Tag Archives: Data Breach

Breach Brief: Trump Hotel Collection likely victim of data breach

The Trump Hotel Collection appears to be the latest organization to be hit with a major credit card breach, according to a report from Krebs on Security

(Source: Trump Hotel Collection)

(Source: Trump Hotel Collection)

What happened? Sources reveal that several banks have traced a pattern of fraudulent debit and credit card charges to accounts that had all been used at Trump hotels.

What they’re saying: “Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties. We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly,” Eric Trump, EVP of Development and Acquisitions said in a statement.

If confirmed, the incident would be the latest in a long string of breaches involving the hospitality industry, which include Mandarin Oriental and White Lodging this past spring. With the number of hacks on the rise and no apparent end in sight, how can you ensure that your network and its data are protected?

Breach Brief: FBI investigating Cardinals for hacking Astros computer network

According to the New York Times, the FBI is investigating St. Louis Cardinals officials for hacking into the Houston Astros internal networks.

The St. Louis Cardinals are being investigated by the FBI and the U.S. Justice Department for possibly hacking into the internal network of the Houston Astros to steal information on player personnel, the New York Times has reported.

(Screenshot: SI.com)

(Screenshot: SI.com)

What happened? Investigators have come across evidence that the Cardinals front office staff may have broken into the network of the Astros, which housed a number of special databases. According to officials, internal discussions around trades, proprietary stats and scouting reports were among the information compromised.

How did it happen? The intrusion does not appear to be sophisticated, law enforcement officials have noted. According to the New York Times, the FBI believes Cardinals personnel gained access to the Astros’ system by using a list of passwords associated with Astros general manager Jeff Luhnow dating to his tenure with the Cardinals from 2003 until he left for Houston after the 2011 season.

What they’re saying: MLB has shared that it has fully cooperated fully the ongoing investigation, which began last year after data was posted anonymously online. According to the statement, “Major League Baseball has been aware of and has fully cooperated with the federal investigation into the illegal breach of the Astros’ baseball operations database. Once the investigative process has been completed by federal law enforcement officials, we will evaluate the next steps and will make decisions promptly.”

The professional sports world has seen everything form Spygate to Deflateglate in recent months, but perhaps this cyberattack marks the start of the next wave of cheats. This latest high-profile incident comes amid growing concerns that even the most trusted sites and systems can be used by hackers aimed at infiltrating sensitive industries. With the number of breaches on the rise and no apparent end in sight, how can you ensure that your network and its data are protected?

Breach Brief: Insurer Anthem hit by hackers

As many as 80 million customers of America’s second-largest health insurance company, Anthem Inc., have had their account information stolen.

Anthem Inc., which is the second-largest health insurer in the United States with nearly 40 million customers, has confirmed that hackers successfully breached one of its IT systems and have stolen personal information relating to approximately 80 million current and former consumers and employees. While details are still being figured out, the incident could potentially rank among the largest of recent attacks, including J.P. Morgan, Home Depot and Target.

(Source: AP)

(Source: AP)

What information was breached? While Anthem states that the breach did not appear to involve medical information or financial details such as credit card or bank account numbers, the data accessed during the “very sophisticated attack” includes names, birthdays, social security numbers, street addresses, email addresses and employment information, such as income data.

How many were affected? At the moment, the company did not say how many customers and staff were impacted by the hack. However, the Wall Street Journal has shared it was suspected that records of tens of millions of people had been taken, which would likely make it the largest data breach involving a U.S. health insurer. Something to consider: Anthem had 37.5 million medical members as of the end of 2014.

How did it happen? It appears that the attack was the only breach of Anthem’s systems, and the company’s CIO reveals it is not yet clear how the cyber-criminals were able to obtain the necessary credentials needed to access the database. Those responsible are not yet known and an FBI-led investigation is underway. According to Bloombergthere’s speculation that a Chinese state-sponsored hacker group might be behind the breach.

When did it occur? Investigators are still determining the extent of the attack, which was discovered last week.

