Tag Archives: payment data

Breach Brief – Ticketfly, MyHeritage

Concert ticketing service Ticketfly reported last week that it was hit by a major data breach involving the personal information of 26 million customers.

According to Ticketfly “some customer information has been compromised including names, addresses, emails, and phone numbers.” Tech news blog Engadget reported that the hacker behind the attack has uploaded much of the data to a public server and is threatening to release more.

Prior to the breach Ticketfly was warned of a flaw in its systems by the hacker. According to Motherboard.com the hacker notified Ticketfly then requested a ransom of one bitcoin in exchange for a fix. When the ransom was not paid as requested Ticketfly suffered the consequences.

Ticketfly has not said if customer’s credit card information and passwords has been compromised. However, the hacker has threatened to release more information if the ransom is not paid.

At the time this article was written the website is back online. Ticketfly is owned by San Francisco based Eventbrite.





MyHeritage, an Israeli based genealogy and DNA testing service, has suffered a major data breach of its user information. According to a MyHeritage statement over 92 million customer account details were found on a server outside of MyHeritage. The data is that of of people who signed up to use the service right up to the day of the breach, October 26, 2017.

MyHeritage stated that the chief information security officer “received a message from a security researcher that he had found a file named myheritage containing email addresses and hashed password, on a private server.” Hashed passwords are encrypted representations of passwords. This means companies don’t have to store the actual password on their network but, depending on the algorithm used, hackers could still crack them.

MyHeritage claims that no other user data, such as credit cards, were compromised and DNA data are stored separate systems.

Breach Brief – InterContinental Hotels

InterContinental Hotels Group announced today that its hotel chain has been hit by malware resulting in a massive data breach. The hotel chain was infected by malware in its payments systems. The malware was designed to collect guest’s credit card data including name, card numbers, expiration dates and security codes. According to a hotel spokesperson, “Approximately 1,200 IHG-branded franchise hotel locations in the Americas were affected.”

According to KrebsOnSecurity.com the number may even be higher. The website originally reported the data breach in December. Krebs reports that IHG has not yet inspected all its properties some of which are franchises. IHG has been reaching out to franchised properties asking them participate in the investigation.

The data breach began in September 2016 and continued through to the end of December of last year. According to IHG there is no indication the malware was active after December 29th. However, it cannot verify that all the malware was removed until March.

To add insult to injury the hotel chain does not know how many customer were affected nor is it offering any help to those customers. The company is only saying that guests should “remain vigilant to the possibility of fraud” and urged customers to review their card statements.

In an email to TheVerge.com IHG stated that its investigation was ongoing and a “small percentage” of franchises haven’t participated. IHG says it has 3,925 hotels in the Americas. IHG owns the following hotel chains in the U.S.

If you have stayed in any of these hotels since September of last year there is a website where you can check to see if that hotel was affected. IHG plans to add additional locations to the list when its investigation is completed.

Credit card data may be compromised

ALERT! Sally Beauty Breached Again ALERT!

Credit card data may be compromisedThe African American Cyber Report reported in March of 2014 of a data breach at Sally Beauty Supply stores. So here we go again!

One year later Sally Beauty Supply is again revealing that a network intrusion exposed customer payment card data and is now investigating fresh breach reports. Sally Beauty has over 4,800 U.S. stores reporting 2014 revenue of $3.6 billion.

Sally Beauty first began to receive warnings of a possible breach during the week of April 27th . In a May 4th announcement store executives admitted to investigating “unusual” card activity linked to payment cards used at some of its U.S. stores. 

“Since learning of these reports, we have been working with law enforcement and our credit card processor and have launched a comprehensive investigation with the help of a leading third-party forensics expert to aggressively gather facts, while working to ensure our customers are protected. Until this investigation is completed, it is difficult to determine with certainty the scope or nature of any potential incident; but we will continue to work vigilantly to address any potential issues that may affect our customers.”

The beauty supplier vowed to provide additional updates “in the coming days” via its website and directly to affected customers. “We will be providing notifications to any affected consumers and others, as appropriate, as the facts develop and we learn more.” The chain also requested that any customer who discovers fraudulent activity that they believe relates to Sally Beauty should contact its customer service hotline after alerting their card issuer or bank.

Cyber security experts point out the suspecious timing of the second data breach. George Rice, senior director of payments for data-encryption firm HP Security Voltage pointed out, “Sally Beauty experienced two breaches within a short period of time. It is entirely possible that Sally Beauty never fully eradicated the malware on their POS from the first time.” 

John Buzzard, head of card-alert service at analytics software company FICO, agrees stating “We are all really perplexed when we see breaches that appear to the naked eye to be a repeat situation.” Buzzard continues, “As Sally’s story line evolves, we may learn that the level of customization in the malware that allegedly affected them in 2014 was so complex that it was able to evade a stringent mitigation process. I can’t ascertain if lightning did, indeed, strike twice here; so it’s just a waiting game to see how this can be explained.”

A Sally Beauty spokesman told the Information Security Media Group that “it would be premature to speculate” about whether the 2014 and 2015 breach reports might be linked, and declined to detail which digital forensics investigation firm it brought in to investigate the latest breach reports. The 2014 breach was investigated by Verizon .

The question most customers have is; why did this happen again? In the company’s 2014 annual report, released in November, Sally executives noted the company had a number of information security defenses in place. “We have physical, technical and procedural safeguards in place that are designed to protect information and protect against security and data breaches as well as fraudulent transactions and other activities,” it said. “Despite these safeguards and our other security processes and protections, we have been a victim of cyber-attacks and data security breaches, including a breach that resulted in the unauthorized installation of malware on our information technology systems that may have illegally accessed and removed a portion of payment card data for certain transactions.”

Tripwire senior security analyst Ken Westin says there are steps all retailers need to take, not just ones that have suffered a Point-Of-Sale malware attacks. These steps will allow retailers to safeguard themselves against online attacks, as well as to rapidly detect unfolding breaches. Those include keeping a close eye on all data regulated by the Payment Card Industry Data Security Standard. “Both the intrusion and the malware components can be better detected by taking a layered security approach, monitoring endpoints and the network itself closely for anomalies and indicators of compromise specific to retail breaches,” he says. “These include configuration changes, unauthorized processes and credit card data appearing on the file systems, RAM or anywhere outside the PCI environment.”