The Rippleshot Data Breach Blog

Data Breach Ripples: Week of May 22

Written by Zach Walker | May 22, 2015 6:30:00 PM

 

In this week's Data Breach Ripples, 20 percent of security professionasl have seen their company hide a data breach, a mobile spy software company suffers a data breach, the Chicago Public Schools district exposed the personal information of 4,000 students, the St. Louis Federal Reserve suffers a DNS breach and for this week's Rippleshot content, we recap ISMG's Chicago Fraud Summit and how issuers, merchants and card networks view the upcoming EMV shift. 

20% OF SECURITY PROFESSIONALS HAVE SEEN THEIR COMPANY COVER UP A DATA BREACH

For many security professionals, the margin of error is so slim that cybercriminals only need to be right once to compromise an organization’s network systems. But when cybercriminals succeed, it forces security professionals into an unfamiliar position. In a recent survey conducted by AlienVault, 20% of security professionals surveyed reported either witnessing or been a part of a data breach that was kept hidden or covered up.

Due to the rapid growth in the Information Security industry, AlienVault believes that security professionals are often forced into situations where they have to navigate between following the correct legal course of action and protecting their organization following a security incident.

MOBILE SPY SOFTWARE MAKER HACKED, mSPY, DENIES CUSTOMER DATA LEAK

Last week, evidence indicating that a mobile spy software maker has suffered a data breach was presented to Brian Krebs of KrebsOnSecurity. The personal information of hundreds of thousands of mSpy’s customers had been posted on a web page, accessible only through Tor. When interviewed by BBC News, mSpy claims that while the company was the victim of a “predatory attack,” there is no indication that it’s systems had been compromised and data was stolen.

CHICAGO PUBLIC SCHOOLS CONFIRM DATA EXPOSURE OF 4,000 STUDENTS

On Tuesday, officials from the Chicago Public Schools confirmed that the personal data of roughly 4,000 students was exposed to five potential software vendors.  According to the CPS, the five companies were submitting proposals to work with Chicago schools and inadvertently provided them with the students’ information. After the CPS became aware of the mistake on March 24 and reached out to the potential vendors, the sensitive was destroyed following data privacy and security protocols.

ST. LOUIS FEDERAL RESERVE SUFFERS DNS BREACH

The St. Louis Federal Reserve sent out a message on Monday to the financial institutions it interacts with, indicating that it had been victim of an attack, targeting routing services at a domain name service (DNS) vendor used by the St. Louis Federal Reserve.  The St. Louis Fed will require individuals with user accounts to change their usernames and passwords to help prevent unauthorized access. At this time, the impact of the DNS breach is unknown, it appears that the St. Louis Fed’s website was unaffected by the breach and domain hijacking.

Be sure to check back for future updates on this story as more information becomes available.

RIPPLESHOT CONTENT: HOW ISSUERS, MERCHANTS AND CARD NETWORKS VIEW THE EMV SHIFT

The Rippleshot team had the pleasure of attending ISMG’s Fraud Summit here in Chicago earlier this week. Unsurprisingly, the topic on everyone’s minds and mentioned in almost every single panel was the impending shift to EMV in the coming months and how that will impact card security moving forward.

 SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.