Data Breach Ripples: Week of April 10

Posted by Zach Walker on Apr 10, 2015 1:30:00 PM
Find me on:

DBR-Email-Header-4215

In this week's issue: Uber hires a new security officer from Facebook, financial institutions and retailers are skirmishing over the upcoming EMV deadline, UC Riverside suffers a data breach exposing the personal information of 8,000, AT&T is going to settle a data breach complaint by agreeing to pay $25 million and for the Rippleshot content of the week, we've put together a great infographic using Rippleshot research to determine the top five most compromised merchant categories in the U.S. 

UBER BRINGS ON FORMER FACEBOOK SECURITY EXPERT

After covering various security incidents involving the mobile ride-ordering app, the company announced that it has hired a new chief security officer. Last week, Uber introduced Joe Sullivan, Facebook’s former chief security offier, as its own CSO. Before joining Uber, Sullivan spent nearly a decade as a prosecutor for the U.S. Department of Justice with stops at eBay and PayPal before arriving at Facebook.

As Uber continues to shore up its personal image and security systems, expect the company to attempt to stay ahead of any additional security incidents involving its customers or drivers.

RETAILERS, FINANCIAL INSTITUTIONS SKIRMISH OVER EMV DEADLINE

Last week, the Food Marketing Institute (FMI) sent a letter to major credit-card issuers and card networks asking for the card issuers to consider delaying the October 1st deadline to implement EMV-capable Point of Sale terminals. According to reports, the letter the Food Marketing Institute sent addressed that the October deadline would provide the retailers with enough time to make the switch to EMV.

On the other end of EMV implementation, the National Association of Federal Credit Union (NAFCU) issued a response claiming that this type of response from various retail groups is hypocritical in shifting blame to banks and credit unions. Much concern has come over the implementation of chip-and-signature instead of the more secure chip-and-PIN systems that many other countries currently use.

Curious as to how EMV adoption is going to affect credit and debit cardholders in the United States? Check out our latest white paper covering the benefits and downsides of EMV and the expected impact in the U.S.

UC RIVERSIDE DATA BREACH AFFECTS PERSONAL INFORMATION OF 8,000

On Tuesday, the University of California, Riverside issued a warning to over 8,000 of it’s current graduate students, graduate student applicants and other non-related individuals that their personal information may have been exposed in a data breach.

In a post on InsideUCR, a computer containing the personal information, including social security numbers, was stolen during a break-in on the school’s campus, containing the personal information. Although UCR policy states that all computers that hold sensitive data must be protected, the stolen device had not been encrypted to prevent illegal access.

AT&T TO PAY $25 MILLION TO SETTLE DATA BREACH COMPLAINT PRESIDENT OBAMA DECLARES CYBERATTACKS A 'NATIONAL EMERGENCY'

Thursday morning, AT&T agreed to settle a federal complaint filed against the telecommunications company due to a data breach in late 2013 to early 2014 that exposed the personal information of almost 280,000 subscribers. According to the complaint, data was stolen from AT&T call center contractors in Colombia, Mexico and the Philippines, including names and partial Social Security numbers.

In October of 2014, AT&T acknowledged that some of its Mexico call centers experienced a data breach. However, thousands of American customers may have had their Social Security numbers exposed and will only begin receiving notifications in the coming weeks. AT&T has said that all affected subscribers will be notified via mail and will be offered one year of complimentary credit monitoring and identity protection. 

RIPPLESHOT RESEARCH: THE TOP FIVE MOST COMPROMISED MCCs

In this week’s Rippleshot blog post, our research has put together the top five most compromised merchant categories in the U.S. At Rippleshot, we have seen over 60% of all payment cards that were stolen in the past year can be connected to five merchant category codes (MCC). Using Rippleshot’s unique data set, we’ve determined where cardholder information is being stolen and the resulting fraudulent spending.

SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.

 

New Call-to-action  

Topics: Data Breach Ripples