By Neal O’Farrel, Security and Identity Theft Expert for CreditSesame.com
Enough with the data breach excuses already. Not only are they as jaded as the breaches themselves, they’re often just not true. In the aftermath of almost every data breach, chances are you’re going to get a boilerplate public statement that includes old reliables like: “The attack was very advanced and sophisticated,” “We have not detected any fraud as a result,” “There’s no reason to believe the information will ever be used,” and of course “Free credit monitoring for everyone in the audience.” Except not right now, because it could take us a couple of weeks to set all that up.
Here’s just a sample of the most recent data breach walk of shame in just the last few weeks:
- The FBI announced that more than 1,000 retailers fell victim to the same malware as Target
- JP Morgan Chase fell victim to suspected Russian hackers.
- 300 oil companies in Norway were hacked.
- UPS and Dairy Queen joined the hall of shame.
My personal favorite was when Community Health Systems in Tennessee announced on August 18th that while Chinese hackers had managed to steal more than 4.5 million patient Social Security numbers (yes, the worst kind of breach), the company couldn’t see any reason why the hackers would actually use them. Really? So, why did they break in and steal them? By mistake? Oh, sorry, my bad, wrong server. Have a great day. But you’re still not getting your data back.
But perhaps the most troubling truth about most of these hacks is that they weren’t advanced or sophisticated. At least not advanced or sophisticated enough that they couldn’t have been stopped.
Seems like most of these hacks relied on the oldest trick in the hacker playbook. The hackers simply sent a malware-laced email to some careless employees who by simply clicking on a link or attachment let the hackers in. That’s it. That’s all. Nothing sophisticated or advanced about that. A simple trick targeted against a clueless or untrained user, and as famed hacker Kevin Mitnik used to say: “That’s all she wrote baby, they got everything!”
That’s exactly the trick that was used in the massive Target breach that exposed more than 110 million customer records. A 17-year-old created some malware that was then emailed to the employee of a small contractor who unhesitatingly opened the email and let the hounds of hell loose on a sleeping Target.
Looks like a similar tactic was used in the eBay breach in May of this year that affected possibly 145 million eBay users, when hackers simply sent infected emails to a select group of eBay employees. Same again in the most recent attack on JP Morgan Chase. Not to mention the successful attack against more than 300 energy and oil companies in Norway announced on August 27th.
There are clear patterns emerging:
- Hackers target the easiest links and there are plenty of them. Millions of them.
- The malware is tested on all the most common antivirus software first so the hackers already know your antivirus software won’t catch it.
- The biggest problem is that companies are simply not training their employees to be vigilant and to stop doing dumb things.
- The attacks are not sophisticated or advanced, not really, not in the grand scheme of things.
- The breached businesses are lying to you because the truth will have you seeing red.
The next time a breached business talks about how sophisticated the attack was, or how committed they have always been to security and privacy, try this never-fail litmus test. Ask them how often their employees are reminded or trained to be vigilant. If the answer is in the realm of once or twice a year, then you probably just found the hole in the fence.
Neal O’Farrell, security and identity theft expert for CreditSesame.com, is one of the most experienced consumer security experts on the planet. Over the last 30 years he has advised governments, intelligence agencies, Fortune 500 companies and millions of consumers on identity protection, cybersecurity, and privacy. As Executive Director of the Identity Theft Council, Neal has personally counseled thousands of identity theft victims, taken on cases referred to him by the FBI and Secret Service, and interviewed some of the nation’s most notorious identity thieves.
While Dairy Queen continues to investigate a possible customer data breach at an unknown number of its 4,442 U.S. restaurants, some of its locations are temporarily adopting “low-risk methods of processing consumer credit and debit cards” or are operating on a cash-only basis, according to a company statement Tuesday.
“The protection of customer data continues to be a top priority for us and our franchisees,” the statement said. “We continue to work with federal law enforcement investigators regarding this matter.”
The Edina-based fast food chain confirmed last week that it may have been victimized by the widespread Backoff malware, which is believed to have been employed in similar cyberattacks on companies like Target and Supervalu.
The first report of the breach was by cyber-security journalist Brian Krebs, who also broke the news of the Target data breach late last year. Krebs reported that Dairy Queen told him it had been notified by the U.S. Secret Service. Messages left for the Secret Service were not returned.
A Dairy Queen spokesman said Tuesday that the company is still working to determine which stores may have been affected and for how long, adding that it appears “only a small portion” of the company’s U.S. locations were likely involved.
Nick Woltman can be reached at 651-228-5189. Follow him on Twitter at @nickwoltman.
A Chicago area hospital is now warning patients about a security breach.
If you were a patient in the last five years here at Porter Regional Hospital or one of its affiliated clinics, you may be affected. The stolen information includes social security numbers.
