May 23, 2017

Share Everywhere

Recent Data Breach Roundup: May 2017

April showers are supposed to bring May flowers, but it looks like hackers never got the memo—instead, they just created a bouquet of all different data breaches for consumers and companies to worry about. Two organizations were impacted by payment system malware, a major email provider had to deal with a sophisticated phishing scam, and hospital patients learned that extremely personal information was leaked due to security issues with a third party vendor.

Here are the recent data breaches that were making headlines in May 2017.

Sabre Hospitality Solutions

A tech company that provides reservation system services for more than 36,000 properties disclosed a breach in May that allowed hotel customer payment information to be compromised. In Sabre Hospitality Solutions’ quarterly filing report, it mentioned the breach, but did not say when it happened or which locations were affected. As of right now, there are no further details available, but Sabre has said that the unauthorized access has been shut off and the company does not believe any other Sabre systems have been compromised.

Gmail

A Google Doc email phishing scam targeted Gmail users in May and it got a great deal of attention due to its sophisticated nature. Emails were made to look like they were from a user’s trusted contact and notified the individual that they wanted to share a Google Doc with them. Once clicked, the link led to Google’s real security page where the person was prompted to allow a fake Google Docs app to manage his or her email account. About 1 million Gmail users may have been affected, but Google says the scam was only active for one hour before they stopped it.

Bronx Lebanon Hospital Center

This month, it was discovered that at least 7,000 patients who visited the Bronx Lebanon Hospital Center in New York between 2014 and 2017 may have had extremely personal information compromised, including medical diagnoses and domestic violence reports. The HIPAA-protected medical records were exposed in a data breach due to a misconfigured Rsync backup server hosted by a third party, iHealth. In addition to medical diagnoses and domestic violence reports, leaked information has been reported to include names, home addresses, religious affiliations, addiction histories, mental health diagnoses, HIV statuses, and sexual assault reports. Once the breach was detected, the hospital and iHealth took immediate steps to protect the exposed data.

Brooks Brothers

In May, the popular upscale men’s fashion retailer revealed a breach that affected some of their retail stores and outlets between April 4, 2016, and March 1, 2017. The exact store locations have not been named yet, but a forensic investigation showed an unauthorized individual installed malicious software on some payment processing systems that was capable of collecting payment card information. Brooks Brothers said the issue has been resolved but did not provide any other details upon announcing the breach.

Check back next month to stay up to date on the most recent data breaches. 

Heidi Daitch

Chief Strategy Officer at IdentityForce
Heidi is a busy working mom who juggles many of the same responsibilities and challenges at home and at work - a long list of things to do and not enough time to do everything. With so little time, Heidi tries hard to find simple, but effective strategies to save time for what’s really important – spending time with her family.