Tag Archives: credit card breach

Breach Brief – Sonic Drive-In

Sonic fast food chain is the latest victim of a major data breach. Sonic, which has 3,600 locations across the country, confirmed they are investigating unusual payment card activity after being informed by their credit card processor last week. The breach could affect as many as five million card holders.

The breach was first reported by Brian Krebs of KrebsOnSecurity.com.  Krebs stated the breach was revealed by a pattern of of fraudulent transactions on cards used at one of the chain’s restaurants. 

Krebs claims he was tipped off by sources from multiple financial institutions. From his post Krebs related that, “Those cards were then found to be part of a cache of five million credit and debit card accounts that were first put up for sale in mid-September on a dark web site called Joker’s Stash, all indexed by city, state and Zip code. “They’re going at a premium, too: between $25 and $50 per card.” Krebs reported that the cards first showed up for sale on September 18th.

Sonic’s Vice President of public relations Christi Woodworth told Krebs that the investigation hasn’t yet uncovered how many cards or which of its stores may be impacted. Woodworth went on to say that the company “…immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”

Recent patrons of the fast food chain should monitor their credit and debit accounts suspicious activity.

Breach Brief – Wendy’s, Centene

Wendy's_logo_2012.svg

January 29, 2016

Wendy’s

Yet another point-of-sale system appears to have been hacked. Wendy’s fast food restaurant reports that its POS system has come under suspicion for a possible breach of customer card data.

Wendy’s spokesman Bob Bertini said, “We have received this month from our payment industry contacts reports of unusual activity involving payment cards at some of our restaurant locations. Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants. We’ve hired a cybersecurity firm and launched a comprehensive and active investigation that’s underway to try to determine the facts.” Bertini did not name the security firm that is working with Wendy’s

According to Krebs on Security the first reports of the suspicious activity on customer’s cards came from financial institutions in the mid-west. However reports have begun to surface from banks on the east and west coasts. Currently there is no information on how many restaurants are affected.

Krebs On Security first reported the incident and believes that the restaurant’s POS system may have been infected by malware that collected credit card numbers. Wendy’s is not alone when it come to this type of attack.  Other restaurants and retailers hit by this style of attack include Jimmy John’s, Landry’s, P.F. Chang’s, Dairy Queen, Chick-fil-A, retail giant Target and Home Depot.

Wendy’s operates approximately 6,500 franchise and company-operated restaurants in the United States and 28 countries and U.S. territories worldwide.

Centene_Corporation_Logo.svg

Centene

The health insurer Centene is desperately searching for six hard drives that contain the personal information of over 1 million of its customers. The company has admitted to an “ongoing comprehensive internal search” for missing hard drives. 

St. Louis based Centene said the missing hard drives contain personal data about people who received laboratory services between 2009 and 2015. The drives contain patient information including names, addresses, dates of birth, social security numbers, member ID numbers and health information. According to Centene CEO Michael F. Neidorff, the company doesn’t believe the information has been used “inappropriately.”

Customer affected by the data loss will receive free credit and healthcare monitoring. 

The healthcare industry continues to be plagued by massive data breaches. For more on this topic please see;

Large-Scales Hacks Cause 98% of Leaked Healthcare Records.

Over 113 Million Healthcare Records Breached in 2015, Up Ten Fold from 2014

One in Three Americans are Victims of Healthcare Data Breaches

Identity Thieves Pray on Patient’s Medical Records

Online Holiday Shopping 2015 – Stop Credit Card Fraud

Black people shopping online this holiday season should be aware that fraud is rampant. Hackers are extremely savvy and know where and how to steal credit card data. So you need to be just as savvy. African-Americans should understand where and how they are vulnerable when shopping, in stores or online. Don’t let a techno-Scrooge ruin your holiday.

According to NASDAQ, nearly 32 million Americans had their credit cards breached in 2014. Forty-five percent of those breaches happened online.  Now is the time to learn online safety to protect your credit, your cash, your identity and your holiday season.

First and foremost, by now you should have the new Chip & PIN or EMV cards. If not then you need to get a hold of your bank or credit card company and demand it. This new card is not perfect but it is far more secure than the regular magnetic strip cards. Of course it takes longer to process a transaction but isn’t it worth it to keep you money safe?

Here are a few tips to help you stay safe while shopping online.

  • Shop only at trusted websites and stores. Stick with the familiar retailers and more common internet sites.  Keep some cash on hand when you shop at unique stores or gift shops to avoid exposing yourself to fraud. Beware of misspellings or domain names using “.net” instead of “.com”. This a common trick used by cyber criminals to fool unsuspecting consumers. Check out “Is ThatWebsite Trustworthy?”

Google / TLS

  • Make sure you see “https” in the URL. Also look for the little green lock. You should be well aware of these things if you shop online anytime not just the holidays. And even if you are not shopping whenever you perform sensitive business online know what a secure website looks like.
  • Do your homework! Research the company or website before making a purchase in person or online. Check websites like Yelp.com or  Scamadviser.com to see what other consumers are saying. Look for a website’s customer rating. Check posts previous customers have written on the company’s website, blog, or customer feedback page.
  • Protect your privacy. Be suspicious of any store or website that asks for too much information. Information such as your PIN, birthday or Social Security number are strictly off limits. Only give up the minimum amount of personal information possible. Don’t store information on the website server. Some websites will ask you to register and keep your credit card number on file in a cookie. Decline this option of you can and purchase as a guest to the website. You may have to enter your information each time you buy but you are safer.  If you do create an account on a shopping website, or any website for that matter, make sure you have a strong and secure password. This makes it harder to be hacked or high-jacked by cyber crooks. Learn how to create a secure password.
  • Use filters that warn you of suspicious or fraudulent websites or web pages. Google Chrome is excellent for stopping you from visiting suspicious websites. Many anit-virus programs can do the same thing. Make sure your anti-virus/anti-malware is up to date.
  • Use a credit card versus a debit card when shopping online.  Why? Because credit cards offer protections from identity theft that debit cards don’t offer. Also credit cards offers you the option of contesting  fraudulent charges to your account where a debit card takes the money directly from you bank account. Its much harder to get back if something goes wrong.
  • Keep good records. Print a copy of your order confirmation, save email receipts, and write down any pertinent information in case it’s needed to contest a charge.
  • Never, ever shop using public computers! These computer are notorious for viruses and malware. They could be hiding all sorts of software to steal passwords and personal information. You have no idea who was there before you or what they were doing.
  •  Beware public Wi-Fi! This is a favorite hunting ground for cyber thieves. They can steal information by simply by being on the same network and watching what you do. But some cyber criminals are even providing free Wi-Fi in hotels and coffee shops as a trap for guests. Once you are on THEIR network you’re at their mercy. Be alert and know what network you are on and use a VPN to protect your Internet traffic from prying eyes.
  • As always check you bank account and credit card statements daily.  If you see any charges you don’t recognize, address the matter immediately. Don’t pay credit card bills until you know all your charges are accurate. You have 30 days to notify the bank or card issuer of problems. After that, you might be liable for the charges.

Happy Holidays!