Huge card breach at Hilton Hotel properties

Hilton Worldwide Holdings, Inc., an American global hospitality company formerly known as Hilton Worldwide and Hilton Hotels Corporation, has started its investigation after a security researcher Brian Krebs claimed that some hackers had compromised credit card data in gift shops and restaurants at a “large number” of Hilton Hotel and franchise properties across the United States.
The researcher said that the hackers broke into point-of-sale machines.

However, it is not clear that how many Hilton properties might get affected by the incident, that might have happened date back to November 2014, and may still be ongoing.

“In August, Visa sent confidential alerts to numerous financial institutions warning of a breach at a brick-and-mortar entity that is known to have extended from April 21, 2015 to July 27, 2015. The alerts to each bank included card numbers that were suspected of being compromised, but per Visa policy those notifications did not name the breached entity,” the researcher added.

He said that other five different banks had said that the common point-of-purchase for cards included in that alert had only one commonality. They were all were used at Hilton properties, including the company’s flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts.

“Hilton Worldwide is strongly committed to protecting our customers’ credit card information,” the company said in a statement. “We have many systems in place and work with some of the top experts in the field to address data security.  Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace.  We take any potential issue very seriously, and we are looking into this matter.”

Hover reset its users’ password due to a possible Security Breach

Hover, Canada-based Internet services and telecommunications company Tucows, one of the world’s largest ICANN-accredited domain registrars, has reset its user passwords after discovering that one of its systems might have been breached.

Once it reset passwords, the company started sending emails to the customers on Tuesday.

“We are writing to let you know that we reset your password today. If you are unable to log into your Hover account, you will need to use the “I forgot my password” option on the sign in page to change your password,” the email read.

“We did this as a precautionary measure because there appears to have been a brief period of time when unauthorized access to one of our systems could have occurred. We have no evidence at all that any Hover accounts have been accessed, but even the possibility that this could have happened moved us to err on the side of extreme caution,” the company explained to its customers.

According to a post in SecurityWeek, unfortunately, as it often happens, the emails sent out by Hover have been mistaken for phishing attempts due to the URLs they contain.

However, the company confirmed it in twitter that the password reset emails are legitimate and clarified that the links have likely been changed by MailChimp, the email marketing product that was used to send out the notifications.

“That email was indeed from us. The links were changed when sending out through MailChimp. Sorry for the confusion,” Hover replied one of its followers in Twitter.

The company told SecurityWeek on Monday that it had not been able to determine the exact attack vector used by the hackers. However, it suspected that they may have leveraged a zero-day exploit since the breached server was fully patched.

Database breach occurs at Hanesbrands Inc.

Hanesbrands Inc. has reported that a database of their's containing 900 thousand contact details about their carious customers has been breached.

The hacker gained access to the database by posing as a guest on the brands website while checking out something.

The hacker got access to addresses, phone numbers and last four digits of a credit or debit card of customers according to Hanesbrands Inc.

The breach happened in the last month of June according to Hanesbrands spokesman Matt Hall and does not affect the retail stores of the brand.

The brand had themselves been contacted by the hacker to inform them of the breach.

PagerDuty hacked, update your password by Monday

After almost a month, PagerDuty, which provides alerting, on-call scheduling, escalation policies and incident tracking to increase uptime of your apps, servers, websites and databases, has confirmed that it detected an unauthorized intrusion on July 9 by an attacker who gained access to some information about their customers.

The PagerDuty has asked its users to set new strong passwords at this time. The users that do not reset their password by Monday, August 3rd at 12:00pm Pacific Time will be automatically logged out of the website and will receive an email prompting them to reset their password. At no time will alert delivery be affected by this process.

It posted on July 30 that within a few hours of the intrusion, its team stopped the attack. A leading cyber security forensics firm has been hired to investigate the attack.

“We immediately took steps to mitigate the issue, including enhancing our monitoring and detection capabilities, and further hardening our environment,” the blog read.

According to the company concerned, it has not found any evidence that corporate, technical, financial, or sensitive end user information, including phone numbers, was exposed by this incident.

“We do not collect customers’ social security numbers and we do not store or have access to customer credit card numbers. This incident also had no impact on our ability to provide services to our customers. We also notified law enforcement and are cooperating fully with their investigation into this matter,” the company added.

