In this week's issue, two Kalahari Resorts were hit by a data breach, the state of Georgia is offering identity protection to six million victims, most organizations still have a lacking data breach response plan, a strain of payment malware affects restaurants in seven States, and for this week's Rippleshot content,
A Wisconsin-based hotel group announced that its Ohio and Wisconsin resorts have been the target of a point-of-sale (POS) data breach. Kalahari Resorts discovered that its two resort locations in Wisconsin Dells, WI and Sandusky, OH were the targets of an unknown intruder. A strain of malware was installed on the resorts' POS terminals, stealing sensitive payment data. In a statement by Kalahari Resorts, payment cards used at the resort restaurants, bars, and other locations were compromised between May 18 and November 9 of this year.
This is the second breach involving a Wisconsin Dells resort in recent history. Wilderness Resort announced last month that payment cards used to make reservations may have been compromised in a data breach.
Nearly a month ago, the state of Georgia acknowledged that it had illegally disclosed the personal information, including Social Security numbers, of more than 6 million registered voters. The sensitive information was provided to twelve organizations that subscribe to voter lists that are managed by the state. The secretary of state’s office will be providing credit monitoring and identity theft restoration services to all the affected Georgia voters. While the sensitive information was not given to unknown parties, the secretary of state’s office wanted to regain the trust of its constituents.
A new study shows that organizations have either implemented or improved on their data breach response plan in the last twelve months, but are still not confident in their plans. Experian has released their third annual Data Breach Preparedness Study with help from The Ponemon Institute, diving into a variety of topics surrounding data breach preparedness. In the study, 81 percent of companies that responded indicated that they had a data breach response plan, but only 34 percent of surveyed executives believed that their plans would be effective. Data protection training within organizations also appeared to be lacking, with half of survey respondents not providing appropriate training to new employees.
To download a copy of the study, click here.
On Tuesday, the parent company of a restaurant chain warned its customers that their payment information may have been compromised in a data theft. CM Ebar LLC, the parent company to Elephant Bar restaurants, was notified of a data security incident affecting its 29 restaurant locations. According to Nation's Restaurant News, a representative for CM Ebar stated that the data breach included twenty restaurants in California, three in Colorado, two in Arizona and one each in the remaining states that Elephant Bar operates in.
Could you imagine receiving a notice from your local bank or credit union, informing you that your card would be unable to transact with your payment card in over 27 states? Mitigating fraud and maintaining customer convenience shouldn’t have to be treated as mutually exclusive priorities. When consumers aren’t spending, everyone suffers. For this week's Rippleshot content, we discuss the possibility of a solution that doesn’t force financial institutions to decide between those two options. Research has shown that cardholders become discouraged, and abandon their payment cards when a transaction is declined.