Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The worst security SNAFUs this year (so far!)

Ellen Messmer | July 16, 2014
From denial-of-service attacks to cyber-espionage to just plain old human flubs, network security SNAFUS abound.

Gingerbread Shed Corp., the marketing, RFID access control and ticketing software company in Tempe, Ariz., notified about 50,000 customers that an unauthorized third party obtained access to information about them, including names, telephone numbers, e-mail addresses, credit-card information and the user names and passwords for the company's website accounts.

The Home Depot said an employee with authorized access to its computer systems had gotten hold of 30,000 records on customer information associated with the tool-rental area and had provided some of it to unidentified third parties. That information included names, address, phone number, birth date, card brand, card account number and card expiration date.

JUNE

Israeli-based security firm RISCO, which was helping provide security management for the FIFA World Cup games, tweeted a photograph of their state-of-the-art monitoring center, but in it accidentally exposed the World Cup's security center's internal Wi-Fi password to the whole world.

Restaurant chain P.F. Chang's said that customer debit and credit card numbers had been stolen from stores, adding they learned of it through the secret Service. The cause, still under investigation, may be malware-infected point of sale terminals; P.F. Chang's said it was switching to old-fashioned manual processing of customer card information at its restaurants.

A hacker group calling themselves "Rex Mundi" broke into Domino's Pizza's network, grabbing the names, addresses, phone numbers, e-mail addresses, passwords and even favorite pizza toppings of about 592,000 French and 58,000 Belgian customers which were posted on the Pastebin site. The hackers indicated they had demanded 30,000 Euros from Domino's to not post the information, but Domino's refused to pay it.

The Montana Department of Public Health and Human Services said a department server containing 1.3 million records on client information, including names, addresses, births dates, Social Security numbers and clinical information, had been broken into by hackers. It was unclear whether data had been extracted.

Butler University in Indiana said personal information related to up to 160,000 students, faculty and alumni was put at risk because of a data breach tied to a suspect in California who had a flash drive with Butler employees' personal information, including birthdays, Social Security numbers and bank account information.

Long Island-based radiology practice NRAD Medial Associates said it discovered that an employee radiologist had accessed and acquired protected health information from NRAD's billing systems without authorization. The breach was estimated to be 97,000 records of patient names and addresses, dates of birth, Social Decurity information, health insurance, and diagnosis information. NRAD's public statements indicate the employee no longer works there.

An estimated 233,000 records of individuals were compromised, including Social Security numbers and payment information, after hackers exploited a vulnerability in systems belonging to Paytime, Inc. the Mechanicsville, Pa., payroll company disclosed.

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.