What they’re saying: “Safeguarding your personal, financial and medical information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data. However, despite our efforts, Anthem was the target of a very sophisticated external cyber attack,” CEO Joseph R. Swedish shared in a statement. “Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation. Anthem has also retained Mandiant, one of the world’s leading cybersecurity firms, to evaluate our systems and identify solutions based on the evolving landscape. Anthem’s own associates’ personal information – including my own – was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data”

It is becoming increasingly clear that embedded system insecurity affects everyone and every company. As we’ve seen, this insecurity can leave sensitive financial and medical data vulnerable to cyber-attackers. With the number of breaches on the rise and no apparent end in sight, how can you ensure that your network is protected?

Breach Brief: Malaysia Airlines website hacked by group

Cyber attack disables air carrier’s ticket-booking service for over seven hours.

A group, who calls itself “Lizard Squad” and “Cyber Caliphate,” is believed to have hacked the official website of national carrier Malaysia Airlines. However, the airline has ensured that its data servers remained intact and passenger bookings were not affected.

A screenshot taken of Malaysia Airlines' official website after it was hacked Sunday night

A screenshot taken of Malaysia Airlines’ official website after it was hacked Sunday night.

What happened? The airline’s revealed a photograph of a lizard in a top hat, monocle and tuxedo smoking a pipe, surrounded by the messages ‘404 – Plane Not Found’ and ‘Hacked by Lizard Squad – Official Cyber Caliphate,’ Reuters reports. A rap song could be also be heard in the background.

What information was breached? Lizard Squad has tweeted that it was “going to dump some loot found on malaysiaairlines.com servers soon,” and posted a link to a screenshot of what appeared to be a passenger flight booking from the airline’s internal email system.

How did it happen? According to the New York Times, MAS said its domain name system was “compromised” and users were redirected to the hacker group’s website. The domain name system translates web addresses typed into browsers into the numbers that computers use to identify and connect with each other on the Internet,

When did it occur? The website was down for at least seven hours during the night of Sunday, January 25, 2015.

What they’re saying: Malaysia Airlines assures customers and clients that its website was not hacked and this temporary glitch does not affect their bookings and that user data remains secured,” the company released in a statement. “At this stage, Malaysia Airlines’ web servers are intact.”

With the number of breaches on the rise, can you ensure that your network is protected?

Breach Brief: Chick-fil-A investigating payment card data breach

A new year, a new wave of breaches. Following an eventful 2014, Chick-fil-A may be first latest retailer to face a payment card data breach in 2015.


What happened? Financial institutions alerted Chick-fil-A to unusual transactions involving nearly 9,000 consumer credit and debit cards, with the fast food restaurant being the common connection.

What information was breached? The restaurant chain says it first learned of the possible breach on December 19 after “limited suspicious payment card activity appearing to originate from payment cards used in a few of our restaurants.”

Who was affected? According to Krebs, possible security breach may be linked to locations in Georgia, Maryland, Pennsylvania, Texas and Virginia,

When did it occur? The report notes that alerts were sent to several U.S. financial institutions about a breach from early December 2013 through September 30, 2014.

What they’re saying:  “We want to assure our customers we are working hard to investigate these events and will share additional facts as we are able to do so. If the investigation reveals that a breach has occurred, customers will not be liable for any fraudulent charges to their accounts — any fraudulent charges will be the responsibility of either Chick-fil-A or the bank that issued the card. If our customers are impacted, we will arrange for free identity protection services, including credit monitoring.”

With the number of breaches on the rise, can you ensure that your network is protected? As we kick off 2015, don’t forget to read up on the latest security trends, topics and more from last year here.

Breach Brief: Staples confirms data breach affected 1.16M payment cards

Staples has revealed that 1.16 million payment cards may have been affected in a series of data breaches that occurred over the summer. The office supply chain joins a growing list of retailers — which includes Target, Home Depot, Kmart and Neiman Marcus — that have had their payment systems breached by hackers in recent months.


What happened? An in-house investigation has detected malware at some point-of-sale systems throughout 115 locations, the company said in a press release. Staples has more than 1,400 U.S. retail stores.

What information was breached? From August 10 through September 16, 2014, the malware allowed access to cardholder names, payment card numbers, expiration dates and card verification codes at the infected stores, the retailer noted. It also enabled the cyber criminals to obtain data from purchases at a pair of stores dating back to July 20.

What they’re saying: Staples is currently offering free identity protection services and a free credit report to customers who used a payment card at any of the affected stores during the relevant time periods.

With the number of breaches on the rise, can you ensure that your network is protected? In the meantime, don’t forget to read up on the latest security trends, topics and more here.

