Data Breach Ripples: Week of July 24

Posted by Zach Walker on Jul 24, 2015 1:00:00 PM
Find me on:

DBR-Email-Header-4215

In this week's issue: the UCLA Health system was breached, Ashley Madison confirms that its been hacked, it appears more retailers have been breached due to a third-party vendor, the FTC is going after LifeLock for poor data security and in this week's blog post, liberal card re-issuance is costing financial institutions due to data breaches.

UCLA Health System suffers data breach

Last Friday, news broke that the University of California, Los Angeles’ (UCLA) Health system had suffered a data breach, compromising the information of roughly 4.5 million patients. On May 5, UCLA Health determined that unauthorized access on its network occurred, putting the personal and protected health information (PHI) of 4.5 million individuals at risk. In a statement by UCLA Health , the Federal Bureau of Investigations has been notified of the security incident and is working with UCLA Health to determine the scope of the attack. 

In 2008, UCLA Health dealt with another data security incident involving employees accessing and selling the protected health information of celebrities that received medical treatment at the hospital.

Ashley madison site hacked

Monday morning, millions of adults in North America woke up to unsettling news. The online pro-adultery website, AshleyMadison.com, announced that the personal information of its 37 million users was stolen by a hacker or group of hackers identifying as The Impact Team. When reached for comment by Brian Krebs of KrebsOnSecurity, Avid Life Media (ALM) confirmed that The Impact Team is threatening to release the stolen information if AshleyMadison.com and EstablishedMen.com, two of ALM sites are not shut down.

The Impact Team is claiming that ALM’s $19 “full delete” feature does not actually remove all of a AshleyMadison.com user’s personal information and for that, is willing to expose the 37 million North American adults on the site.

Walmart, costco, rite-aid, cvs and more share identity theft woes

Last week, we briefly touched on a developing story involving Walmart Canada and it’s online photocentre. As more information became available regarding the Walmart Canada breach, a third-party host of online photo sites, PNI Digital Media was linked to the Walmart Photocentre. On PNI’s investor relations page, which was shortly taken down afterwards, Sam’s Club, Costco, Tesco, CVS and Rite Aid were all listed as clients of PNI. Since then, Sam’s Club, Rite Aid, Costco have all issued statements that their customers’ data may have been compromised. 

This is another example showing how important it is for organizations to ensure that their third-party vendors follow data security practices. In 2014, Signature Systems, a third-party vendor suffered a data breach that affected 104 small businesses across the U.S.

Feds go after lifelock, alleging poor data security

The Federal Trade Commission (FTC) accused LifeLock on Tuesday of violating a 2010 settlement between the company and 35 state attorneys general regarding the company’s poor data security standards. The FTC believes that LifeLock allegedly deceived its over 3 million subscribers about how secure their data truly is and how it was going to be held. Currently, LifeLock offers identify fraud protection services for those that have been affected by data breaches or other forms of identity theft. Since the rise of these rampant data breaches, the FTC has taken on the un-official role of the U.S. government’s cybersecurity arm when it comes to protecting the interests of consumers. LifeLock and the Federal Trade Commission will now head to court to as many security professionals follow the case with eager anticipation.

Rippleshot Content: HOW REACTIVE CARD RE-ISSUANCE IS COSTING YOU MONEY (AND CUSTOMERS)

For this week’s Rippleshot blog post, we look at how financial institutions face a daunting task of re-issuing compromised payment cards after a data breach while not disturbing their cardholders while also protecting themselves from fraudulent charges. Fraud analysts have been forced to re-issue compromised cards liberally after a data breach in an attempt to curtail future fraudulent spending. However, cardholders find this to be a major inconvenience and often decide to never activate the replacement card. In this blog post, we compare the costs and benefits of re-issuing payment cards on a more frequent basis and attempting re-issue before fraudulent transactions can occur.

SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.

 

New Call-to-action  

Topics: Data Breach Ripples