The company said that as per its investigation, the attacker bypassed multiple layers of authentication and gained unauthorized access to an administrative panel provided by one of our infrastructure providers. With this access, they were able to log into a replica of one of PagerDuty’s databases. The evidence indicates that the attacker gained access to users’ names, email addresses, hashed passwords and public calendar feed URLs.

The company has recommend that its customers to reset calendar feed URLs and revoke and re-add access to any mobile devices linked to their PagerDuty account.

“PagerDuty will never ask for your password or other sensitive information via email,” the company said.

Moonpig hacked, Emial IDs, passwords compromised

The online personalized card company, Moonpig, has blocked an unspecified number of accounts of customers after users’ details were published online.

According to the company’s website, customers’ email addresses, passwords and account balance had been made public. However, they stress that the source of passwords was not their site, but from other online sites where users use similar passwords.

“As a precautionary measure, we promptly closed our Moonpig site and apps to help us investigate and contain this issue. Following these investigations, we now have strong evidence that the customer email addresses and passwords we identified were taken previously from other third party websites, and not directly from"

"This data was then used to access the account balances of some of our customers. As a reminder, we do not store full credit card information ourselves so this data was not accessible in any event.”

Moonpig  has contacted affected customers, and advised  them to  reset their passwords and ensure that they are not reusing the same passwords anywhere else on the net

Do Organizations Fail to Care about your Medical data? UCLA Hacked

Hospital network of the University of California, Los Angeles was broke out by a team of hackers resulting in access of sensitive records of 4.5 million people.

According to the university, the data stolen includes names, Medical information, Medicare numbers, health plan IDs, Social Security numbers, birthdays and physical addresses.

This breach could have affected  people’s who has visited, or worked at the university's medical network, UCLA Health, that includes its four hospitals and 150 offices across Southern California.

The first attempt to hack the network was done in September 2014.  UCLA Health  announced on Friday - two months after it discovered the data breach. The university network alarm "detected suspicious activity," and UCLA Health called in the FBI for help.

"At that time, it did not appear that the attackers had gained access to the parts of the network that contain personal and medical information," UCLA Health said in a statement.

The hospital group is now notifying staff and patients, and offering them one year of identity theft recovery services.

Dr. James Atkinson, UCLA Hospital System's president, apologized to the public in a statement. And noted that hospital group is under constant attack from all over the world.

Organizations handling such kind of sensitive information should not only have physical security but also have a proper Cyber security protection. Organizations should understand importance of Cyber security before they fall victim to cyber attacks.

Credit card data breach at Online Photo service, customers of CVS, Walmart Canada and others affected

Consumer Value Stores (CVS), which is the second largest pharmacy chain after Walgreens in the United States with more than 7,600 stores, has temporarily taken down its online photo center after a hacking attack.

 “We have been made aware that customer credit card information collected by the independent vendor who manages and hosts may have been compromised,” the company posted in its website’s homepage content.

Brain Krbes pointed out in his blog that other companies already reporting similar data breach and took down their webpages related to the online photo service.

Those online photo services have been maintained by a company called PNI Digital Media.

Companies including Costco, Walmart Canada, Rite Aid displayed a message in their photo site informing about the security breach.

In a noticed displayed on the Rite Ad's photo site, it is said that information including name, address, phone number, email IDs, photo account password and Credit Card data affected

However, Rite Ad said "PNI does not process credit card information on Rite Aid’s behalf and PNI has limited access to this information."

The Consumer Value Stores said Financial transactions done on their main website and in-store are not affected.

Hershey to provide card monitoring service, after a data breach

Hershey, which operates The Hotel Hershey, Hersheypark Entertainment complex and other facilities, is providing a year of card monitoring service to those guests whose financial information may have exposed to its Pennsylvania hotels, amusement park and other venues.  

According to a news report published on Action News, the company is working with a security firm to resolve the issue.

The company said that those cards used at its properties within Feb. 14 to June 2 may have been compromised. It did not find evidence that information was removed from its system.

However, some of its guests have reported unauthorized charges on cards used at its properties.

The company said that a malicious program was installed in its payment system that extracted payment card data, including a cardholder's name, card number and expiration date.

