Donald Trump’s Hotels face credit card breach: Report

The Trump Hotel Collection, a chain of luxury hotel properties tied to business magnate and now Republican presidential candidate Donald Trump, may have been the latest victim of a credit card breach, according to KrebsonSecurity.

According to a report posted on Wednesday, as per the data shared by several U.S.-based bank, the hotel collected appears to the latest victim of credit card breach.

At first when they had contacted the company regarding reports from sources at several banks who traced a pattern of fraudulent debit and credit card charges to accounts that had all been used at Trump hotels, it refused to comment.

However, the company later issued a brief statement from Eric Trump, executive vice president of development and acquisitions.

“Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties,” the statement reads. “We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.”

However, it is confirmed from various sources in the financial industry, the company has little doubt that Trump properties in several U.S. locations including Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York are dealing with a card breach that appears to extend back to at least February 2015.

According to the report, the incident would be the latest in a long string of credit card breaches involving hotel brands, restaurants and retail establishments.

“Magnetic-stripe based cards are the primary target for hackers who have been breaking into retailers like Target and Home Depot and installing malicious software on the cash registers: The data is quite valuable to crooks because it can be sold to thieves who encode the information onto new plastic and go shopping at big box stores for stuff they can easily resell for cash,” the report reads.

It is said that merchants that have not yet installed card readers In October 2015 and accept more secure chip-based cards will assume responsibility for the cost of fraud from counterfeit cards.


While experts believe it may be years after that deadline before most merchants have switched entirely to chip-based card readers.

Penn State University Becomes Victim To Yet Another Cyberattack


Penn State announced that it has detected another cyber attack.  The recent attack has been confirmed by the university on its’s College of Liberal Arts server. 
Penn State has stated that several systems have been compromised by cyberattacks; which have been accounted as two in number by anonymous threats.

FireEye cyber forensic unit, Mandiant has taken over the case and has been trying to investigate and analyse the attacks, that took place on the 4th of May; Seven weeks since then, the university now states that no harm has occurred in regards to the personally identifiable information(PII) or any other research data, since the it had introduced advances cybersecurity measures after the attacks on the College of Engineering servers.

Mandiant’s spokesperson, Nick Pelletier revealed that the attacks took place for the first time in 2014 within a 24-hour time period, while the latter breach was taken into action during March to May in 2015. Mandiant is not sure if the attackers are the same chinese group that attacked engineering.

Nick Jones, vice-president of Penn State in an official statement said that advanced monitoring systems have been introduced into the entire university network with constant support of Mandiant and the the attackers will be soon tracked down.

The attacks in the state university systems have created a threat for federal systems. Where any PII or research data was not compromised, some college-issued usernames and passwords were stolen and accessed. As a result, all the compromised accounts are being renewed and more information can be gathered from http://securepennstate.psu.edu.

St.Mary's Bank reissue debit cards after merchant data breach

St. Mary’s Bank has initiated the process for issuing new debit cards and ATM PINs to over 5000 customers in a response to a merchant-related breach.

The bank had noticed peculiar activities in certain accounts, which were small transactions viz. $99. 

This was taken as small purchases at locations near New Hampshire and hence was not taken seriously. When the matter was taken into consideration, the officials were able to shut the compromised cards and later the matter was further investigated.

The cards were being hacked at a national retailer, from where the numbers were being sold online. After which, the accounts were tracked and phony numbers were tied to the real accounts, causing illegal access to all the accounts. 

Elizabeth Stodolski, vice president of marketing, said the bank has taken a precaution by cancelling a total of 5,029 debit cards to prevent further fraudulent transactions to take place. The old cards have been deactivated and all the customers have been personally notified about the current situation and the protocols in action.

All the customers have been asked to go to their nearest branch and get reimbursed for their losses, for which St. Mary’s Bank has taken full responsibility. 

The reports did not specify what merchants were affected and how they got compromised.  Often, Cyber criminals use POS malware or skimming device to get the card details.   

