As the country recovered from its election hangover in November, identity thieves were working ‘round the clock to steal our personal information. Now, the holiday season has officially begun — so be sure to keep an eye out for breaches like these, and other tricks and scams criminals may use to try and steal your identity while you shop for gifts or make charitable donations.
Here are the recent data breaches that were making headlines in November 2016:
In one of the biggest data breaches ever, information from 412 million accounts was stolen from Friend Finder Network Inc., which owns AdultFriendFinder and a handful of other X-rated adult websites. 300 million of the hacked accounts were from AdultFriendFinder, while the remaining 112 million came from Cams, Penthouse, Stripshow, and iCams. It’s believed that the AdultFriendFinder accounts represent 20 years of customer data. The information that was taken and made available in online criminal marketplaces includes e-mail addresses, passwords, VIP member status, browser information, last IP address to log in, and user purchases. Unlike the infamous Ashley Madison breach, this one did not include more sensitive information like full names, addresses, or credit card information.
Indiana County Government
In Madison County, Indiana, the local government’s computer network was infected with ransomware and held hostage. Ransomware lets hackers encrypt a system with a file that makes it impossible for users to access certain files without a decryption key — and, of course, they won’t give the decryption key up without being paid very well. Madison County was unable to access any county records, compromising almost all services in the area. County leadership ultimately had to make the decision to pay the ransom, though it’s unclear how much they had to hand over to the hackers. At this time, it does not appear that any data was lost and personal information was not stolen.
If you applied to a job with Cisco, your information may have been exposed due to a privacy hole that was discovered on the company’s “Professional Careers” website. An incorrect privacy setting made the personal information of job-seekers available between August and September 2015, and again from July to August 2016. Cisco doesn’t believe any of the information was stolen, but the exposed data includes names, addresses, e-mails, phone numbers, usernames, passwords, answers to security questions, resumes, cover letters, and voluntary information such as gender, race, veteran status, and disability information.
Madison Square Garden Company
The Madison Square Garden Company discovered a year-long breach after several banks noticed a pattern of fraudulent transactions that traced back its New York City venues. Investigators believe hackers installed malware, or malicious software, on the company’s payment processing system and successfully stole credit/debit card information from anyone who purchased food, drink, or other merchandise at the company’s properties between November 9, 2015 and October 24, 2016. Affected venues owned by the Madison Square Garden Company include: Madison Square Garden, the Theatre at Madison Square Garden, Radio City Music Hall, Beacon Theater, and Chicago Theater.
Presently, it’s unclear how many individuals are victims of this breach, but stolen information included payment card numbers, full names, expiration dates, and internal verification codes from the cards.
Check back next month to stay up to date on the most recent data breaches.