IdentityForce LogoIdentityForce Logo
Protect What Matters Most.
april data breach roundup
Posted on April 25, 2017 by in Identity & Privacy, Personal

Data breaches in April were a hodgepodge of all different types of incidents and industries. We saw an update to an earlier hotel breach (it’s much bigger than originally reported), a video game company ignoring a breach, another restaurant payment system infected by malware, and, as to be expected during tax season, an IRS breach tied to FAFSA.

Here are the recent data breaches that were making headlines in April 2017:

FAFSA: IRS Data Retrieval Tool

Up to 100,000 taxpayers may have had their personal information compromised in an identity theft scheme involving the IRS Data Retrieval Tool, which is used to complete the Free Application for Federal Student Aid (FAFSA). In March 2017, federal officials observed a potential data breach and made the call to take the tool down for the time being. The IRS said it shut down the Data Retrieval Tool because identity thieves that had obtained some personal information outside of the tax system were possibly using the tool to steal additional data.

Some questionable tax returns were filed by people who had used the tool, but those returns have already been stopped. Currently, the agency suspects that less than 8,000 fraudulent returns were filed, processed, and returns issued, costing $30 million. 52,000 returns were stopped by IRS filters and 14,000 illegal refund claims were halted as well. The IRS is sending out letters to taxpayers who may be impacted.

Intercontinental Hotels Group (IHG) 

You may remember that in February 2017, IHG—the company that owns popular hotel chains like Crowne Plaza, Holiday Inn, Candlewood Suites, and Kimpton Hotels—revealed that a data breach had affected 12 of its properties. It had discovered malware on servers that were used to process payments made at on-site restaurants and bars from August 2016 to December 2016; customer payment information had been compromised.

In April 2017, however, IHG made headlines again when it was announced that the breach was much larger than initially communicated to the public—100 times larger. Instead of 12 properties being breached, the true number was 1,200. IHG said the original 12 hotels they named were those that are directly managed by the company. The other hotels that have been added to the count are IHG-branded franchise properties and at the time, IHG didn’t know the full scope of the breach.


The Shoney’s restaurant chain, which operates across 17 states, was the victim of a data breach in April that affected 37 of its approximately 150 restaurants. KrebsOnSecurity originally broke the news of the breach on April 14, and Best American Hospitality Corp, the company that manages Shoney’s, confirmed the news a few days later. In a press release, it said that malware had been installed remotely on point of sale equipment that processed payment cards used at some of the restaurants. The malware was able to collect cardholder names, card numbers, expiration dates, and verification codes.

The first date of breach varies by restaurant location, but the time frame that the malware was active is believed to be December 27, 2016 through March 6, 2017. The list of targeted locations can be found in the press release issued by American Hospitality Corp; states on the list include Tennessee, South Carolina, Louisiana, George, Alabama, Mississippi, Virginia, Missouri, Florida, and Arkansas.

Fashion Fantasy Game

Fashion Fantasy Game, an online game and social network for fashion lovers, appears to have been breached—and the people behind it don’t seem to realize it yet (at the time of writing this). ZDNet published a story on April 20 calling out the game company for not acknowledging the breach yet, even though Troy Hunt of the website Have I Been Pwned noticed it a few days earlier.

According to, a database breach recorder, more than 2.4 million accounts from Fashion Fantasy Game were stolen in 2016—and the website vulnerabilities that allowed this to happen still appear to exist on the site. Currently, it’s unknown if the company is going to do anything to fix the problem, or if they’re just going to keep ignoring it.

Check back next month to stay up to date on the most recent data breaches.