“I’m floored with this. Just so many people I know are getting these letters. And just one by one, hey I got it, too. It’s me, too,” said Kimberly Crawford, Porter Hospital patient.
The letter warning of a data breach came from Porter Physicians Group, an affiliate of Community Health Systems, a Tennessee-based company that runs several hospitals across the country, including Porter Hospital in Valparaiso, Metro South Medical Center in Blue Island, and two Vista Medical Centers in Waukegan.
Last month, the company said Chinese hackers had attacked its computers in April and June. No credit card numbers or medical records stolen, but other information, including social security numbers, had been accessed, affecting 4.5 million patients nationwide.
“I feel defeated, angry at first. I was real angry,” said Crawford.
Such cyber attacks now make weekly headlines, with Target, restaurant chain P.F. Chang’s – and last week, Chase Bank – among the victims.
On Tuesday, Home Depot customers were warned to check their credit and debit accounts after a possible breach by Russian hackers.
For Kimberly Crawford, it’s all cruel dj vu. Her identity, she says, has been stolen before, and it’s taken years to repair her credit.
“Beware. It’s not safe anymore. Check your passwords,” said Crawford.
Besides social security numbers, names, addresses, and birth dates may have also been accessed.
On Tuesday night, Eyewitness News’ calls and emails to Porter Health Care System and its parent company were not returned.
Tips to protect personal data
DENVER – Goodwill stores confirmed Tuesday that a third party vendor was hacked, resulting in a data breach that affects about 10 percent of all Goodwill stores in the country.
The data security problem was originally announced in July, according to Goodwill. Since then, they say they have hired a forensic expert, worked with law enforcement and contacted credit card companies.
Their investigation determined that 11 locations in southern and western Colorado were affected by the breach. They are:
- 910 Main St Canon City, CO Affected: 2/10/13 to 7/20/14
- 1070 Kelly Johnson Blvd Colorado Springs, CO Affected: 2/10/13 to 7/20/14
- 2007 S Circle Dr Colorado Springs, CO Affected: 2/10/13 to 7/20/14
- 2304 W Colorado Ave Colorado Springs, CO Affected: 2/10/13 to 7/20/14
- 2655 Waynoka Pl Colorado Springs, CO Affected: 2/10/13 to 7/20/14
- 2855 S. Academy Blvd Colorado Springs, CO Affected: 6/3/14 to 7/20/14
- 6725 Camden Blvd Fountain, CO Affected: 2/10/13 to 7/20/14
- 630 24 1/2 Rd Grand Junction, CO Affected:2/10/13 to 7/20/14
- 3610 Dillon Dr Pueblo, CO Affected: 2/10/13 to 7/20/14
- 721 Gold Hill Pl S Woodland Park, CO Affected: 2/10/13 to 7/20/14
- 3506 N. El Paso St Colorado Springs, CO Affected: 2/10/13 to 5/10/14
Goodwill said the third-party vendor’s systems were attacked by malware, enabling criminals to access customers’ payment card data, including names, payment card numbers, and expiration dates. There is no evidence that other customer personal information, such as addresses or PINs, was affected by this issue, Goodwill said.
If you used a credit or debit card at an affected Goodwill store during the relevant time period, carefully monitor your account statements and contact your bank or card issuer if you detect any suspicious activity.
Goodwill customers can get other questions answered at http://www.goodwill.org/payment-card-notice/
Home Depot is investigating a possible data breach in which hackers may have stolen consumers’ credit and debit card information. Preliminary analysis indicates the breach may affect all 2,200 Home Depot stores in the United States and go back to late April or May 2014, expert security reporter Brian Krebs reported Tuesday.
A spokeswoman for Home Depot confirmed to Krebs that the home improvement chain has launched an investigation.
“I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Home Depot spokeswoman Paula Drake told Krebs.
“We are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons it would be inappropriate for us to speculate further but we will provide further information as soon as possible.”
Multiple banks told Krebs that a massive batch of stolen credit and debit cards went on sale this morning in the cybercrime underground, and that evidence points to Home Depot being the source of the hacked information.
Krebs said early indications are that the hackers are the same group of Russian hackers that were responsible for data breaches at Target, Sally Beauty and P.F. Chang’s China Bistro. If the majority of the Home Depot stores were compromised, the breach could be many times larger than the Target data breach, which involved a breach of 40 million cards in three weeks.
Krebs said the attack may be retribution for U.S. and European sanctions against Russia for its actions in Ukraine.
Home Depot customers should pay close attention to their bank accounts, credit and debit accounts and report any suspicious activity to their banks.
Read and share your thoughts on this story.
Article source: http://www.jsonline.com/blogs/news/273602831.html
From Our CBS Music Web Sites
NEW YORK (CBSDFW.COM/AP) — Home Depot may be the latest retailer to suffer a credit card data breach.
