Here’s your monthly roundup of the latest hacks and data breaches around the world. In this monthly series, we’ll share information and updates on the most recent hacks that have made headlines, including causes, resolutions, and what you can do to protect your data.
Over the last several weeks, we saw what has now become the usual list of successful cyber attacks and data breaches across all industries, with government entities, healthcare and retail dominating the list.
This month federal authorities discovered that a legacy point-of-sale system operated by Cheddar’s Scratch Kitchens (a restaurant owned by the Darden Group), was likely compromised as part of a larger cyber attack involving locations in 23 states. Credit card information for an estimated 567,000 guests was exposed to the hackers. This attack was quite small in relation to the total number of guests eating at a Darden restaurant in any given month. However, it does highlight the importance of updating legacy systems on a regular basis to ensure that all locations have the same standard of security. Darden Restaurants has hired a 3rd party firm to investigate the matter further. Read More.
At a recent DEFCON event, an 11-year-old boy was able to hack into a replica of Florida’s state election website in just 10 minutes, successfully changing voting results. Throughout the DEFCON event, swing state voter websites were replicated to see what security problems exist. While the event has taken place for several years, this is the first time it was opened up to children as young as 6, who largely all were successful at hacking the respective site they were working on. While this exercise doesn’t use an exact replica of the current election systems for each state, it does go to show that more attention needs to be paid to overall election security, especially in an election year. If a child can hack into the system, what can a trained cyber criminal do? Read More.
Independent security researcher Bob Diachenko discovered that the popular babysitting app, Sitter experienced a data breach involving customer transaction informations, chat logs, and contact information. The information was inadvertently stored in an exposed MongoDB file that was accessible using a public IoT search engine. It is unclear how long this information was available, and currently if anyone accessed it. It’s worth noting that all information added to an app is at risk, whether it’s profile based, or a chat between users. Read More.
[Want to make sure your company’s data is secure? Download our whitepaper: Protecting the Data to learn how complete network visibility can be your greatest defense against hackers.]
Close to 2 million T-Mobile customers had personal information including billing zip code, phone number, email address and account number, included in a recent security breach of their US servers on August 20. While it has not been announced how the hackers got access to this information, T-Mobile was able to shut the breach down quickly, ensuring no financial information was accessed. Read More.
A healthcare organization in Des Moines, IA was the victim of a targeted phishing attack, which resulted in 1.4 million patient records being compromised. Among the data stolen was names, addresses, surgical information, and insurance information. It took almost 6 weeks for the breach to be discovered by officials. Like most phishing attacks, the hacker took the identity of a trusted executive within the organization, resulting in one employee falling victim to the scam and creating the access point into the network. The organization is working to strengthen their network security, while also providing additional training to employees on recognizing the signs of a phishing attack. Read More.
A critical flaw in the first Fortnite Android app left the possibility for other apps to install malware onto targeted devices. The reason for this potential bug lies with the decision to make the game available for Android users not through the Google Play Store, but an outside app. By using their own app, some security settings need to be modified, making individual devices at risk to threats. Google developers discovered a way that hackers could utilize the app to access call history, text logs, and GPS without the user’s knowledge. Since the news was broken, Fortnite released a patch to fix this bug. Users are strongly encouraged to install the update for Fortnite, and to use caution when installing apps outside the Google Play Store in the future to protect their device and privacy. Read More.