But, the question is what if suppose cyber criminals again compromise the card information. Are banks going to provide new cards again?

Pharmacy chain Fred's Inc. probes security breach

Fred’s Inc., a US-based discount retailer and pharmacy chain, has probed a possible security breach.

With multiple breaches being identified by KrebsOnSecurity on various stores across the country, it was detected by them that Fred’s Inc., had a credit card violation from the malware installed directly on the company's point-of-sale systems.

 Cybersecurity journalist Brian Krebs confirmed that Fred’s is the latest victim of the breach and issued the following statement:

“ Fred’s Inc. recently became aware of a potential data security incident and immediately launched an internal investigation to determine the scope of the issue. We retained Mandiant, a leading independent forensics firm, to examine our data security systems.

We want to assure our customers that protecting their information is one of our top priorities and we are taking this potential incident very seriously. Until this investigation is completed, it will be difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers.”

This is the only information available and Fred’s have hired investigators to look into the matter. But Kreb’s sources have said that “the pattern of fraudulent charges traced back to Fred’s stores across the company’s footprint in the Midwest and south, including Alabama, Arkansas, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Tennessee and Texas.”

Fred’s Inc., has around 650 stores in more than a dozen states in the United States.

Algonquin College server hacked but no information stolen

The information of more than a thousand former students was put at risk when somebody hacked the servers of Algonquin College in Ottawa.

According to college authorities, 1,225 students in the Bachelor of Information Technology and Bachelor of Science in Nursing programs are affected by the data breach.

The college immediately shut down the servers as soon as it became aware about the hack and claims that no data was transferred or taken from the servers.

A cyber team is determining how the attack could have happened and has said that it has found many more intruders in the system.

The college is covering the expenses for credit monitoring services for all those whose information was put at risk due to the hack.

China blamed for Security breach at OPM, affects current and former federal employees


 
The computer system of the Unites State’s Office of Personal Management was hacked by the  Chinese hackers. They  will send notifications to approximately 4 million individuals whose personal data including personally identifiable information (PII) may have been compromised.

OPM detected a cyber-intrusion affecting its information technology (IT) systems and data in April 2015. The  hackers used the tougher security controls to intrude.

The U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI)  are investigating the full impact to Federal personnel.

After the intrusion additional network security precautions has been added  by the OPM. These includes: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.

Credit monitoring and identify theft insurance, and recovery services are offered by OPM to  potentially affected individuals through CSID®, a company that specializes in these services.

“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”

This hack was second major intrusion by China in less than a year, and largest breach of federal employee data in recent years.

“China is everywhere,” said Austin Berglas, head of cyber investigations at K2 Intelligence and a former top cyber official at the FBI’s New York field office. “They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”

Data breach at IRS, taxpayers data at risk

The IRS put out a statement saying that criminals had breached the confidential data of approximately a 100,000 people.

The hackers used sensitive data acquired from non-IRS sources - including Social Security Numbers, Date of Births and street addresses - to clear the multi-level security system of the IRS which includes verification through personal questions.

In total, the IRS has said there were 200,000 attempts to get data from their servers. The IRS will provide free credit monitoring service to those affected by this breach of data.

The IRS got to know a couple of weeks back that unusual activity was happening on their servers and that is how they discovered the breach of data.

The 'Get Transcript' feature was shut down temporarily by the IRS to gauge the estimate of the damage caused by the breach.

Vancity urges its customer to change their debit cards

Hundreds of customers of Vancouver City Savings Credit Union, popularly known as Vancity which is one of the largest community credit unions in Canada, have been requested to change their debit cards and get a new one after their debit card numbers were stolen while making purchases in Metro Vancouver.

The Vancity on May 23 confirmed that account of more than 1,000 of its customers have been affected and other bank customers may also have been affected by the serious banking breach at two local retailers.

