Archive for June, 2016

Noodles & Company affected by data breach

noodles

GREENVILLE, N.C. (WNCT) – Kevin Reddy, chairman and CEO of Noodles Company, sent out a statement Thursday after they were affected by a data breach.

Reddy informed the public on their website that the incident may have compromised the security of payment information of some guests who used debit or credit cards between January 31 and June 2 of 2016.

“In an era where sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance. We encourage you to review your account statements regularly and monitor your credit reports for suspicious activity. Please read the statement below to find out more about the incident, how it may impact you and the resources available to you to better protect against fraud and identity theft.”

Here are the local Noodles Company affected by the breach:

  • Greenville – 3030 Evans Street
  • Jacksonville – 1345 Western Blvd.

If you have any questions or need more information, call them at 888-849-1067.

Article source: http://wnct.com/2016/06/30/noodles-company-affected-by-data-breach/

,

No Comments

Noodles & Company affected by data breach

noodles

GREENVILLE, N.C. (WNCT) – Kevin Reddy, chairman and CEO of Noodles Company, sent out a statement Thursday after they were affected by a data breach.

Reddy informed the public on their website that the incident may have compromised the security of payment information of some guests who used debit or credit cards between January 31 and June 2 of 2016.

“In an era where sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance. We encourage you to review your account statements regularly and monitor your credit reports for suspicious activity. Please read the statement below to find out more about the incident, how it may impact you and the resources available to you to better protect against fraud and identity theft.”

Here are the local Noodles Company affected by the breach:

  • Greenville – 3030 Evans Street
  • Jacksonville – 1345 Western Blvd.

If you have any questions or need more information, call them at 888-849-1067.

Article source: http://wnct.com/2016/06/30/noodles-company-affected-by-data-breach/

,

No Comments

Massachusetts General Hospital data breach affects 4.3K patients

Disclosure of the breach was delayed for more than four months.

Fingers are pointing at a third-party vendor as the culpable party behind the exposure of personally identifiable information of 4,300 patients of Massachusetts General Hospital (MGH).

On Feb. 8, an unauthorized individual accessed the network of Patterson Dental Supply, a division of Patterson Companies, a Saint Paul, Minn.-based medical supplies conglomerate, which services MGH with the software used in managing dental practice information.

The purloined data included patients’ names, dates of birth, Social Security numbers and, in some cases, the particulars of dental appointments.

Because law enforcement forbid disclosure while an investigation proceeded, it wasn’t until May 26 that MGH received permission to begin informing those affected. Disclosure to patients was further delayed owing to the facility needing time to figure out which patients were at risk, according to a hospital spokesman. It wasn’t until June 29 that letters began going out. A call center also was set up to deal with inquiries.

MGH said Patterson Dental Supply has upgraded the security of its systems used in storing patients’ dental files.

“This is an instance where a third party has compromised the security of their partner,” Jack Danahy, CTO and co-founder of Barkly, said in a statement emailed to SCMagazine.com. “In environments where the information sharing is so important, and so intimate, organizations have a very real responsibility to consider the potential impact of any breach of their own security.” 

In an emailed statement to SCMagazine.com, Casey Ellis, founder and CEO of Bugcrowd, added that healthcare continues to be targeted by state and cybercriminal attackers. Healthcare networks are particularly vulnerable, he wrote, because of the large number of legacy systems in use at these facilities and the critical need to keep these systems online at all times. “It’s a shame this happened, but it highlights the need for simple, clear solutions to help the healthcare industry identify its vulnerabilities and start working to rememdiate them.” 

Hospitals and medical organizations are good targets because they have valuable stores of patient information which can be sold for a tidy profit, Israel Levy, CEO of Bufferzone, told SCMagazine.com in an emailed statement. Thanks to mandatory regulations, hospitals are unquestionably making an effort to protect patient data, he wrote, but that’s not as easy as it sounds because hospitals are part of a large and complex ecosystem. 

“To prevent breaches, hospitals must take measures to separate their patient data and their medical equipment from outside access using approaches like virtual containers and network segregation,” Levy said.

This is not MGH’s first data breach. Last July, an employee inadvertently sent an email containing personal information of 648 patients to the wrong email address.

