The Worst Security SNAFUs This Year (So Far)

From denial-of-service attacks to cyber-espionage to just plain old human flubs, network security SNAFUS abound.

1 2 Page 2
Page 2 of 2
  • Restaurant chain P.F. Chang’s said that customer debit and credit card numbers had been stolen from stores, adding they learned of it through the secret Service. The cause, still under investigation, may be malware-infected point of sale terminals; P.F. Chang’s said it was switching to old-fashioned manual processing of customer card information at its restaurants.
  • A hacker group calling themselves “Rex Mundi” broke into Domino's Pizza’s network, grabbing the names, addresses, phone numbers, e-mail addresses, passwords and even favorite pizza toppings of about 592,000 French and 58,000 Belgian customers which were posted on the Pastebin site. The hackers indicated they had demanded 30,000 Euros from Domino’s to not post the information, but Domino’s refused to pay it.
  • The Montana Department of Public Health and Human Services said a department server containing 1.3 million records on client information, including names, addresses, births dates, Social Security numbers and clinical information, had been broken into by hackers. It was unclear whether data had been extracted.
  • Butler University in Indiana said personal information related to up to 160,000 students, faculty and alumni was put at risk because of a data breach tied to a suspect in California who had a flash drive with Butler employees’ personal information, including birthdays, Social Security numbers and bank account information.
  • Long Island-based radiology practice NRAD Medial Associates said it discovered that an employee radiologist had accessed and acquired protected health information from NRAD’s billing systems without authorization. The breach was estimated to be 97,000 records of patient names and addresses, dates of birth, Social Decurity information, health insurance, and diagnosis information. NRAD’s public statements indicate the employee no longer works there.
  • An estimated 233,000 records of individuals were compromised, including Social Security numbers and payment information, after hackers exploited a vulnerability in systems belonging to Paytime, Inc. the Mechanicsville, Pa., payroll company disclosed.
  • American Express was informed by the Secret Service that several large files containing personal information amounting to almost 76,608 American Express account records were posted on Internet sites by individuals claiming to be associated with the worldwide hacking collective Anonymous. AmEx said it was working to prevent a similar compromise.
  • Microsoft commandeered part of an Internet service provider’s networks in order to shut down a criminally-operated botnet based on malware known as Bladabindi-Jenxcus. But the Nevada-based company, No-IP (a DNS provider owned by Vitalwerks) complained Microsoft’s actions interfered with customers that had nothing to do with the botnet. Microsoft admitted it made a technical error, admitting some No-IP customers “whose devices were not infected by the malware experienced a temporary loss of service.” Microsoft and Vitalwerks later reached a settlement related to the subdomains used to control the malware.
  • Code Space, a hosting provider on Amazon EC2 used by organizations for project management and development needs based on Subversion and Git, was forced to close down after attackers first slammed them with a denial-of-service attack to demand ransom—and then wiped out most of their customer-held code when they refused to pay it.

This story, "The Worst Security SNAFUs This Year (So Far) " was originally published by Network World.

Related:
1 2 Page 2
Page 2 of 2
NEW! Download the Spring 2018 digital edition of CIO magazine