According to a report published on CTV Vancouver, Darwin Sauer, spokesperson at the Vanicity, said that they found out on May 23 from Central One, their card provider that two Vancouver-area retailers had their card machines compromised as a result of a skimming operation, under which stealing of customer’s account information like PIN numbers is done.

“This could mean any customer who used those card machines or had their card go through those machines could have had their card compromised,” Sauer told to CTV Vancouver.

According to the company, a total of 1,200 its customers used their debit cards at the unnamed locations and only two people have notified the credit union about questionable transactions.

In order to protect its customers, the Vancity has placed limits on the 1,200 cards that may have been compromised and contacted the customers who will need to get new cards.

Sauer said people can protect their accounts from such fraud by changing their PIN regularly and shielding their PIN when entering it.

Bettys Tea Rooms firm’s website hacked


The Bettys Tea Rooms  firm’s website was hacked on Wednesday, affecting more than 120,000 customers.

In a statement released by the company, they apologized, and blamed "industry-wide software weakness" for the data breach.

The hackers gained access to the firm’s website database, and stole the personal details of the customers which includes their names, email addresses, postal addresses, encrypted passwords and telephone numbers.

"We would like to stress that your credit or debit card details have not been copied as this information is stored on a completely separate system managed by a certified third party. Bettys takes customer confidentiality extremely seriously and, whilst customer passwords were encrypted, it is important that you change your password as soon as possible by clicking this link or entering www.bettys.co.uk into your browser," Bettys said.

They also advised their customers to not to respond to any of the phone or email communication regarding their personal and financial information.

"To be clear, Bettys will never contact you and ask you to share any personal financial information," the tea shop chain said.

Gang of old ladies named 'Northern N00bz' is suspected to be behind the data breach. To take revenge for some disservice, they acquired  some coding skills. A full investigation is going on.

Details of 400,000 users leaked as mSpy is hacked


The mobile spying software service, mSpy has been allegedly hacked and personal data of about 400,000 customers released in the Deep Web.

mSpy, a software as a service product claims to help about 2 million people by helping them track the mobile activities of their partners or kids. The hacking of their servers came to light after KrebsOnSecurity received an anonymous tip with a link to a Tor-based site.

The site contained data about Apple IDs and passwords, tracking data, payment details on some 145,000 successful transactions, pictures, calendar data, corporate email threads, and very private conversations. Also included are emails from the people who have requested services of mSpy.

Sites like these are difficult to be suspended as they are hosted in the deep web, away from the indexing and registration in the regular search engines and can be accessed only via Tor.

While the unknown hackers claim to have data about 400,000 users, the company has not responded to repeated requests for an official confirmation.

It is not clear where the company is based but it seems to be tied to a presently defunct company called MTechnology Ltd. The founders are self-styled programmers Aleksey Fedorchuk and Pavel Daletski. The brand is involved in a trademark dispute with an US based company called Retina X studios that makes a similar product called MobileSpy.

The US courts are generally strict with companies like these, as has been indicated by past incidents and maintain that “Advertising and selling spyware technology is a criminal offense, and such conduct will be aggressively pursued by this office and our law enforcement partners”

While law takes a firm stand on such techniques, what is paradoxical is how the interested users of mSpy, who are mostly concerned parents of kids, have in a bid to keep their children secure ended up exposing their personal details to a world full of predators and bullies.

Data breach in casino's point of sale system


Possible data security breach in the FireKeepers Casino Hotel’s casino point of sale system, reports Battle Creek Enquirer.

The casino got to know about the security breach, after they received ‘a couples of calls’ from guests showing concern about their bank or credit card statements. Reacting immediately to the incidence, they started investigating into the matter.
There is no confirmation on exactly when the calls started and the number of people affected by this data breach.

Independent forensic team has been called to analyze the casino’s systems.
Vice President of Marketing Jim Wise, said that “FireKeepers has proactively replaced its point of sale equipment with equipment that is not tied to the casino’s systems. We've made the system safe by going to a new system. There’s not yet a timetable for the completion of the investigation.”

