November Breach Report
by Sarah Harvey / December 3rd, 2019
Every month there is headline after headline reporting about new data breaches. Whether it’s a ransomware attack, a negligent employee opening a phishing email, or a state-sponsored attack, millions of individuals are impacted by data breaches and security incidents on a regular basis. Let’s take a look at some of the top data breaches that occurred during November, how hackers compromised these organizations, and the lessons we can learn from them.
What Happened?
According to a November 7th press release from the Department of Justice, two former Twitter employees and a Saudi National have been charged with acting as illegal agents of Saudi Arabia. The former Twitter employees accessed various account information, including user emails, phone numbers, IP address information, the types of devices used, user-provided biography information, logs that contained the user’s browser info and logs of all particular user’s actions on twitter platform at any time, and they specifically targeted critics of the Kingdom of Saudi Arabia and The Royal Family.
Lessons Learned
While organizations rightfully focus on making sure that outside threats don’t impact their company, insider threats are equally important to focus on. In a statement regarding the Twitter data breach, FBI Special Agent in Charge John F. Bennett said, “Insider threats pose a critical threat to American businesses and our national security.” This also points to the dangers of foreign government involvement in American tech companies – something that U.S. Senator Bob Mendez (D-NJ) raised concerns about in a letter to Twitter’s CEO and to the U.S. State Department.
Macy’s
What Happened?
On November 14th, Macy’s notified their macys.com customers that the website was impacted by a Magecart card-skimming attack. The notice explains that the hackers inserted malicious code onto the website’s “Checkout” and “My Wallet” pages between October 7th and 15th. The compromised data included first names, last names, addresses, cities, states, zip, phone numbers, email addresses, payment card numbers, security codes, and month/year of expiration. Investigations into the incident are still underway; however, Macy’s has contacted all customers believed to have been impacted by the data breach and are offering affected users free 12-month subscriptions to Experian IdentityWorks.
Lessons Learned
Online shopping, while much more convenient to do, poses many threats to consumers and businesses alike. For businesses that sell products and services online, implementing a robust information security program must be made a priority, because customers expect the businesses they buy products and services from to secure their personal data, especially with large retailers like Macy’s. But consumers cannot solely rely on businesses to protect them against cyber threats. Instead, consumers should follow these six best practices for shopping online.
PayMyTab
What Happened?
On November 19th, cybersecurity researchers from vpnMentor disclosed a massive data breach at PayMyTab, a supplier of card and mobile payment terminals for US restaurants. According to the researchers, the data breach was caused by an unsecure AWS S3 bucket and occurred between July 2, 2019 to November 2019. The exact size and impact of this data breach has yet to be determined, but we do know that malicious hackers compromised sensitive PII and partial financial details, including customer names, email addresses, telephone numbers, order details, restaurant visit information, and the last four digits of customer payment card numbers.
Lessons Learned
S3 buckets are a major component of using AWS, but they’re also a major security concern. McAfee reports that 5.5% of all AWS S3 buckets that are in use are misconfigured and publicly readable. Why? S3 buckets are extremely complex, and anything that is complex is harder to secure. Randy Bartels, Vice President of Security Services at KirkpatrickPrice, comments, “AWS has an obligation to make it less complex, and users have an obligation to understand the complexity and make sane choices in setting up policies.” Make sure your S3 buckets are protected and align with best practices for AWS security by following these guidelines.
Louisiana Government
What Happened?
Happening just four months after a malware attack impacted several Louisiana school districts and caused the governor to declare a state of emergency, on November 18th, Louisiana’s Office of Technology Services discovered a ransomware attack that impacted some of the state servers. Affected offices included the Office of Motor Vehicles, Department of Children and Family Services, Department of Health, the Secretary of State’s office, and the Public Service Commission. According to a series of tweets from Governor Edwards, many of the outages were due to the state immediately implementing its incident response plan and taking extra precautions to prevent the spread of malware by taking other servers offline. Governor Edwards also confirmed that the state did not pay a ransom, and at this time, there is no anticipated data loss.
Lessons Learned
Local governments are facing growing cybersecurity threats and cunning hackers. While creating a thorough incident response plan is necessary to have a robust information security program, it shouldn’t be the only focus. Instead, local governments must implement information and cybersecurity best practices at the foundation of their organizations. They should also invest in proactive measures like cybersecurity awareness training programs for citizens and elected officials, using forensic services after incidents and breaches, conducting cybersecurity exercises, and undergoing vulnerability scanning and penetration testing.
At KirkpatrickPrice, we know that data breaches are only a matter of when, not if, they’ll occur, no matter what industry you’re in or the size of your company. That’s why we’re committed to offering a variety of quality, thorough assurance services to help keep your organization protected against creative and cunning hackers. Want to learn more about our services and how they can help you mitigate the risk of experiencing a data breach? Contact us today.
