The Rippleshot Data Breach Blog

Data Breach Ripples: Week of September 1

Written by Zach Walker | Sep 10, 2014 10:50:00 AM

Get caught up with latest news regarding data breaches for the week of the September 1.

 

Home Depot Nearly a week after Brian Krebs first reported that the home improvement chain had likely suffered a data breach, Home Depot confirmed that its card systems were compromised affecting customers in the United States and Canada. At this time, it's unknown how many cards have been affected by this data breach, however Home Depot says that it is currently investigating all transactions going back as far as April of 2014. Many security experts believe that this data breach could be even larger than the Target breach which compromised over 40M bank cards. At this time, Home Depot is offering free identity protection services, including credit monitoring to any affected customer of the data breach.

Bartell HotelsOn September 3, SC Magazine reported that the San Diego hotel chain had suffered a data breach at five of its San Diego locations. Initial reports indicate that roughly 50,000 guests who stayed at the compromised locations may have had their payment card data along with names used for the reservations. Bartell Hotels released a statement informing guests of the hotel chain that the breach window lasted between February 16 and May 13 of 2014. President of Bartell Hotels, Richard Bartell stated that an investigation is currently ongoing and urges any customers affected by this data breach to monitor their credit reports.

Healthcare.Gov – On September 4, the Wall Street Journal first reported a story indicating that the U.S. government healthcare had been hacked. The initial story reported that while a hacker was able to upload malicious software into the Healthcare.Gov systems, no personal data was compromised or stolen as the attack only affected test servers according to Medicare spokesperson Aaron Albright when asked by the New York Times. While large organizations, especially federal entities, are the targets of cyber attacks nearly every day, this security breach has experts worried due to the nature of the security vulnerability. According to Albright, the test servers should not have been able to connect to the Internet, and that the manufacturer's password for access had never been changed from the default password.

JPMorgan Corporate ChallengeIn last week's edition of Data Breach Ripples, we discussed the security breach that occurred at the bank's computer systems. At that time, JPMorgan Chase was working with the FBI and law enforcement agencies to determine the scope of the breach and if any of the bank's customers were affected. In an unfortunate series of events,at least 500 JPMorgan Chase employees that registered on the company's Corporate Challenge website, noting “suspicious server activity involving some login information." JPMorgan Chase said in their statement that while no financial information was compromised in the breach, passwords and contact information including name, mailing address and email address may have been compromised. At this time, the bank is recommending that those affected change their passwords to prevent unauthorized access on other websites that share the same password.

California State UniversityIn a report issued by California State University officials, the university's information security team discovered a security breach in a web server that was used to store the personal information both university employees and students. Approximately 6,000 employees and students at California State University East Bay were notified that their personal information may have been compromised in a breach a year ago. Initial reports indicate that while no financial information appears to be compromised, the university is reporting that full names, Social Security numbers and mailing addresses appear to have been copied during the attack. The university reached out to the affected individuals with written notifications and is offering all who were affected, a year of complimentary credit monitoring.

 

Stay tuned for next week’s Data Breach Ripples and to get caught up in last week’s news, click here.