The Rippleshot Data Breach Blog

Data Breach Ripples: Week of October 2

Written by Zach Walker | Oct 2, 2015 6:00:00 PM

In this week's issue, a potential card breach is being investigated at Hilton Properties, mobile payments data breaches continue to grow, T-Mobile announces a data breach, a former CVS employee steals the personal information of 55K Members and for this week's Rippleshot content, we start our two-part blog series on cybersecurity and foreign affairs.

Banks: card breach at hilton hotel properties

Hilton Worldwide is currently investigating a potential card breach after five different financial institutions discovered fraud on payment cards used at Hilton properties. First reported by Brian Krebs of KrebsOnSecurity, point-of-sale (POS) terminals located in gift shops and restaurants at Hilton Hotels and other Hilton-owned properties have been compromised, stealing the payment information of hotel guests and visitors. Hilton Worldwide has not acknowledged if a data breach has occurred but is currently looking into the matter. The financial institutions that reached out to Brian Krebs have indicated that the breach could go as far back as November of last year. 

Mobile payments data breaches will continue to grow

A recent survey focusing on mobile payments has painted a bleak picture for consumers who choose to use their mobile device to make transactions. The Information Systems Audit and Control Association (ISACA) released the 2015 Mobile Payment Security Study, surveying more than 900 cybersecurity experts and professionals to better understand consumer behavior and perceptions surrounding mobile technology. In the survey, 87 percent of respondents expected to see an increase in mobile-payment data breaches over the next 12 months. Despite the consensus between cybersecurity professionals, 42 percent indicated that they had used a mobile payment platform to make a purchase.

 With the recent launch of Samsung Pay, we break down four of the most well-known mobile payment platforms and the impact each would have on fraud. 

Hacker steal personal information of 15 million t-mobile customers

Yesterday afternoon T-Mobile announced that its credit partner, information services company Experian, suffered a data breach compromising the personal information of T-Mobile’s customers. Experian notified T-Mobile that a data breach had occurred on Experian’s systems, compromising the personal information of 15 million T-Mobile customers. This group includes new T-Mobile applicants that required a credit check for service or financing for a device from September of 2013 through September of this year. According to Experian, no payment information was compromised in the breach. In a statement by T-Mobile CEO John Legere, it appears that sensitive information such as driver’s license or passport numbers and Social Security numbers were stolen in the breach.

CVS Employee  STEALs Data on 55k Molina Healthcare members

Molina Healthcare is in the process of notifying roughly 55,000 current and former members that their personal information has been compromised following a data breach involving a former CVS employee. Molina Healthcare uses CVS as its over-the-counter (OTC) benefits vendor and was notified by CVS on July 20 that an incident occurred when a former CVS employee took the personal information from a CVS computer and transferred it to his personal computer. In a statement issued by Molina Healthcare, it appears the former employee stole the personal information with the intent to fraudulently acquire OTC medication from various CVS locations. At this time, there has been no indication that the affected Molina Healthcare members have experienced any fraudulent transactions related to the breach.

Rippleshot Content: Cybersecurity and foreign affairs - part one

In 2014, consumers saw some of the more recognizable brands fall victim to data breaches, compromising the personal and payment information for hundreds of million of Americans. This year, it appears that fraudster and cybercriminals have turned their sights to government agencies such as the Office of Personnel Management (OPM) and the Internal Revenue Service. For this week’s Rippleshot content, we’re bringing you the first part in our two-part series on cybersecurity in the United States and how foreign affairs hamper the U.S. government’s ability to protect its interests. This week, we look at the relationship between the U.S. and Russia, covering cyberattacks that targeted American businesses and government agencies.

SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.