Tag Archives: financial institutions

Breach Brief – Sonic Drive-In

Sonic fast food chain is the latest victim of a major data breach. Sonic, which has 3,600 locations across the country, confirmed they are investigating unusual payment card activity after being informed by their credit card processor last week. The breach could affect as many as five million card holders.

The breach was first reported by Brian Krebs of KrebsOnSecurity.com.  Krebs stated the breach was revealed by a pattern of of fraudulent transactions on cards used at one of the chain’s restaurants. 

Krebs claims he was tipped off by sources from multiple financial institutions. From his post Krebs related that, “Those cards were then found to be part of a cache of five million credit and debit card accounts that were first put up for sale in mid-September on a dark web site called Joker’s Stash, all indexed by city, state and Zip code. “They’re going at a premium, too: between $25 and $50 per card.” Krebs reported that the cards first showed up for sale on September 18th.

Sonic’s Vice President of public relations Christi Woodworth told Krebs that the investigation hasn’t yet uncovered how many cards or which of its stores may be impacted. Woodworth went on to say that the company “…immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”

Recent patrons of the fast food chain should monitor their credit and debit accounts suspicious activity.

Breach Brief – Wendy’s, Centene

Wendy's_logo_2012.svg

January 29, 2016

Wendy’s

Yet another point-of-sale system appears to have been hacked. Wendy’s fast food restaurant reports that its POS system has come under suspicion for a possible breach of customer card data.

Wendy’s spokesman Bob Bertini said, “We have received this month from our payment industry contacts reports of unusual activity involving payment cards at some of our restaurant locations. Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants. We’ve hired a cybersecurity firm and launched a comprehensive and active investigation that’s underway to try to determine the facts.” Bertini did not name the security firm that is working with Wendy’s

According to Krebs on Security the first reports of the suspicious activity on customer’s cards came from financial institutions in the mid-west. However reports have begun to surface from banks on the east and west coasts. Currently there is no information on how many restaurants are affected.

Krebs On Security first reported the incident and believes that the restaurant’s POS system may have been infected by malware that collected credit card numbers. Wendy’s is not alone when it come to this type of attack.  Other restaurants and retailers hit by this style of attack include Jimmy John’s, Landry’s, P.F. Chang’s, Dairy Queen, Chick-fil-A, retail giant Target and Home Depot.

Wendy’s operates approximately 6,500 franchise and company-operated restaurants in the United States and 28 countries and U.S. territories worldwide.

Centene_Corporation_Logo.svg

Centene

The health insurer Centene is desperately searching for six hard drives that contain the personal information of over 1 million of its customers. The company has admitted to an “ongoing comprehensive internal search” for missing hard drives. 

St. Louis based Centene said the missing hard drives contain personal data about people who received laboratory services between 2009 and 2015. The drives contain patient information including names, addresses, dates of birth, social security numbers, member ID numbers and health information. According to Centene CEO Michael F. Neidorff, the company doesn’t believe the information has been used “inappropriately.”

Customer affected by the data loss will receive free credit and healthcare monitoring. 

The healthcare industry continues to be plagued by massive data breaches. For more on this topic please see;

Large-Scales Hacks Cause 98% of Leaked Healthcare Records.

Over 113 Million Healthcare Records Breached in 2015, Up Ten Fold from 2014

One in Three Americans are Victims of Healthcare Data Breaches

Identity Thieves Pray on Patient’s Medical Records

How Safe is that ATM?

Remember the good ol’ days when ATM security meant making sure you didn’t get mugged. Well those days aren’t exactly gone. You still have to be careful. But the crooks are now using card skimmers, fake keypads and other devices to rob you. So how safe is that ATM?

Card skimmer courtesy of BBB.org

Card skimmer courtesy of BBB.org

ATM security nowadays means understanding how criminals are using technology to rob you. Its time to learn their methods and technology.

 

 

 

 

Remember that ATM machines do not have to belong to a bank or any financial institution. The can be privately owned by a person or business. There is even an organization of private ATM owners known as the National ATM Council. And you can find websites that show you how to set up your own network. Would you like to buy your own ATM? It’s that simple.

viral4real.com

Fake ATM key pad Courtesy viral4real.com


So how do you spot a fake or suspicious ATM?

  • Avoid standalone ATMs in suspicious locations. Be alert to brand names you are not familiar with.
  • A legitimate ATM machine is very secure. Since they contain cash they will be bolted and secured to a wall or floor. Free standing ATM machines that can be easily moved are to be avoided.
  • Clever criminals will sometimes place their crooked ATM next to a legitimate ATM then place an out of order sign on the legitimate one. That could indicate that the one with the sign may actually be the working ATM.  The out-of-order sign could trick you into using the criminal’s machine. Be aware!
  • Check the card slot and key pad. Is either loose or out of place?  That ATM may have been tampered with.  Check the card reader slot and key pad by trying to remove it. Yank or pull on it. It may come off in your hand. If so you have found a skimmer.  Legitimate ATM machines don’t have loose or removable parts.
  • Look for a micro camera or any other out of place device used to record your PIN.
  • Look for ATM machines with open or loose side panels or broken locks especially at drive through ATMs. Don’t use it and report a suspicious ATM to the bank immediately.
  • Check your balances daily and make sure there are no suspicious charges related to ATM use. Report any strange activity immediately.
  • Report suspicious activity around an ATM machine to the police.

Now you know