January 15, 2016

Share Everywhere

Recent Data Breach Roundup: December 2015 Security & Data Breaches

Worried that you may have been affected by a recent data or security breach? Don’t worry, we have a roundup of recent data breaches — and you can check back at the beginning of every month for more updates.

Here are the top breaches that were making headlines in December:

Hello Kitty

Coming on the heels of the previous month’s VTech breach, parents were given another reason to worry about their kids when Sanrio revealed their popular online sites for Hello Kitty and other characters were breached. A security researcher discovered a leaked database of user accounts for Sanriotown.com, Hellokitty.com, and Mymelody.com. Data found included full names, birth dates, e-mail addresses, passwords, and password reset questions/answers.

Sanrio says the “security glitch” has been fixed, but the damage has been done — about 3.3 million user accounts were compromised, many of which belonged to users under the age of 18.

Hyatt Hotels

During the week of the Christmas holiday, Hyatt Hotels announced that it had found malware on company computers that were used to process customer payments. Though the entire Hyatt Hotels’ portfolio encompasses 627 properties in 52 countries, the breach is believed to have affected only the 318 properties that are directly managed by Hyatt — not any of their franchise locations.

The company has launched a security probe, but at this point, they still aren’t sure if hackers actually stole any information.

“Hyatt has taken steps to strengthen the security of its systems, and customers can feel confident using payment cards at Hyatt hotels worldwide,” said the company in a statement.


Gyft, a digital gift card retailer that allows customers to buy and use gift cards entirely from their mobile devices, confirmed hackers were able to steal usernames and passwords for a

subset of their customers. The company claims that their platform was never breached, however, and blames the issue on an unnamed third party.

The percentage of affected users is believed to be in the “high single digits” and the company has already forced a password reset for those accounts.


BuzzFeed News recently uncovered a series of attacks in December that targeted Fitbit, the company that produces popular wearable fitness devices. Using leaked e-mail address and passwords from third-party websites, hackers got into Fitbit accounts. From there, they changed details and tried to order replacement items under the user’s warranty. Though they also had access to user GPS information, it currently appears that they were only interested in defrauding the company.

24 specific cases have been uncovered by BuzzFeed News, but Fitbit is refusing to provide any information as to how many users may have been affected; they insist it is a “small proportion.”

Check back at the beginning of February to stay up to date on the most recent data breaches.

Image courtesy of Flickr user Torkild Retvedt.

Follow Me

Heidi Daitch

Director, Strategic Programs at IdentityForce
Heidi is a busy working mom who juggles many of the same responsibilities and challenges at home and at work - a long list of things to do and not enough time to do everything. With so little time, Heidi tries hard to find simple, but effective strategies to save time for what’s really important – spending time with her family.
Follow Me

Join The Discussion

Your email address will never be published.