Tag Archives: addresses

Breach Brief – SunTrust Bank

SunTrust Bank has reported a data breach that may have compromised the personal information of up to 1.5 million customers. According to reports the bank believes a former employee may have stolen customer information to give to a criminal third party.

SunTrust first became aware of improper access to customer records in February. An internal investigation implicated the ex-employee for the alleged theft. According to the Wall Street Journal the employee tried to print the records and share them with a “criminal third party.”

According to SunTrust the names, addresses, phone numbers and account balances of 1.5 million customers were breached. However the bank does not believe that Social Security numbers, account numbers, passwords, and driver’s license information were accessed. SunTrust also stated that there’s no indication that fraudulent activity has occurred with the affected accounts.

The bank has begun  the process of contacting customers whose info may have been compromised. SunTrust is also planing to provide free identity protection to all its customers whether they have been impacted by the breach or not. 

SunTrust customers can go to this website to see if they are affected by the breach.

The incident is under investigation and the bank continues to work closely with law enforcement and outside experts.

ALERT! Equifax Hit by Major Data Breach ALERT!

Equifax, one of the major credit reporting agencies, is the victim of a major data breach affecting over 140 million Americans.  The data lost includes names, Social Security numbers, addresses, birthdays and driver’s license numbers. In addition, credit card numbers of over 200,000 American consumers, and certain dispute documents with personally identifying information for another 182,000 U.S. consumers were also accessed. Equifax reports it has found no evidence of unauthorized activity on its consumer or commercial credit reporting databases.

The breach is considered so serious that Equifax is not only offering credit monitoring for those affected but potentially every American.

Equifax Chairman and CEO Richard Smith said in a statement that the breach was first discovered in July and had been ongoing since May.  According to Smith hackers “exploited a U.S. website application vulnerability to gain access.”

EquifaxSecurity2017.com website has been provided for information about the breach. A statement on the site said, “Regardless of whether your information may have been impacted, we will provide you the option to enroll in TrustedID Premier.”

Equifax has also set up a dedicated call center for consumers with additional questions at 866-447-7559. The call center is open seven days a week from 7:00 a.m.-1:00 a.m. EST.

TrustedID Premier is a service offering from Equifax which includes monitoring of not only it’s own records but that of Experian and Transunion as well. Equifax, Experian and TransUnion make up the big three credit reporting agencies. The service monitors for identity theft and performs Internet scanning for Social Security numbers. The service is free for one year. Using TrustedID Premier consumers also have the ability to lock and unlock Equifax credit reports and obtain identity theft insurance.  Recently Experian began offering a service that scans the dark web for personal information .

Equifax has stated that in addition to notifying law enforcement, it has teamed with a  “leading, independent cybersecurity firm” to investigate the breach but that company has not been named.  The company said their investigation is “substantially complete,” but will continue for a few more weeks.

In a closely related story it has been reported that Equifax executives sold shares in the company worth $2 million.

According to CNBC three executives of Equifax sold the shares days after the data breach was discovered.  The information was revealed in Securities and Exchange Commission filling.

The executives were named as Chief Financial Officer John Gamble Jr., Workforce Solutions president Rodolfo Ploder and U.S. information solutions president Joseph Loughran. The sale of the shares was done on the 1st and 2nd of August. The data breach was discovered by the company on July 29th.

According to Equifax the three executives, “had no knowledge that an intrusion had occurred at the time they sold their shares.”

The SEC declined to comment on the share sales.

Breach Brief – Wendy’s, Centene

Wendy's_logo_2012.svg

January 29, 2016

Wendy’s

Yet another point-of-sale system appears to have been hacked. Wendy’s fast food restaurant reports that its POS system has come under suspicion for a possible breach of customer card data.

Wendy’s spokesman Bob Bertini said, “We have received this month from our payment industry contacts reports of unusual activity involving payment cards at some of our restaurant locations. Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants. We’ve hired a cybersecurity firm and launched a comprehensive and active investigation that’s underway to try to determine the facts.” Bertini did not name the security firm that is working with Wendy’s

According to Krebs on Security the first reports of the suspicious activity on customer’s cards came from financial institutions in the mid-west. However reports have begun to surface from banks on the east and west coasts. Currently there is no information on how many restaurants are affected.

Krebs On Security first reported the incident and believes that the restaurant’s POS system may have been infected by malware that collected credit card numbers. Wendy’s is not alone when it come to this type of attack.  Other restaurants and retailers hit by this style of attack include Jimmy John’s, Landry’s, P.F. Chang’s, Dairy Queen, Chick-fil-A, retail giant Target and Home Depot.

Wendy’s operates approximately 6,500 franchise and company-operated restaurants in the United States and 28 countries and U.S. territories worldwide.

Centene_Corporation_Logo.svg

Centene

The health insurer Centene is desperately searching for six hard drives that contain the personal information of over 1 million of its customers. The company has admitted to an “ongoing comprehensive internal search” for missing hard drives. 

St. Louis based Centene said the missing hard drives contain personal data about people who received laboratory services between 2009 and 2015. The drives contain patient information including names, addresses, dates of birth, social security numbers, member ID numbers and health information. According to Centene CEO Michael F. Neidorff, the company doesn’t believe the information has been used “inappropriately.”

Customer affected by the data loss will receive free credit and healthcare monitoring. 

The healthcare industry continues to be plagued by massive data breaches. For more on this topic please see;

Large-Scales Hacks Cause 98% of Leaked Healthcare Records.

Over 113 Million Healthcare Records Breached in 2015, Up Ten Fold from 2014

One in Three Americans are Victims of Healthcare Data Breaches

Identity Thieves Pray on Patient’s Medical Records