Data Breaches - W/E - 071417
14 Million Verizon Customer Records Exposed on AWS Server (07/12/2017)
Data on as many as 14 million Verizon customers was improperly stored on an Amazon Web Services (AWS) server, making it easily downloadable, according to a report by ZDNet. The exposed information included customers' names, cell phone numbers, and account PINs, which could be used to obtain access to a subscriber's account. Security firm Upload discovered the data on an unprotected Amazon S3 storage server controlled by Israeli tech company Nice Systems. The personal information was gathered from Verizon customer service logs compiled from January to June of this year. Some records also included customers' home addresses, e-mail addresses, account balances, and additional data. Verizon confirmed that personal data for 6 million customers was leaked online, but added that no loss or theft of customer information occurred.
Data on as many as 14 million Verizon customers was improperly stored on an Amazon Web Services (AWS) server, making it easily downloadable, according to a report by ZDNet. The exposed information included customers' names, cell phone numbers, and account PINs, which could be used to obtain access to a subscriber's account. Security firm Upload discovered the data on an unprotected Amazon S3 storage server controlled by Israeli tech company Nice Systems. The personal information was gathered from Verizon customer service logs compiled from January to June of this year. Some records also included customers' home addresses, e-mail addresses, account balances, and additional data. Verizon confirmed that personal data for 6 million customers was leaked online, but added that no loss or theft of customer information occurred.
Payment, Biometric Data Swiped in Breach at Avanti Markets (07/11/2017)
Avanti Markets has become aware of a breach incident on July 4 which was the result of a malware attack that affected kiosks at some locations. The notice stated, "At this point, it appears the malware was designed to gather certain payment card information including the cardholder's first and last name, credit/debit card number, and expiration date. In addition, users of the Market Card option may have had their names and email addresses compromised, as well as their biometric information if they used the kiosk's biometric verification functionality."
Avanti Markets has become aware of a breach incident on July 4 which was the result of a malware attack that affected kiosks at some locations. The notice stated, "At this point, it appears the malware was designed to gather certain payment card information including the cardholder's first and last name, credit/debit card number, and expiration date. In addition, users of the Market Card option may have had their names and email addresses compromised, as well as their biometric information if they used the kiosk's biometric verification functionality."
Sabre Hospitality Breach Widens as Hard Rock, Loews, Trump Hotels Are Affected (07/11/2017)
A data breach emanating from the third-party hotel reservation system Sabre Hospitality Solutions' Synaxis has affected Hard Rock Hotels & Casinos, Loews Hotels, and Trump Hotels. Sabre said in a statement that "an unauthorized party accessed certain payment card information for a limited subset of hotel reservations processed through the SHS reservation system." Trump Hotels issued a statement to say that payment cards used at some of its locations had also been breached. The breach was first disclosed on May 2 and had occurred between August 2016 and March 2017.
A data breach emanating from the third-party hotel reservation system Sabre Hospitality Solutions' Synaxis has affected Hard Rock Hotels & Casinos, Loews Hotels, and Trump Hotels. Sabre said in a statement that "an unauthorized party accessed certain payment card information for a limited subset of hotel reservations processed through the SHS reservation system." Trump Hotels issued a statement to say that payment cards used at some of its locations had also been breached. The breach was first disclosed on May 2 and had occurred between August 2016 and March 2017.
Theater Chain May Have Been Leaking Data for Two Years (07/11/2017)
KrebsOnSecurity has learned that B&B Theatres is probing a data breach of its credit card systems. Brian Krebs had received reports from several sources in the financial industry who warned that B&B, which owns a large theater chain in the US, had potentially been breached two years ago. He then contacted the company and received a notice that B&B was aware of the breach. B&B reported that while malware had been installed on its systems in 2015, Trustwave, who is conducting an investigation, has not determined if customer data was at risk from that point on or at a later date.
KrebsOnSecurity has learned that B&B Theatres is probing a data breach of its credit card systems. Brian Krebs had received reports from several sources in the financial industry who warned that B&B, which owns a large theater chain in the US, had potentially been breached two years ago. He then contacted the company and received a notice that B&B was aware of the breach. B&B reported that while malware had been installed on its systems in 2015, Trustwave, who is conducting an investigation, has not determined if customer data was at risk from that point on or at a later date.