Article source: http://www.scmagazine.com/massachusetts-general-hospital-data-breach-affects-43k-patients/article/506659/

,

No Comments

Massachusetts General Hospital data breach affects 4.3K patients

Disclosure of the breach was delayed for more than four months.

Fingers are pointing at a third-party vendor as the culpable party behind the exposure of personally identifiable information of 4,300 patients of Massachusetts General Hospital (MGH).

On Feb. 8, an unauthorized individual accessed the network of Patterson Dental Supply, a division of Patterson Companies, a Saint Paul, Minn.-based medical supplies conglomerate, which services MGH with the software used in managing dental practice information.

The purloined data included patients’ names, dates of birth, Social Security numbers and, in some cases, the particulars of dental appointments.

Because law enforcement forbid disclosure while an investigation proceeded, it wasn’t until May 26 that MGH received permission to begin informing those affected. Disclosure to patients was further delayed owing to the facility needing time to figure out which patients were at risk, according to a hospital spokesman. It wasn’t until June 29 that letters began going out. A call center also was set up to deal with inquiries.

MGH said Patterson Dental Supply has upgraded the security of its systems used in storing patients’ dental files.

“This is an instance where a third party has compromised the security of their partner,” Jack Danahy, CTO and co-founder of Barkly, said in a statement emailed to SCMagazine.com. “In environments where the information sharing is so important, and so intimate, organizations have a very real responsibility to consider the potential impact of any breach of their own security.” 

In an emailed statement to SCMagazine.com, Casey Ellis, founder and CEO of Bugcrowd, added that healthcare continues to be targeted by state and cybercriminal attackers. Healthcare networks are particularly vulnerable, he wrote, because of the large number of legacy systems in use at these facilities and the critical need to keep these systems online at all times. “It’s a shame this happened, but it highlights the need for simple, clear solutions to help the healthcare industry identify its vulnerabilities and start working to rememdiate them.” 

Hospitals and medical organizations are good targets because they have valuable stores of patient information which can be sold for a tidy profit, Israel Levy, CEO of Bufferzone, told SCMagazine.com in an emailed statement. Thanks to mandatory regulations, hospitals are unquestionably making an effort to protect patient data, he wrote, but that’s not as easy as it sounds because hospitals are part of a large and complex ecosystem. 

“To prevent breaches, hospitals must take measures to separate their patient data and their medical equipment from outside access using approaches like virtual containers and network segregation,” Levy said.

This is not MGH’s first data breach. Last July, an employee inadvertently sent an email containing personal information of 648 patients to the wrong email address.

Article source: http://www.scmagazine.com/massachusetts-general-hospital-data-breach-affects-43k-patients/article/506659/

,

No Comments

Noodles & Co. Reveals 26 Md. Locations Exposed To Data Breach

BALTIMORE, Md. (WJZ) — Your personal financial information may be at risk if you ate at any of more than two dozen Noodles Company locations in Maryland over the last six months.

The fast casual restaurant chain revealed Tuesday the security of customers’ information may have been compromised by a recent data breach. It affects those who used their debit and credit cards to pay for meals between Jan. 31 and June 2 .

Noodles Company, which says it first learned that something might be wrong on May 17, reports cards used at the affected locations moving forward are no longer in jeopardy. The company says future transactions should be safe.

In its announcement June 28, the company did not disclose a reason for the delay between the date it learned of the breach, June 2, and the date it made news of the breach public.

At least 26 locations in Maryland were affected. For a list of them, CLICK HERE.

To learn more about how the company suggests you can safeguard your identity, call 888-849-1067 or CLICK HERE.

Article source: http://baltimore.cbslocal.com/2016/06/30/noodles-co-reveals-26-md-locations-affected-by-data-breach/

,

No Comments

Noodles & Co. Reveals 26 Md. Locations Exposed To Data Breach

BALTIMORE, Md. (WJZ) — Your personal financial information may be at risk if you ate at any of more than two dozen Noodles Company locations in Maryland over the last six months.

The fast casual restaurant chain revealed Tuesday the security of customers’ information may have been compromised by a recent data breach. It affects those who used their debit and credit cards to pay for meals between Jan. 31 and June 2 .

