The Rippleshot Data Breach Blog

Data Breach Ripples: Week of May 01

Written by Zach Walker | May 1, 2015 6:00:00 PM

In this week's issue: SendGrid suffers a data breach, Best Buy will begin accepting Apple Pay starting this year, Adobe Systems plans to settle its class action lawsuit, banks are losing up to $100k/hr due to improved DDoS attacks and for this week, we take a look into the expected increase in fraud once the U.S. makes the shift to EMV payment cards.

EMAIL DELIVERY SERIVCE, SENDGRID, CONFIRMS DATA BREACH

Colorado-based email delivery service, SendGrid, confirmed that the company suffered a data breach earlier this year. According to the company, a SendGrid employee’s account was compromised allowing unauthorized access into customer and employee accounts. On April 09, The New York Times reported that SendGrid had been targeted by hackers, compromising one of SendGrid’s bigger clients, Coinbase. Shortly after, SendGrid addressed the security incident on their blog, claiming that “only a single SendGrid customer was compromised.”

Earlier this week, SendGrid published another blog post providing more insight into the security incident in question. With the help of law enforcement and cybersecurity professionals, SendGrid was able to determine that usernames, email addresses and passwords for SendGrid employees and customers.

BEST BUY SHIFTS TO APPLE PAY OVER MCX

As Apple Pay continues to pick up steam and encourage iPhone 6 users to transact with Apple Pay, a major retailer recently signed on to accept Apple Pay at the register. Best Buy announced that the retailer will start accepting Apple’s mobile wallet this year. Currently, Best Buy is only accepting Apple Pay on the retailer’s mobile app, but will implement NFC-compatible terminals into physical stores by the end of the year.

Best Buy will be unable to accept Apple Pay in stores until the retailer’s exclusivity deal with Apple Pay competitor MCX expires this summer. Best Buy was one of the founding retail members behind MCX and with the news of Best Buy jumping ship to Apple Pay, many are concerned with MCX’s future. On Wednesday, news broke that MCX’s CEO Dekkers Davidson will be leaving MCX to explore “other opportunities.”

ADOBE PLANS TO SETTLE DATA BREACH LAWSUITS

Computer software company, Adobe Systems, is looking to settle a class-action lawsuit stemming from data breaches dating back as far as 2013. When Adobe first announced that the company had suffered a data breach, the 38 million compromised users was unheard of and it was later determined that roughly 3 million payment cards were exposed as well.

Fast-forward two years and Adobe Systems has agreed to settle the class-action lawsuit filed against the company in return for all related claims to be dismissed. According to security experts with knowledge on the case, Adobe is pursuing a similar avenue as Target and their respective class-action lawsuit. Due to Adobe’s vast software offerings, settling this lawsuit out of the courts may prove benficial to the software company.

BANKS LOSE UP TO $100K/HOUR TO SHORTER, MORE INTENSE DDoS ATTACKS 

As cybercriminals look to new attack methods and means of network intrusion, the tried and true Ethernet_Cord-1methods continue to get stronger. Distributed denial of service (DDoS) attacks target online services by sending large amounts of web traffic from various sources with the intent of disabling or limiting access to the affected site. Originally considered a nuisance for organizations of all sizes, DDoS attacks have morphed into a much larger concern.

According to a Neustar study, DDoS attacks on banks and financial institutions can cost up to $100,000 an hour for most banks that were able to quantify the impact. Of the surveyed financial services firms, more than one third reported higher costs. Those costs became harder to define when additional factors such as brand reputation and customer trust are included in the equation, all of which play a factor into a bank’s operating capabilities.

RIPPLESHOT CONTENT: HOW WILL EMV ADOPTION INCREASE CARD FRAUD IN THE U.S.?

In this week’s Rippleshot blog post, we take a look at the expected increase in fraud leading up to EMV adoption here in the United States. As more and more cardholders in the U.S. received their chip-enabled cards, fraudsters will scurry to make as many fraudulent transactions with compromised cards before it’s too late. See how countries like the U.K. and Canada were impacted by the adoption of EMV technology and how fraud shifted from card present to card not present transactions.

SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.