The Atlanta-based home improvement retailer told The Associated Press Tuesday that it’s looking into “unusual activity” and that it’s working with both banks and law enforcement.
“Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers,” said Paula Drake, a spokeswoman at Home Depot, declining to elaborate. She noted that if the retailer confirms that a breach occurred, it will notify customers immediately.
Shares of Home Depot Inc. fell 2 percent to $90.91 in late trading.
Many retailers have had security walls broken in recent months, including Target, grocery store chain Supervalu, P.F. Chang’s and the thrift store operations of Goodwill.
The rash of breaches has pushed retailers, banks and card companies to increase security by speeding the adoption of microchips into U.S. credit and debit cards.
The possible data breach at Home Depot was first reported by Brian Krebs of Krebs on Security, a website that focuses on cybersecurity. Krebs said multiple banks reported “evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards.”
The Krebs report says that the responsible party may be the same group of Russian and Ukrainian hackers suspected in last year’s massive breach at Target Corp.
Target, based in Minneapolis, has been overhauling its security department and systems and is accelerating its $100 million plan to roll out chip-based credit card technology in all of its nearly 1,800 stores. In its massive data breach, 40 million credit and debit card accounts were compromised and hackers stole personal information from as many as 70 million customers. The breach hurt profits, sales and its reputation with shoppers.
At Supervalu, the data breach may have impacted as many as 200 of its grocery and liquor stores and potentially affected retail chains recently sold by the company in two dozen states. The breach occurred between June 22 and July 17, according to Supervalu.
(©2014 CBS Local Media, a division of CBS Radio Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.)
- Texas Looks At Cases After Jury Convicts Man Of 3 Serial Murders
- Southlake Police Arrest Ex-Student For Alleged Threats
- I-30 Construction ‘Bumps’ Mean Repairs Will Take Longer
- Rangers Set Record For Players Used In MLB Season
- Fort Worth Ebola Survivor: ‘I Felt Like I Was Going To Die’
Home Depot may be the latest victim of a massive data breach.
According to Brian Krebs of Krebs on Security, “Multiple banks say they are seeing evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards that went on sale this morning in the cybercrime underground.”
Krebs said “there are signs” this breach at Home Depot could’ve been carried out by the same group of Russian and Ukrainian hackers that stole data from Target and P.F. Chang’s.
It wasn’t immediately clear how many stores have been impacted, but Krebs did say, “preliminary analysis indicates the breach may extend across all 2,200 Home Depot stores in the United States.”
In a e-mailed statement to Business Insider on Tuesday, Home Depot spokesperson Paula Drake said:
“At this point, I can confirm that we’re looking into some unusual activity and we are working with our banking partners and law enforcement to investigate. Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately.
Right now, for security reasons, it would be inappropriate for us to speculate further. We will provide further information as soon as possible.”
Home Depot shares fell 2% on Tuesday.
Log in to manage your products and services from The New York Times and the International New York Times.
Don’t have an account yet?
Create an account »
Subscribed through iTunes and need an NYTimes.com account?
Learn more »
Memorial Hermann Health System reported an internal data breach in which an employee was able to gain unauthorized entry into the organization’s electronic health record (EHR) system over a 6 ½ year period, accessing 10,604 patients’ data.
According to notice on the Memorial Hermann website, the employee viewed patients’ names, addresses, medical record numbers, dates of birth, health insurance information, and, in some instances, Social Security numbers. But financial data such as credit card or bank information wasn’t involved. The access took place from December 2007 to July 2014 and only affected some patients during that span. The organization brought in outside forensics experts and suspended the employee’s access to patient records.
We value patient privacy and deeply regret any inconvenience this may have caused our patients. Although privacy training is in place for all employees, Memorial Hermann continues to investigate and to review its privacy policies and practices in an effort to prevent something like this from happening in the future.
Memorial Hermann learned on the breach on July 7 and has since notified impacted patients. Internal data breaches such as this lead to follow-up questions such as what types of access controls and user activity monitoring technologies does Memorial have in place? These products can be assets to healthcare organizations looking to ensure that only authorized employees access protected health information (PHI).
Home Depot said Tuesday it was working with law enforcement to investigate “some unusual activity” related to customer data but that it could not confirm if it had become the latest retailer to be hit by a large-scale security breach.
Shares of the home improvement chain were down 1.9 percent at $91.25 on Tuesday afternoon.
“At this point, I can confirm that we’re looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Home Depot representative Paula Drake wrote in an emailed statement to Reuters.
“If we confirm that a breach has occurred, we will make sure customers are notified immediately.”
The statement came after security website KrebsonSecurity first reported that multiple banks had seen evidence that Home Depot may be the source of stolen credit and debit cards put up for sale on underground markets.
Retail customers faced a massive data breach during last year’s holiday season when hackers stole at least 40 million payment card numbers and 70 million other pieces of customer data from Target Corp.