HSBC Finance confirms data breach of mortgaged customers


In a breach notification letter sent to the New Hampshire Attorney General, HSBC Finance Corporation has revealed that sensitive mortgage information of customers of a number of its subsidiaries has been potentially compromised.

The company says that personal information of 685 New Hampshire residents, about mortgage accounts, such as customers’ names, Social Security numbers, account numbers and possibly telephone numbers, were “inadvertently made accessible via the Internet.”

HSBC said that the notice was sent by HSBC Finance Corporation on behalf of its subsidiaries regarding a breach that it learned about on March 27th.

Its subsidiaries include Beneficial Financial I Inc., Beneficial Consumer Discount Company, Beneficial Homeowner Service Corporation, Beneficial Maine, Inc., Beneficial Massachusetts, Inc., Beneficial New Hampshire, Inc., Household Finance Corporation II, Household Finance Corporation of Alabama, Household Financial Center, Inc., and Household Realty Corporation.

HSBC said that it takes the issue seriously, and deeply regrets it happening. “We are conducting a thorough review of the potentially affected records and have implemented additional security measures designed to prevent a recurrence of such an incident,” it said. “We have ensured that the information is no longer accessible publicly. The company has notified law enforcement and the credit reporting agencies of the incident, and no delay in advising you has been caused by law enforcement notification.”


HSBC said it has ensured that the information is no longer publicly available. It began notifying affected customers on April 9 by letter and it's offered customers a free one-year subscription to Identity Guard, a credit monitoring and identity theft protection service.

Slack hacked, over 100k users data compromised


Slack, a team communication tool, has suffered suffered a security breach on its central user database, potentially leaving user's login credentials in the hands of hackers.

Slack was launched in 2013 and its android application has been downloaded by more than 100,000 users so far(according to Google Play store).

The company confirmed the breach in a company blog post. The unauthorized access took place for about 4 days in February.

The database accessed by the intruders included usernames, email IDs, and  passwords(hashed). It also contained optional data added by users such as phone numbers, Skype IDs.

On the bright side, Slack didn't store the passwords in a plain-text format. The passwords have been hashed with a bcrypt and a randomly generated salt.  It does not mean this will thwart hackers from accessing your account, it will just slow down the process and give you a time to take action. And, NO Financial or payment data compromised in this attack.

In the wake of security breach, the company strengths its security for the authentication.  One of them is "2 step authentication" - a verification code in addition to your normal password whenever you sign in to Slack. Let's hope the company also fixes any other vulnerabilities in their website.

Kreditech Suspects Insider In Data Breach

Kreditech, a Germany-based  micro-loan startup is investigating a data breach of personal and financial records of thousands of its online applicants, according to Brian Krebs report.

A Web site accessible via Tor, a software that transfers  Internet traffic  to a global network of relays, included links to countless documents, drivers licenses, national Ids, scanned passports, and credit agreements taken from Kreditech’s servers.

A group of  hackers 'A4' professes to have posted the screen shots of the hundreds of gigabytes documents of Kreditech.

Kreditech head of communications Anna Friedrich said, “There is no access to any customer data. This incident stemmed from a form on our website that was stored data in a caching system that deleted data every few days. What happened was that a subset of application data was affected. We are collaborating with the police, but unfortunately there is no more further information that I have to share.”

Further adding Friedrich said that Kreditech believes the data was leaked by an insider, can be former or current employee.

Kreditech, has raised $63 million from investors since 2012. The company grant credit to applicants using traditional data scoring and social media, and provide loans  in Spain, the Czech Republic, Poland, Mexico, Australia, Russia,  Peru, the Dominican Republic and Kazakhstan.

Twitch advises users to change passwords after potential hack

Gaming video broadcaster Twitch recently announced that the site could have potentially been hacked and all users should set new passwords for their accounts on the website.

