Data breaches happen all the time, but the Equifax breach in September definitely put an enormous spotlight on what can happen when our personal information is not protected properly. Unfortunately, October brought more news of breaches—resulting in even more consumers feeling violated.
In October, we learned that the biggest data breach ever was even larger than initially reported. We also saw a technology company that found out it was breached five years ago, a global pizza company’s website and mobile app fall victim to hackers, and the second breach in less than two years at a major hotel chain.
Here are the recent data breaches that were making headlines in October 2017:
It’s not uncommon for companies to go months without realizing they’ve been breached, but a popular blog commenting tool—Disqus—revealed in October 2017 that it just found out its systems were breached five years ago. And Disqus did not make that discovery through its own efforts—the website Have I Been Pwned? contacted the company on October 5 to call attention to the exposed user information it had found.
Stolen data included user email addresses, user names, sign-up dates, last login dates, and hashed passwords using SHA1 with a salt. Disqus posted a statement on its website on October 6 and confirmed that a “snapshot” of its database from 2012—which included information dating back to 2007—was exposed. It has not found any evidence of unauthorized logins, but has reset passwords and will continue to investigate what happened.
There’s good news and bad news about the data breach information that came out about Yahoo during October. The good news? There hasn’t been a new breach (that anyone knows of). The bad news? The 2013 breach that was revealed in December 2016 was actually a lot worse than initially reported. At the end of 2016, the public was told that “more than 1 billion user accounts” may have been impacted. This month, however, we found out the true scope of the Yahoo data breach: each and every customer account—that’s a total of 3 billion—was compromised. And, unfortunately, all investigations into the breach have come up short—no one knows who was behind the invasion.
Ready for a bit of déjà vu? In our December 2015 data breach roundup, you may remember reading about a breach that impacted the payment systems of the Hyatt Hotels chain. Hackers have found their way in again and in October, Hyatt announced the discovery of unauthorized access to customer payment card information.
If you used a credit or debit card at the front desk of a Hyatt between March 18, 2017 and July 2, 2017, you may have had your card information stolen. Of the 41 affected properties in 11 different countries, it appears that only five in the U.S.—three in Hawaii, one in Puerto Rico, and one in Guam—were targeted. A full list of Hyatt properties impacted by the breach can be found on their website.
Online ordering technology has made it even easier to get a pizza delivered to your house in 30 minutes or less, but as some Pizza Hut customers found out in October, there can be other major drawbacks. On October 14, 2017, Pizza Hut emailed 60,000 of its customers to notify them that the company’s website and mobile app had been compromised during a 28-hour period from the morning of October 1 until mid-day on October 2.
The company says it detected the intrusion quickly, but in the two weeks it took to notify customers, some publicly complained that their bank accounts were already drained. Stolen data included full names, billing ZIP codes, delivery addresses, email addresses, and payment card information.
Check back next month to stay up to date on the most recent data breaches.