The Rippleshot Data Breach Blog

Data Breach Ripples: Week of June 26

Written by Zach Walker | Jun 26, 2015 6:00:00 PM

In this week's issue: the Montefiore Health System suffers a data breach, the Office of Personnel Management  data breach went undetected for a year, 15-30 percent of eCommerce sites infected with CISM, a potential breach at Hershey Park may have occured, and in this week's Rippleshot blog post, we take a look at data breaches and small businesses.

Montefiore Data breach exposes phi for more than 12k patients

Over 12,000 patients of the Montefiore Health System have had their personal and patient information compromised in a 2013 data breach. According to Montefiore, a former employee stole patient names, mailing addresses, dates of birth, Social Security numbers and other protected health information (PHI) between January and June of 2013. The hospital launched a forensic investigation after being alerted of a potential theft from an outside source. At this time, Montefiore is in the process of notifying all of the patients affected by the data breach and will be offering identity theft and credit monitoring services.

OPM data breach undetected for a year, possibly as many as 32 million affected

The data breach that affected the Office of Personnel Management, recently disclosed by the U.S. government appears to be more severe than initially let on.  It seems every week; new information becomes available, shining light on the details of the security incident. Last week, The Washington Post stated that the data breach went undetected for over a year. 

On Wednesday, OPM Director Katherine Archuleta spoke in front of the House Oversight and Government Reform Committee during a hearing to discuss the details of the breach. Archuleta did not provide an exact figure of affected personnel in the data breach but was pressed on the possibility that 32 million current and formal federal employees could have their personal information compromised.

Study: 15-30 percent of ecommerce site visitors infected with cism

A recent study put together by online security firm Namogoo identified that a surprising amount of eCommerce site visitors are infected with a strain of client side injected malware (CISM).  In Namogoo's latest white paper, fifteen to thirty percent of visitors of the most popular travel and eCommerce sites were affected by malicious software disguised as false ads. Namogoo identified on average 200 new injector signatures daily, totaling over 25,000 injector signatures, highlighting the risks of potential revenue loss for businesses.

Hershey Park Investigates Card fraud and potential breach

One of the most well known amusement parks and resorts has hired a cyber security firm to investigate a potential data breach involving payment cards used at the resort. Hershey Park in Hershey, PA has received reports of fraudulent activity occurring on several of its customers’ payment cards after visiting the resort.  KrebsOnSecurity sources from multiple financial institutions have seen suspicious activity involving cards that transacted at various Hershey locations at the resort between March and May of this year.  

Stay tuned as more information becomes available. 

Rippleshot Content: Data breaches and small businesses

This week, we take a look into the risks small businesses face when impacted by a data breach. Unlike in 2014, dubbed the “year of the data breach” where big retailers were breached, we’re now seeing smaller businesses targeted by cybercriminals. Covering everything from the short and long-term consequences of a data breach to available options businesses have to fight cybercriminals and reduce the impact of a data breach. To read more about this week’s Rippleshot blog post, click here

SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.