Detroit Zoo victim of a data breach

Service Systems Associates,  third-party operator of the  Detroit Zoo was recently the victim of a data security breach.

The credit and debit card information’s were used for purchases at the zoo’s gift shops over a three-month period.

Patricia Janeway, zoo spokeswoman said that “In addition to credit and debit card numbers, the cyber hackers reportedly gained access to card holders’ names, card expiration dates and three-digit CVV security codes.”

After SSA learned of the data breach, they  installed a separate credit card processing system at its retail outlets.

In preliminary forensic  investigation it was revealed that there was a malicious software,  in SSA’s software.

“We are obviously concerned that the vendor’s system was compromised,” said Gerry VanAcker, chief operating officer of the zoo. “Transactions made since June 26 are not affected by the previous break and it is safe to use a credit or debit card at SSA’s retail locations.”

“The zoo’s IT systems -- including those used for ticket and membership sales -- were not affected by the data breach and are secure,” Janeway said.

Up-to-date information has been provided by the vendor at

For additional information visit

Harvard network systems breached last month

Network systems at Harvard's Faculty of Arts and Sciences and Central Administration were breached last month, according to a security report on the Harvard website.

Harvard is working with an external security investigator to figure out who breached their network, and why?

In the meantime, they have said that as of now, no data is at risk, but still recommend that users take a few precautions.

Harvard has asked members of Faculty of Arts and Sciences, Harvard Divinity School, Radcliffe Institute for Advanced Study and Central Administration t change the password of their Harvard accounts.

They have also asked members of Graduate School of Design, Harvard Graduate School of Education, Harvard John A. Paulson School of Engineering and Applied Sciences, or Harvard T.H. Chan School of Public Health to change their email passwords.

Donald Trump’s Hotels face credit card breach: Report

The Trump Hotel Collection, a chain of luxury hotel properties tied to business magnate and now Republican presidential candidate Donald Trump, may have been the latest victim of a credit card breach, according to KrebsonSecurity.

According to a report posted on Wednesday, as per the data shared by several U.S.-based bank, the hotel collected appears to the latest victim of credit card breach.

At first when they had contacted the company regarding reports from sources at several banks who traced a pattern of fraudulent debit and credit card charges to accounts that had all been used at Trump hotels, it refused to comment.

However, the company later issued a brief statement from Eric Trump, executive vice president of development and acquisitions.

“Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties,” the statement reads. “We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.”

However, it is confirmed from various sources in the financial industry, the company has little doubt that Trump properties in several U.S. locations including Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York are dealing with a card breach that appears to extend back to at least February 2015.

According to the report, the incident would be the latest in a long string of credit card breaches involving hotel brands, restaurants and retail establishments.

“Magnetic-stripe based cards are the primary target for hackers who have been breaking into retailers like Target and Home Depot and installing malicious software on the cash registers: The data is quite valuable to crooks because it can be sold to thieves who encode the information onto new plastic and go shopping at big box stores for stuff they can easily resell for cash,” the report reads.

It is said that merchants that have not yet installed card readers In October 2015 and accept more secure chip-based cards will assume responsibility for the cost of fraud from counterfeit cards.

While experts believe it may be years after that deadline before most merchants have switched entirely to chip-based card readers.

Penn State University Becomes Victim To Yet Another Cyberattack

Penn State announced that it has detected another cyber attack.  The recent attack has been confirmed by the university on its’s College of Liberal Arts server. 
Penn State has stated that several systems have been compromised by cyberattacks; which have been accounted as two in number by anonymous threats.

FireEye cyber forensic unit, Mandiant has taken over the case and has been trying to investigate and analyse the attacks, that took place on the 4th of May; Seven weeks since then, the university now states that no harm has occurred in regards to the personally identifiable information(PII) or any other research data, since the it had introduced advances cybersecurity measures after the attacks on the College of Engineering servers.

Mandiant’s spokesperson, Nick Pelletier revealed that the attacks took place for the first time in 2014 within a 24-hour time period, while the latter breach was taken into action during March to May in 2015. Mandiant is not sure if the attackers are the same chinese group that attacked engineering.

Nick Jones, vice-president of Penn State in an official statement said that advanced monitoring systems have been introduced into the entire university network with constant support of Mandiant and the the attackers will be soon tracked down.

