IKANOW’s recap of the major data breaches that took place in March 2015 are listed below.
ASML – Malicious Outsider
ASML, the world’s largest microchip manufacturer, acknowledged that it has suffered a data breach. The company stated it recently “discovered unauthorized access to a limited portion of its IT systems.” They didn’t state when this breach happened but indicated late last year or early this year.
Mandarin Oriental Hotel Group – Malicious Outsider
Krebs on Security reported in early March that hotel chain, Mandarin Oriental Hotel Group was the victim of a credit card breach. Mandarin didn’t say how many locations have been affected but the attack, likely, happened just before Christmas of last year.
NEXTEP – Malicious Outsider
NEXTEP, a leading provider of foodservice technology for Fast Casual and QSR concepts, acknowledges credit card breach. According to Krebs, “the acknowledgement came in response to reports by sources in the financial industry who spotted a pattern of fraud on credit cards all recently used at one of NEXTEP’S biggest customers: Zoup, a chain of some 75 soup eateries spread across the northern half of the United States and Canada.”
Advantage Dental – Malicious Outsider
Advantage Dental, an Oregon based dental services provider notified it’s nearly 152k patients of a breach of personal patient protected health information (PHI/HIPAA) after its intrusion detection system discovered an internal database at Advantage was illegally accessed. The attack occurred in late February 2015. The intrusion resulted in the unauthorized access to personal information such as DOB, phone, social security numbers and more.
Premera Blue Cross – Malicious Outsider
The Washington-based health insurance company, Premera Blue Cross, revealed that it was a target of a cyber attack last year compromising their 11m customers. According to Premera, the breach happened in May of 2014 but they didn’t discover it until January 29, 2015 – nearly 9 months later. The attack may have given the hackers individual’s social security numbers, bank info, and more. To learn more, click here.
Hilton Hotels – Vulnerability
Per Krebs, “The vulnerability was uncovered by Brandon Potter and JB Snyder, technical security consultant and founder, respectively, at security consulting and testing firm Bancsec. The two found that once they’d logged into a Hilton Honors account, they could hijack any other account just by knowing its account number. All it took was a small amount of changing the site’s HTML content and then reloading the page.”
Kreditech – Insider Breach
Kreditech is a German online lender which offers loans to individuals based on their creditworthiness which is analyzed using their online data instead of using traditional credit rating information. Per Krebs, “a group of hackers calling itself “A4? put the information online after finding “hundreds of gigabytes” of Kreditech’s documents, including what appear to be configuration files from the company’s Intranet and internal servers.”
Play.com – Malicious Outsider
The online retailer, Play.com, suffered a data breach and left their customers open to spam fraud. It seems only email addresses have been exposed, no financial or other personal information. Learn more, here.
Github – Malicious Outsider
Github was hit with a DDoS attack in late March. Per The Hacker News, “The attack specifically targets two popular Github projects – GreatFire and CN-NYTimes – anti-censorship tools used to help Chinese citizens circumvent The Great Firewall Of China, the government’s censorship of Internet access in China.”