The Rippleshot Data Breach Blog

Data Breach Ripples: Week of April 24

Written by Zach Walker | Apr 24, 2015 6:00:00 PM

In this week's issue: over 1,500 iOS apps are vulnerable to an eavesdropping exploit, data breaches have affected one in every four Americans, the Wall Street Journal takes an indepth look into how to protect one's corporate data, another POS vendor falls victim to a data breach, and in this week's Rippleshot blog post, we take a look at data breach prevention and data breach detection capabilities. 

1,500 APPLE APPS VULNERABLE TO EAVESDROPPING, RESEARCHERS FIND

Earlier this week, researchers found that roughly 1,500 applications for iPhones and iPads contain a security vulnerability that could allow hackers to intercept sensitive information. First discovered by researchers at SourceDNA, the vulnerability deals with a bug that would allow a hacker to bypass verification checks for HTTPS certificates.

Ars Technica estimates that two million people have installed the various affected apps, including Alibaba.com’s mobile app, Citrix’s OpenVoice Audio Conferencing, Revo Restaurant Point of Sale and many more. Concerned users and developers can use SourceDNA’s search tool to see if their applications are vulnerable.

DATA BREACHES AFFECT ONE IN FOUR AMERICANS

In a survey put together by the American Institute of CPAs (AICPA), one in four Americans were affected by a data breach, nearly double from a similar survey completed over a year ago. The AICPA survey polled more than 1,000 adult U.S. households and found that 82% of those surveyed have had to change their shopping behavior due to the catastrophic data breaches in the past year. When asked, 86% of the adults polled reported at least some concern about businesses’ abilities to safeguard their customer’s financial information.

FIVE SIMPLE STEPS TO PROTECT CORPORATE DATA

The Wall Street Journal sat down with information security experts, government officials and former cybercriminals in their journal report from this past Sunday. In the article, WSJ reporter Danny Yadron investigates five security topics that any organizations should be aware of and adhere to. Ranging from staying up to date on the latest security patches, to ensuring third-party vendors are following strict data security protocols.

See how other data security misconceptions can harm an organization in the short and long term.

ANOTHER POS VENDOR FALLS VICTIM TO DATA BREACH

Point-of-sale supplier Harbortouch Payments confirmed this week that the company had fallen victim to a data breach, compromising “a small percentage” of its merchant customers using Harbortouch POS systems. According to an ISMG source, financial institutions received fraud alerts from MasterCard and VISA with compromise dates ranging from March 10 to April 14, 2015. Harbortouch Payments says that it does not collect or store cardholder data but is in the process of determining which cards would be at risk for furture fraud.

RIPPLESHOT CONTENT: IS DETECTION THE NEW PREVENTION?

For this week’s Rippleshot blog post, we take a look into the shift from prevention software to detection softwar related to data breaches. With over 3 billion records compromised due to data breaches since 2013, more and more organizations are asking themselves not “IF” they will be breached, but “WHEN.” Many security experts believe that organizations today need both prevention and detection software in their suite of information security tools in order to best protect their customer’s personal and payment data.

SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.