The attacks in the state university systems have created a threat for federal systems. Where any PII or research data was not compromised, some college-issued usernames and passwords were stolen and accessed. As a result, all the compromised accounts are being renewed and more information can be gathered from

St.Mary's Bank reissue debit cards after merchant data breach

St. Mary’s Bank has initiated the process for issuing new debit cards and ATM PINs to over 5000 customers in a response to a merchant-related breach.

The bank had noticed peculiar activities in certain accounts, which were small transactions viz. $99. 

This was taken as small purchases at locations near New Hampshire and hence was not taken seriously. When the matter was taken into consideration, the officials were able to shut the compromised cards and later the matter was further investigated.

The cards were being hacked at a national retailer, from where the numbers were being sold online. After which, the accounts were tracked and phony numbers were tied to the real accounts, causing illegal access to all the accounts. 

Elizabeth Stodolski, vice president of marketing, said the bank has taken a precaution by cancelling a total of 5,029 debit cards to prevent further fraudulent transactions to take place. The old cards have been deactivated and all the customers have been personally notified about the current situation and the protocols in action.

All the customers have been asked to go to their nearest branch and get reimbursed for their losses, for which St. Mary’s Bank has taken full responsibility. 

The reports did not specify what merchants were affected and how they got compromised.  Often, Cyber criminals use POS malware or skimming device to get the card details.   

But, the question is what if suppose cyber criminals again compromise the card information. Are banks going to provide new cards again?

Pharmacy chain Fred's Inc. probes security breach

Fred’s Inc., a US-based discount retailer and pharmacy chain, has probed a possible security breach.

With multiple breaches being identified by KrebsOnSecurity on various stores across the country, it was detected by them that Fred’s Inc., had a credit card violation from the malware installed directly on the company's point-of-sale systems.

 Cybersecurity journalist Brian Krebs confirmed that Fred’s is the latest victim of the breach and issued the following statement:

“ Fred’s Inc. recently became aware of a potential data security incident and immediately launched an internal investigation to determine the scope of the issue. We retained Mandiant, a leading independent forensics firm, to examine our data security systems.

We want to assure our customers that protecting their information is one of our top priorities and we are taking this potential incident very seriously. Until this investigation is completed, it will be difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers.”

This is the only information available and Fred’s have hired investigators to look into the matter. But Kreb’s sources have said that “the pattern of fraudulent charges traced back to Fred’s stores across the company’s footprint in the Midwest and south, including Alabama, Arkansas, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Tennessee and Texas.”

Fred’s Inc., has around 650 stores in more than a dozen states in the United States.

Algonquin College server hacked but no information stolen

The information of more than a thousand former students was put at risk when somebody hacked the servers of Algonquin College in Ottawa.

According to college authorities, 1,225 students in the Bachelor of Information Technology and Bachelor of Science in Nursing programs are affected by the data breach.

The college immediately shut down the servers as soon as it became aware about the hack and claims that no data was transferred or taken from the servers.

A cyber team is determining how the attack could have happened and has said that it has found many more intruders in the system.

The college is covering the expenses for credit monitoring services for all those whose information was put at risk due to the hack.

China blamed for Security breach at OPM, affects current and former federal employees

The computer system of the Unites State’s Office of Personal Management was hacked by the  Chinese hackers. They  will send notifications to approximately 4 million individuals whose personal data including personally identifiable information (PII) may have been compromised.

OPM detected a cyber-intrusion affecting its information technology (IT) systems and data in April 2015. The  hackers used the tougher security controls to intrude.

The U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI)  are investigating the full impact to Federal personnel.

After the intrusion additional network security precautions has been added  by the OPM. These includes: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.

Credit monitoring and identify theft insurance, and recovery services are offered by OPM to  potentially affected individuals through CSID®, a company that specializes in these services.

“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”

This hack was second major intrusion by China in less than a year, and largest breach of federal employee data in recent years.

“China is everywhere,” said Austin Berglas, head of cyber investigations at K2 Intelligence and a former top cyber official at the FBI’s New York field office. “They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”

Data breach at IRS, taxpayers data at risk

The IRS put out a statement saying that criminals had breached the confidential data of approximately a 100,000 people.

