October 25, 2016

Share Everywhere

Recent Data Breach Roundup: October 2016

Most Americans spent October caught up in election fever, paying attention to all the latest news from the opposing sides. However, while we’ve all been focused on the future of our country, hackers have still been hard at work and looking for ways to break into the private systems of many different companies.

Here are some of the recent data breaches that were making headlines in October 2016:

Modern Business Solutions

Modern Business Solutions, a data storage provider in Austin, Texas, had at least 58 million customer records stolen in a recent breach. The information was posted on file-sharing website MEGA twice by Twitter user @0x2Taylor, but quickly taken down each time. After that, it was released again on a smaller file-sharing site. It was unclear originally where the information had been stolen from, but security experts back-tracked and found Modern Business Solutions had been the victim of the breach.

The stolen information included full names, IP addresses, dates of birth, e-mail addresses, vehicle data, and occupations. After Modern Business Solutions was notified of the breach, the database was either secured or its simply no longer accessible. The company never responded to the individuals who notified them and have not spoken publicly yet about the breach.

Weebly

Weebly, a popular DIY website creator, notified all of their customers — over 43 million people — about a data breach that occurred earlier this year in February. The company was only just recently notified of the breach, but once it was discovered, they acted quickly to repair the damage. Compromised data includes usernames, passwords, e-mail addresses, and IP information. The company doesn’t store full credit card numbers on its servers and don’t believe that type of information was taken.

Weebly uses salted bcrypt hashing to protect passwords, so the hackers could not target customer websites. The company is contacting customers directly to initiate password resets and has implemented a few other new security measures, as well.

Vera Bradley

Luggage and handbag designer Vera Bradley was targeted in a recent data breach. In October, it announced that it had launched an investigation into fraudulent activity in its retail stores between July 25 and September 23, 2016. The company said it found unauthorized access to its payment system and the installation of a program that looked for payment card data. The program was designed to steal card numbers, cardholders’ names, expiration dates, and internal verification codes. This affected only individuals who purchased items in retail stores — online purchases were not included.

The company has worked with a computer security firm to remove the program and improve its security for the future. Customers who may have been affected were encouraged to be vigilant in monitoring their accounts for any possible fraudulent activity.

National Payment Corporation of India

The National Payment Corporation of India (NPCI) revealed that 32 lakh debit cards across 19 Indian banks may have been compromised. The fraud was detected when the NPCI received complaints from banks, primarily in the U.S. and China, that customer cards were used illegally. At this time, they believe only 641 customers were affected. Experts think this breach can be attributed to a malware attack that likely began at an ATM.

Banks advised customers to change the debit card PINs; if they weren’t able to contact a customer, they blocked their card and issued a new one.

Check back next month to stay up to date on the most recent data breaches.

Heidi Daitch

Chief Strategy Officer at IdentityForce
Heidi is a busy working mom who juggles many of the same responsibilities and challenges at home and at work - a long list of things to do and not enough time to do everything. With so little time, Heidi tries hard to find simple, but effective strategies to save time for what’s really important – spending time with her family.

Join The Discussion

Your email address will never be published.