Noodles Company, which says it first learned that something might be wrong on May 17, reports cards used at the affected locations moving forward are no longer in jeopardy. The company says future transactions should be safe.

In its announcement June 28, the company did not disclose a reason for the delay between the date it learned of the breach, June 2, and the date it made news of the breach public.

At least 26 locations in Maryland were affected. For a list of them, CLICK HERE.

To learn more about how the company suggests you can safeguard your identity, call 888-849-1067 or CLICK HERE.

Article source: http://baltimore.cbslocal.com/2016/06/30/noodles-co-reveals-26-md-locations-affected-by-data-breach/

,

No Comments

Hard Rock Cafe experiences data breach

The Hard Rock Cafe and Casino Las Vegas has released a statement alerting customers that their data may have been compromised if they visited the resort between October 27th, 2015 and March 21st, 2016.

After receiving several reports of unauthorized activity associated with payment cards, the resort started an investigation into their card payment methods.

“On May 13, 2016, the investigation identified signs of unauthorized access to the resort’s payment card environment,” Hard Rock said in its statement.

“Further investigation revealed the presence of card scraping malware that was designed to target payment card data as the data was routed through the resort’s payment card system.”

In some instances, the program recognized payment card data that included cardholder names, card numbers, expiration dates and internal verification codes. In others, the program only found data that didn’t include the cardholder name.

The Hard Rock Cafe and Casino assured customers that they have alerted law enforcement officials and are working with the payment card networks to initiate heightened monitoring on cards that may be affected.

The resort recommends that any customers who suspect that they may have been victims of card fraud get in touch with their bank.

This incident is the latest in a number of attacks on high-profile organizations, although it must be noted that all organizations are targets.

Such is the concern that, at the start of the month, the Internet Crime Complaint Center (IC3) issued a public service announcement warning people about online fraudsters looking to jump on the back of recent data breaches.

It stated: “Fraudsters quickly use the news release of a high-profile data breach to initiate an extortion campaign.

“The FBI suspects multiple individuals are involved in these extortion campaigns based on variations in the extortion emails.”

Author , We Live Security

Article source: http://www.welivesecurity.com/2016/06/29/hard-rock-cafe-experiences-data-breach/

,

No Comments

Mass. General Hospital announces data breach – WHDH

BOSTON (WHDH) – Massachusetts General Hospital announced Wednesday it suffered a privacy incident involving information stored by a third-party vendor.

According to the hospital, Patterson Dental Supply Inc., provides software that helps manage dental practice information for various providers, including MGH.

On Feb. 8, MGH learned that an unauthorized individual gained access to electronic files stored on the system and later confirmed the files contained some MGH dental practice information.

Law enforcement officials required any notification of the breach to potentially affected individuals be withheld while an investigation was conducted.

On May 26, officials gave permission to notify and MGH began to notify patients.

Leaked information included patients’ names, date of birth and Social Security and, in some instances, may have included date and type of dental appointment.

MGH began mailing letters to affected individuals June 29 and has established a dedicated call center to answer any questions.

 

(Copyright (c) 2016 Sunbeam Television. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

Article source: http://whdh.com/news/local/mass-general-hospital-announces-data-breach/

,

No Comments

FTC Closes 70 Percent of Data Breach Investigations, Weighing PCI-DSS Standard

The Federal Trade Commission doesn’t investigate every reported breach, but when it comes to prosecuting data security cases it has an impressive 70 percent closure rate, according to agency officials.

FTC Commissioner Maureen Ohlhausen shed light on the agency’s approach to enforcing data security in a keynote address for a panel titled Federal Online Data Security Regulation: Where Are We Going? which was held Tuesday at the Heritage Foundation in D.C.

“We don’t formally investigate every breach, as that would be hundreds of cases each year…” Ohlhausen said, “but for matters where we do open an investigation, we end up closing approximately 70 percent.”

Ohlhausen elaborated that usually when the FTC does close a case, it’s because the agency has deemed the company’s security either reasonable or good, adding that in today’s rapidly evolving, technological world, “reasonableness” is key.

“The touchstone of our data security enforcement is reasonableness,” Ohlhausen said “A company’s data security measures must be reasonable in light of the sensitivity and volume of consumer information it holds, the size and complexity of its data operation, and the cost of available tools to improve security and reduce vulnerabilities.”