Breach Brief: Sony Pictures’ computer system hacked

According to reports, the computer system belonging to Sony Pictures has been hacked after a thread surfaced on Reddit claiming all computers at the company were offline due to a breach. The Reddit thread says that an image appeared on all employee’s computers reading “Hacked by #GOP” and demanding their “requests be met” along with links to leaked data.


What information was breached? The Next Web reveals that the ZIP files mentioned in the images contain a list of file names of a number of documents, including financial records along with private keys for access to servers. The “Hacked by #GOP” message warned that the data supposedly obtained from Sony’s systems would be divulged on Monday, November 24 at 11 pm GMT.

What are they saying? Variety reports that Sony employees have been warned not to connect to the company’s corporate networks or access their emails. The incident is still being investigated…

With the number of malicious breaches on the rise, how can you ensure that your networks are protected?

Breach Brief: Hackers breach U.S. weather systems and satellite network

Hackers from China were recently able to breach the government computer network at the agency that oversees the National Weather Service,  officials revealed.


What information was breached? According to The Washington Post, NOAA officials also would not say whether the attack removed material or inserted malicious software in its system, which is used by civilian and military forecasters in the United States and also feeds weather models at the main centers for Europe and Canada. NOAA operates a network of weather satellites and websites that distribute crucial information to public and private organizations, including forecasts for airlines and other transportation companies.

When did it happen? The intrusion occurred in late September but officials gave no indication of the problem until October 20, three people familiar with the hack explained.

What are they saying? NOAA spokesman Scott Smullen confirmed in a statement that four websites were “compromised by an Internet-sourced attack,” forcing the agency to perform unscheduled maintenance in recent weeks.

With the number of breaches on the rise, can you be sure you know who’s inside your network?

Don’t be an “ID-IoT”

Authentication may just be the “sine qua non” of the Internet of Things. 

Let’s just come out and say it: Not using the most robust security to protect your digital ID, passwords, secret keys and other important items is a really, really bad idea. That is particularly true with the coming explosion of the Internet of Things (IoT).


The identity (i.e. “ID”) of an IoT node must be authenticated and trusted if the IoT is ever to become widely adopted. Simply stated, the IoT without authenticated ID is just not smart. This is what we mean when we say don’t be an ID-IoT.

It seems that every day new and increasingly dangerous viruses are infecting digital systems. Viruses — such as Heartbleed, Shellshock, Poodle, and Bad USB — have put innocent people at risk in 2014 and beyond. A perfect case in point is that Russian Cyber gangs (a.k.a. “CyberVor”) have exposed over a billion user passwords and IDs — so far. What’s scary is that the attacks are targeted at the very security mechanisms that are meant to provide protection.

If you think about it, that is somewhat analogous to how the HIV/AIDS virus attacks the very immune system that is supposed to protect the host organism. Because the digital protection mechanisms themselves have become targets, they must be hardened. This has become increasingly important now that the digital universe is going through its own Big Bang with the explosion of the IoT. This trend of constant connectivity will result in billions of little sensing and communicating processors being distributed over the earth, like dust. According to Gartner, processing, communicating and sensing semiconductors (which comprise the IoT) will grow at a rate of over 36% in 2015, dwarfing the overall semiconductor market growth of 5.7%. Big Bang. Big growth. Big opportunity.

The IoT will multiply the number of points for infection that hackers can attack by many orders of magnitude. It is not hard to see that trust in the data communicated via an ubiquitous (and nosey) IoT will be necessary for it to be widely adopted. Without trust, the IoT will fail to launch. It’s as simple as that. In fact, the recognized inventor of the Internet, Vint Cerf, completely agrees saying that the Internet of Things requires strong authentication. In other words, no security? No IoT for you!


There is much more to the story behind why the IoT needs strong security. Because the world has become hyper-connected, financial and other sensitive transactions have become almost exclusively electronic. For example, physical checks don’t need to be collected and cancelled any more — just a scanned electronic picture does the job. Indeed, the September 11th terror attacks on the U.S. that froze air travel and the delivery of paper checks accelerated the move to using images to clear checks to keep the economy moving.

