation Gamers Have Account Details Compromised
Although the data breach occurred in 2015, it was only recently found and made public that over 2.5 million gamers who use PlayStation’s PSP ISO and XBOX 360 ISO have had their personal account details hacked. These details include passwords, email and IP addresses. While PlayStation had 1.3 million account details stolen, Xbox360 had 1.2 million.
Bugged Cloudflare’s Software Leaks Customer’s Personal Information
Millions of websites use the software of the internet company, Cloudfare. Due to a bug in the software, many unhashed and plaintext information that included personal messages sent on Uber trips and dating websites were published on the web in September 2016 and February 2017.
User Account Details From Edmodo Stolen and Put Up For Sale
The education website Edmodo is a platform that allows teachers to connect to students and parents. Over 78 million of the users have had their personal details (which included usernames, passwords, and email addresses) stolen by hackers and then sold on the dark web for $1,000 (£700).
Malware Attacks The Payment System of Chipotle Restaurant
Chipotle is a renowned American restaurant which has had its payment systems hacked by a malware this year. One of the leaders in the firm states that the malware “searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device”. Although this cyber attack took place in the US, a vast majority of Chipotle stores have been affected by this malware.
Verizon and AA Accidentally Exposed Customer Information Online
Due to a misconfiguration on Verizon’s cloud server, over six million customer details were posted publicly online for around nine days. Based on the research from the cybersecurity firm UpGuard, this security issue was caused due to “human error”. Although Verizon confirmed with CNN that no customer information was lost or stolen, their names, phone numbers and PIN codes (used to confirm the identity of those calling for customer service) were published online. Further research reveals that the NICE security measures of Verizon were not properly set and a security setting was accidentally made public. Those who had a public link could see all the details that were temporarily visible.
Dan O’Sullivan who is a Cyber Resilience Analysts at Upguard highlights the importance of exposed PIN codes which can allow “scammers to access someone’s phone service if they convince a customer service agent they’re the account holder”. He adds that “a scammer could receive a two-factor authentication message and potentially change it or alter [the authentication] to his liking […] or they could cut off access to the real account holder”.
AA, a car insurance and breakdown company had also accidentally exposed 13GB of its customer’s private details online, unsecured for a few days. The customers’ data was left viewable due to a server misconfiguration.
OneLogin Lost Important Data
Even the identity management company OneLogin hasn’t been immune to data breaches. OneLogin supplies password management services to businesses they have revealed that details regarding their US customers have been stolen. According to them, “a threat actor obtained access to a set of AWS keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US”. In addition, the one who is behind this data breach seems to have been able to decrypt all data by accessing information about apps, users and various types of keys.
Related articles published in Cardholders Data security :
- Payment card security compliance is directly related to the ability to defend against cyber attacks
- Merchant complacency in identifying international transactions
- Common sense measures to protect yourself against identity theft
- EMV chip cards still seem vulnerable to fraudulent activities