The company has given out an official statement on the matter saying that hackers could have gained access to personal account information of its users. The website has not given out any information as to how hackers accessed the user information.

Not taking any chances, Twitch has expires the passwords of all its user accounts and also accounts linked from Youtube and Twitter. The company has gone a step further and also asked users to change their similar passwords on other websites.

Twitch is also contacting users personally via email, who they think might have been directly impacted because of the potential breach. In the email (obtained from Twitter user Chris Seymour) Twitch has further stated the information of the affected users at risk.

The email read, 'We are writing to let you know that there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password, the last IP address you logged in from, limited credit card information (card type, truncated card number and expiration date), and any of the following if you provided it to us: first and last name, phone number, address, and date of birth.'

Twitch has declined to comment publicly what personal information of its users might be at risk.

Cyberattack on Premera puts 11 million users at risk

Cyberattack on Premera has potentially exposed sensitive financial and medical records of roughly 11 million of its users.

The sophisticated cyberattack has affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and its affiliate brands Vivacity and Connexion Insurance Solutions, Inc. and members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska. Even individuals who conduct business with Premera have been affected.

Premera, a leading health insurance company stores information like member or applicant’s name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information.

The attack on its IT systems was discovered on January 29, 2015, but the initial attack had occurred long back on May 5, 2014. The company kept the information under wraps in order to safeguard its users against aggravated attack from the hackers. 

Premera is working closely with Mandiant, one of the world’s leading firms in cybersecurity to investigate the case and to remove the infection caused by the attack on the systems. The Federal Bureau of Investigation who has been notified are also investigating the case.

The attack has left the attackers with a goldmine of information. Initial investigations have revealed that no data has been removed from the system or been put to inappropriate use till now. 

Premera President and CEO, Jeff Roe has issued a statement saying that the company is committed towards protection of the information of its users and as a part of the commitment, Premera will be providing two years of free credit monitoring and identity theft protection services through Experion to the affected individuals, starting March 17, 2015.

They will be contacting people only by letter and no emails or phone calls would be made asking for information. The company has warned individuals against unsolicited phone calls seeking information.

In addition Premera has also established a dedicated call center for enquiries on the matter. For users of Premera , who feel they have been affected but have not received a letter form the company by April 20, 2015 are urged to call the company at 1-800-768-5817.

Data breach of Advantage Dental


An intruder had accessed internal membership information of more than 151,000 patients of an Advantage Dental, a Redmond-based provider that serves low-income patients at more than 30 clinics in Oregon, in late February, announced on Monday.

According to the Advantage Dental, there is unauthorized access to patients’ names, social security numbers, home addresses, phone numbers, and dates of birth, but treatment details, payment or other financial data were not accessed.

A malware obtained a username and password of Advantage employee’s computer that allows access to the membership database, which is separate from the database that contains financial and treatment information.

An intruder accessed the information continuously for three days from 23 Feb to 26 Feb. Internal IT specialists of Advantage Dental terminated the illegal access immediately upon discovery. Computers equipped with anti-virus software fails to detect new variations of a virus.

No patients have complained about the data being used for criminal activity. Advantage has made necessary security changes in all its clinics, and headquarters in Redmond to avoid further data breach.

Credit Card breach at Zoup puts NEXTEP in a soup


Eating out at Zoup? Be careful while using the credit card.
Thousands may be affected by a credit card breach that originated at the popular point-of-sale vendor NEXTEP systems which serves Zoup, and many other restaurants, corporate cafeterias, casinos, airports.

The incident came to light after  sources in the financial institutions  noted that all the cards which have recently showed fraudulent activity have been used at any of the 75  Zoup outlets across northern half of the United States and Canada. Zoup, one of Nextep’s biggest customers uses Nextep’s services at all outlets.