Money now is simply electronic data, so everyone and every company are at risk of financial losses stemming directly from data breaches. See?  Data banks are where the money is now kept, so data is what criminals attack. While breaches are, in fact, being publicized, there has not been much open talk about their leading to significant corporate financial liability. That liability, however, is real and growing. CEOs should not be the least bit surprised when they start to be challenged by significant shareholder and class action lawsuits stemming from security breaches.


Although inadvertent, companies are exposing identities and sensitive financial information of millions of customers, and unfortunately, may not be taking all the necessary measures to ensure the security and safety of their products, data, and systems. Both exposure of personal data and risk of product cloning can translate to financial damages. Damages translate to legal action.

The logic of tort and securities lawyers is that if proven methods to secure against hacking and cloning already exist, then it is the fiduciary duty of the leaders of corporations (i.e. the C-suite occupants) to embrace such protection mechanisms (like hardware-based key storage), and more importantly, not doing so could possibly be argued as being negligent. Agree or not, that line of argumentation is viable, logical, and likely.

A few CEOs have already started to equip their systems and products with strong hardware-based security devices… but they are doing it quietly and not telling their competitors. This also gives them a competitive edge, besides protecting against litigation.

Software, Hardware, and Hackers


Why is it that hackers are able to penetrate systems and steal passwords, digital IDs, intellectual property, financial data, and other secrets? It’s because until now, only software has been used to protect software from hackers. Hackers love software. It is where they live.


The problem is that rogue software can see into system memory, so it is not a great place to store important things such as passwords, digital IDs, security keys, and other valuable things. The bottom line is that all software is vulnerable because software has bugs despite the best efforts of developers to eliminate them. So, what about storing important things in hardware?

Hardware is better, but standard integrated circuits can be physically probed to read what is on the circuit. Also, power analysis can quickly extract secrets from hardware. Fortunately, there is something that can be done.

Several generations of hardware key storage devices have already been deployed to protect keys with physical barriers and cryptographic countermeasures that ward off even the most aggressive attacks. Once keys are securely locked away in protected hardware, attackers cannot see them and they cannot attack what they cannot see. Secure hardware key storage devices — most notably Atmel CryptoAuthentication — employ both cryptographic algorithms and a tamper-hardened hardware boundary to keep attackers from getting at the cryptographic keys and other sensitive data.


The basic idea behind such protection is that cryptographic security depends on how securely the cryptographic keys are stored. But, of course it is of no use if the keys are simply locked away. There needs to be a mechanism to use the keys without exposing them — that is the other part of the CryptoAuthentication equation, namely crypto engines that run cryptographic processes and algorithms. A simple way to access the secret key without exposing it is by using challenges (usually random numbers), secret keys, and cryptographic algorithms to create unique and irreversible signatures that provide security without anyone being able to see the protected secret key.

Crypto engines make running complex mathematical functions easy while at the same time keeping secret keys secret inside robust, protected hardware. The hardware key storage + crypto engine combination is the formula to keeping secrets, while being easy-to-use, available, ultra-secure, tiny, and inexpensive.


While the engineering that goes into hardware-based security is sophisticated, Atmel does all the crypto engineering so there is no need to become a crypto expert. Get started by entering for your chance to take home a free CryptoAuthentication development tool.

Breach Brief: 800,000 U.S. Postal Service employees victims of data breach

According to The Washington Post, Chinese hackers are suspected of breaching the computer networks of the U.S. Postal Service, compromising the data of more than 800,000 employees.

US Postal Service mail trucks_reuters_660

What information was breached? The breach is believed to have affected not only letter carriers and employees working in the inspector general’s office including the postmaster general himself. The stolen customer information includes names, email addresses and phone numbers. In addition, the exposed employee data may include personally identifiable information, such as names, dates of birth, social security numbers, addresses, beginning and end dates of employment, emergency contact information and other information. No customer credit card information from post offices or online purchases at USPS.com were breached.

How did it happen? Sources said that the attack was carried out by “a sophisticated actor” who apparently was not interested in identity theft or credit card fraud.

When did it happen? Unnamed officials note that the attack was discovered back in mid-September. In its statement, the USPS said that other than employee details, information about customers who called or emailed the agency’s Customer Care Center between January 1st and August 16th of this year were accessed.

What are they saying? “It is an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity. The United States Postal Service is no different. Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data,” explained Postmaster General Patrick Donahoe.

With the number of breaches, make sure you know who’s inside your network.