We may be enjoying those lazy days of summer right now, but identity thieves are proving that they never rest. Of the data breaches announced this past month, a few share a couple common themes: three out of four were caused by malware, and two were the result of an issue with a third party vendor.
Some breaches were on the smaller side, while others occurred in global corporations and affected millions—all, however, exposed the personal data of innocent individuals who now have to worry about who has control of their sensitive personal information.
Here are the recent data breaches that were making headlines in July 2017:
Any Verizon subscriber who has contacted Verizon customer service in the past six months may have been affected by a data breach; it’s believed that an estimated 14 million customers were impacted. Customer records were held on a server controlled by Israel-based Nice Systems and the data was available to anyone who guessed the simple web address. The exposed records included customer names, cell phone numbers, and account PINs–which is enough information to access anyone’s Verizon account. Other folders contained customers’ physical addresses, email addresses, account balances, and Verizon services the customer had.
Chris Vickery from the security firm UpGuard discovered the breach and noticed Verizon in late June. It took more than a week for Verizon to secure the data. Nice Systems and Verizon are both investigating the breach currently.
California Association of Realtors
A data breach was reported to the California Attorney General’s Office this month that affected a subsidiary of the California Association of Realtors—Real Estate Business Services (REBS). The organization’s store.car.org online payment system was infected with malware. When a user made a payment on the website between March 13, 2017, and May 15, 2017, personal information may have been copied by the malware and transmitted to an unknown third party.
Sensitive data that had the potential to be accessed included the user’s name, address, credit card number, credit card expiration date, and credit card verification codes. The malware has been removed and the organization is now using PayPal for payments.
Trump International Hotels Management
This month, Trump Hotels announced its third data breach in the past two years. KrebsOnSecurity created a timeline of all the breach events Trump Hotels has suffered in recent years and came to the conclusion that virtually anyone who used a credit card at a Trump property in the past two years has likely had their card data stolen.
In May, we wrote about a breach at Sabre Hospitality Solutions, a tech company that provides reservation system services for more than 36,000 properties. Trump International Hotels was impacted by that Sabre breach and it affected at least 13 Trump Hotel properties between August 2016 and March 2017.
Avanti Markets, a Tukwila, Washington-based company which provides food kiosks often found in company break rooms, was the victim of a data breach in July. Avanti’s kiosks can be found in 46 states and serve up to 1.6 million people, though at this time it is unclear how many people were affected. The company revealed that attackers utilized malware to gain unauthorized access to customer information from some kiosks.
Avanti says they are currently conducting an “extensive IT forensic investigation” to determine the extent of the attack, but it appears the malware was only active from July 2, 2017 until July 4, 2017. If a customer used a payment card on an infected kiosk, the malware may have compromised the cardholder’s full name, card number, and expiration date.
Check back next month to stay up to date on the most recent data breaches.