On being contacted by KrebsonSecurity, Zoup CEO Eric Ersher referred the calls to Nextep who admitted the breach. Nextep President Tommy Woycik  however added that he believed not all customers were impacted by the breach.

The pattern of breach is similar to the ones at other fast food chains —  Dairy Queen and Jimmy Johns, reported last year. In all such cases, malware is injected at the point of sale systems, which is designed to steal data encoded onto the magnetic strip at the back of credit and debit cards. The stolen data is then used to create counterfeit cards, which are then typically used to make purchases at big-box retailers. Such stolen cards are of considerable value at the underground cybercrime stores, and each card is sold for anywhere between $20 and  $100.

It is not clear how the nextep breach occurred but if previous examples are studied, the cause might be traced to stolen credentials which were then used to remotely administer malware into the system.

Effects of breach at point of sale vendors are huge. Last year, breach at the POS vendor Signature Systems Inc affected Jimmy John sandwich shops and at least 100 other restaurants. Earlier this year, Advanced Restaurant Management Applications (ARMA) suffered from a similar breach that affected many of its client restaurants.

Historically, food institutions have been prone to these attacks.While attacks at chain restaurants can be well  detected owing to pattern originating from the  huge data collated, the magnitude of the breach also increases owing to the number of outlets it affects.

KrebsOnSecurity is currently tracking down the commonalities between the POS breaches across the country.

National Grocers investigate unauthorized access to customer payment information


The latest retailer to be hit with a data breach incident in the United States is National Grocers after sources in the financial industry confirmed to KrebsonSecurity that they had identified a pattern of fraud on debit and credit cards of customers who buy their groceries at the 93 various outlets, across 15 states, of the organic and natural grocery chain.

According to US investigative reporter, Brian Kerbs, the Point of Sale Systems (POS) were breached by the hackers at various outlets sometime in December, 2014. This was possible because of the company's weak security if its database
s.

The company said in its response that it was looking into 'a potential data security incident involving an unauthorized intrusion targeting limited customer payment card data.' The company has also not received any information of misuse of the data that has been put at risk, by and individual or financial institution. In wake of the event, the grocery chain has decide to speed up plans to install to Point of Sale systems that provide end-to-end encryption to add more layers of security to their network.


“These upgrades provide multiple layers of protection for cardholder data. The company is in the process of installing this new system at all 93 Natural Grocers stores in 15 states. The company takes data security very seriously and is committed to protecting its customers’ information. This is all the information the company is able to provide at this time, as the investigation into the incident is ongoing," the company's emailed statement concluded.

Many big retailers in the US such as Home Depot, Supervalu, Neiman Marcus and Target have been hit by hackers in recent times. The new POS systems conduct a transaction through the more secure Europay, MasterCard and Visa (EMV) standard, which is the latest technique being used to safeguard against card fraud at POS systems.

In October 2014, Obama signed an executive order for a speedier adoption of the EMV standards across USA. The federal government has been tasked with the charge of leading by example in securing customer transactions and sensitive data, throughout the whole of United States.

Cape May-Lewes Ferry Confirms Credit Card Data Breach


The Cape May – Lewes Ferry has confirmed its payment data systems were infiltrated by hackers who took payment card data on certain systems at the Cape May-Lewes Ferry’s terminals and vessels.

Delaware River and Bay Authority(DRBA) that operates the Cape May – Lewes Ferry learned of a possible data breach on July 30 - The same day Jimmy John's learned of the data breach.

The organization with the help of third-party cyber forensic experts has determined that its card processing systems relating to food, beverage , and retail sales only were compromised.

Credit and Debit card data of individuals who have made purchases from September 20, 2013 through August 7, 2014 at the Cape May – Lewes Ferry ’s terminals and vessels at risk.

The malware planted by the cyber criminals has been eliminated.  The card data accessed by the malware includes card numbers, cardholder's names and/or card expiration dates.

DRBA is offering free identity protection services, including credit monitoring to affected customers.