The hackers used sensitive data acquired from non-IRS sources - including Social Security Numbers, Date of Births and street addresses - to clear the multi-level security system of the IRS which includes verification through personal questions.

In total, the IRS has said there were 200,000 attempts to get data from their servers. The IRS will provide free credit monitoring service to those affected by this breach of data.

The IRS got to know a couple of weeks back that unusual activity was happening on their servers and that is how they discovered the breach of data.

The 'Get Transcript' feature was shut down temporarily by the IRS to gauge the estimate of the damage caused by the breach.

Vancity urges its customer to change their debit cards

Hundreds of customers of Vancouver City Savings Credit Union, popularly known as Vancity which is one of the largest community credit unions in Canada, have been requested to change their debit cards and get a new one after their debit card numbers were stolen while making purchases in Metro Vancouver.

The Vancity on May 23 confirmed that account of more than 1,000 of its customers have been affected and other bank customers may also have been affected by the serious banking breach at two local retailers.

According to a report published on CTV Vancouver, Darwin Sauer, spokesperson at the Vanicity, said that they found out on May 23 from Central One, their card provider that two Vancouver-area retailers had their card machines compromised as a result of a skimming operation, under which stealing of customer’s account information like PIN numbers is done.

“This could mean any customer who used those card machines or had their card go through those machines could have had their card compromised,” Sauer told to CTV Vancouver.

According to the company, a total of 1,200 its customers used their debit cards at the unnamed locations and only two people have notified the credit union about questionable transactions.

In order to protect its customers, the Vancity has placed limits on the 1,200 cards that may have been compromised and contacted the customers who will need to get new cards.

Sauer said people can protect their accounts from such fraud by changing their PIN regularly and shielding their PIN when entering it.

Bettys Tea Rooms firm’s website hacked

The Bettys Tea Rooms  firm’s website was hacked on Wednesday, affecting more than 120,000 customers.

In a statement released by the company, they apologized, and blamed "industry-wide software weakness" for the data breach.

The hackers gained access to the firm’s website database, and stole the personal details of the customers which includes their names, email addresses, postal addresses, encrypted passwords and telephone numbers.

"We would like to stress that your credit or debit card details have not been copied as this information is stored on a completely separate system managed by a certified third party. Bettys takes customer confidentiality extremely seriously and, whilst customer passwords were encrypted, it is important that you change your password as soon as possible by clicking this link or entering into your browser," Bettys said.

They also advised their customers to not to respond to any of the phone or email communication regarding their personal and financial information.

"To be clear, Bettys will never contact you and ask you to share any personal financial information," the tea shop chain said.

Gang of old ladies named 'Northern N00bz' is suspected to be behind the data breach. To take revenge for some disservice, they acquired  some coding skills. A full investigation is going on.

Details of 400,000 users leaked as mSpy is hacked

The mobile spying software service, mSpy has been allegedly hacked and personal data of about 400,000 customers released in the Deep Web.

mSpy, a software as a service product claims to help about 2 million people by helping them track the mobile activities of their partners or kids. The hacking of their servers came to light after KrebsOnSecurity received an anonymous tip with a link to a Tor-based site.

The site contained data about Apple IDs and passwords, tracking data, payment details on some 145,000 successful transactions, pictures, calendar data, corporate email threads, and very private conversations. Also included are emails from the people who have requested services of mSpy.

Sites like these are difficult to be suspended as they are hosted in the deep web, away from the indexing and registration in the regular search engines and can be accessed only via Tor.

While the unknown hackers claim to have data about 400,000 users, the company has not responded to repeated requests for an official confirmation.

It is not clear where the company is based but it seems to be tied to a presently defunct company called MTechnology Ltd. The founders are self-styled programmers Aleksey Fedorchuk and Pavel Daletski. The brand is involved in a trademark dispute with an US based company called Retina X studios that makes a similar product called MobileSpy.

The US courts are generally strict with companies like these, as has been indicated by past incidents and maintain that “Advertising and selling spyware technology is a criminal offense, and such conduct will be aggressively pursued by this office and our law enforcement partners”

While law takes a firm stand on such techniques, what is paradoxical is how the interested users of mSpy, who are mostly concerned parents of kids, have in a bid to keep their children secure ended up exposing their personal details to a world full of predators and bullies.