To date, Ohlhausen claims the FTC has brought in and settled almost 60 cases involving data security issues. While some of the earliest cases were brought as deception cases – companies misleading consumers about their data security practices – most of the cases were brought under Section 5 of the Federal Trade Commission Act, which prohibits deceptive acts or practices.

Ohlhausen told the audience that the agency is still trying to determine exactly how it interprets standards, particularly the Payment Card Industry Data Security Standard, or PCI-DSS, though. The standard, designed to regulate controls around credit card data to reduce fraud, has been around since 2004, but gone through a series of corrections an revisions over the years, the most recent coming in April.

“When evaluating reasonable security what weight should the FTC give to industry standards and to PCI-DSS in particular?” Ohlhausen asked the crowd.

Ohlhausen, who stressed before her keynote her talk wouldn’t necessarily reflect the views of the FTC, admitted the agency’s data security program isn’t perfect. How the PCI-DSS standard is interpreted by the the Commission has been a bone of contention for Ohlhausen.

In late 2015, despite her dissent, the Commission found that PCI certification was not enough to demonstrate reasonable security when it came to an incident involving identity theft protection company LifeLock.

The company has been under order with the FTC since it settled a complaint in 2010 accusing the company of overblown advertising claims. In December it agreed to pay a $100 million fine after the FTC filed contempt charges that it failed to implement and maintain a data security program.

Ohlhausen claims LifeLock held PCI certifications from third party certifiers during the relevant period and believes that should have counted for something.

“Given these certifications and other evidence I believe the record lacked clear and convincing evidence — which is the relevant standard for a contempt proceeding — that LifeLock failed to maintain a comprehensive data security program.”

Ohlhausen dissented from the complaint and settlement (.PDF) at the time, acknowledging the Commission lacked evidence of a breach, and is still convinced the FTC went about the situation the wrong way.

It’s for that reason she claims that the agency is working to learn more about PCI-DSS. She told attendees the FTC has already issued orders to nine PCI certification companies requesting information on how they carry out audits, and that its seeking detailed information about the assessment process used by PCI-DSS certification companies.

Ohlhausen is hopeful the PCI-DSS study will give the FTC a better understanding of the standard and provide them with additional guidance going forward.

She also claimed that if given the opportunity, she would support legislation around the creation of a nationwide data breach notification law, adding that it could simplify compliance for businesses and streamline consumer notifications so conflicting notices do not overwhelm them.

The FTC and the FCC have scuffled, especially of late, over each others jurisdiction to privacy. The FCC reclassified broadband last year as a common carrier service and proposed privacy and data security rules that would only apply to broadband ISPs. In response the FTC suggested the FCC’s proposal would overprotect some information and under protect other information. It argued in a bipartisan 36-page comment at the end of May that the FCC should tweak how it defines identifiable information. The letter also calls into question the FCC’s proposed regulations around data security, breach notifications, and how consumer notice and choice plays a role in business practices.

One of the most recent privacy cases handled by the FTC was settled last week. The mobile advertising firm InMobi will pay $950,000 in civil penalties after it was found tracking customers, children included, without consent. The company was initially asked to pay $4 million but that figure was reduced to $950K because of the “company’s financial condition.”

Article source: https://threatpost.com/ftc-closes-70-percent-of-data-breach-investigations-weighing-pci-dss-standard/118974/

,

No Comments

Noodles and Company Warns Customers of Data Breach

KSTP-TV FCC Public Inspection File   |   
KSAX-TV FCC Public Inspection File   |   
KRWF-TV FCC Public Inspection File   |   
Additional Public Information

Any person with disabilities who needs help accessing the content of the FCC Public file should contact Katie Bowman
at [email protected] or (651) 646-5555

KSTP-TV KSTC45 MeTV Twin Cities ThisTV Twin Cities Prep45 Heroes and Icons Antenna TV

Copyright © 2016 – KSTP-TV, LLC

A Hubbard Broadcasting Company

HBI Privacy Policy |
Terms of Use |
DMCA Notice |
Contest Rules |
Site Map

Article source: http://kstp.com/business/noodles-and-company-data-breach/4184741/

,

No Comments