As high-profile companies continue to experience data breaches in 2017, common attack vectors are emerging. A closer look at some of the worst breaches shows that employee negligence and weaknesses in point of sale (POS) systems are common problems. The success of cyberattacks on other companies should serve as a powerful lesson for your business. Examining these attacks may prevent your business from making some of the same mistakes.
Here are the details about 4 of the data breaches:
1) InterContinental Hotels Group (IHG)
In February 2017, IHG announced that servers at 12 of their hotels, including Holiday Inn, Crowne Plaza, and InterContinental, had been infected with malware that scanned for personally identifiable information. These servers were used to process on-site payments made at the hotels’ bars and restaurants.
According to ZDNet, a technology news provider, the breach was discovered after customers reported finding fraudulent charges on the cards they had used at the hotels. The stolen data included sensitive information, such as cardholder names, card numbers, expiration dates, and verification codes. The chain later learned that 1,200 hotels had been infected, including franchises.
2) Arby’s Restaurant Group
Arby’s was notified of a data breach in January 2017, but was prevented from announcing the incident by the FBI. A month later, KrebsOnSecurity reported that the breach affected payment systems in 1,000 corporate restaurants. The malware infection was discovered when the Public Service Credit Union (PSCU) received reports of compromised card numbers from Visa and Mastercard. The breach affected 335,000 cards. According to the Credit Union Times, 4 credit unions and the Michigan Credit Union League have launched class action suits against Arby’s in the wake of the attack.
3) UNC Healthcare
Not all breaches are the work of hackers. Negligence also presents an internal threat to sensitive data. University of North Carolina Healthcare sent 1,300 letters to prenatal patients informing them that their personal information was accidentally sent to local county health departments. Only information for Medicaid patients was supposed to be sent, but information from all the women who had completed pregnancy home risk screening forms was sent instead. The compromised information included patient names, addresses, races, ethnicities, Social Security numbers, and health information. Healthcare organizations are prime targets for hackers because medical data commands top dollar on the black market.
4) Chipotle Mexican Grill
Lately, Chipotle has been experiencing significant blows to its reputation, including news that it has suffered a major data breach.
The chain announced on its website that malware infected its POS systems in March and April 2017. The malware tracked payment card data through the magnetic strip on the cards. The Ocala StarBanner reported that a man used credit cards cloned with information stolen during the Chipotle breach to steal $17,000 from an ATM.
Reinforcing Your Security
Don’t let your business become the next victim. These breaches are only the tip of the iceberg, as cyberattacks are increasing in frequency, severity, and sophistication. Many of these breaches show how payment systems can be a point of vulnerability. Information stolen in these attacks can be used to commit financial and medical fraud or stage further breaches.
Finding the right provider for your data center and network will help you guard against cyberattacks and subsequent monetary and reputational losses. FirstLight has cloud and on-site offerings that improve your security profile. We offer both virtual and on-premises firewalls for protection against advanced threats. Our infrastructure as a service provides intrusion detection and prevention along with state-of-the-art monitoring.
With FirstLight as your partner, you can find peace of mind in a world of increasing risk.
Find out more about the safe and high-performing network services at FirstLight.