Hard Rock Hotel & Casino reports possible card breach

Hard Rock Hotel Las Vegas has issued a statement on May 1 in which they disclosed a security incident which may have affected the customer’s credit card information.

It said that the incident allowed hackers to access to information about credit or debit cards used at certain Hard Rock Hotel & Casino Las Vegas retail and service locations. 

The information affected the names, card numbers, and CVV codes. However, it does not have access to the PIN numbers or other sensitive customer information.

According to the statement, the incident was happened to credit or debit card transactions between September 3rd, 2014 and April 2nd, 2015 at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant.

The attack did not affect transactions at the hotel, casino, Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tattoo or Reliquary Spa & Salon.

The hotel urged its customer to review their credit and debit card statements and report, if they notice any suspicious activity at their bank accounts.

It also informed that the customers are not responsible for unauthorised charges that are reported in a timely manner.
They wrote that in order to protect their customer’s identity, they have now engaged Experian®, the largest credit bureau in the US, which will offer the customers complimentary Fraud Resolution and identity protection for one year.

They said that Fraud Resolution assistance is available anytime however, customers are requested to activate the fraud detection tools, which is available through ProtectMyID® Elite. It provides superior identity protection and resolution of identity theft.


In order to activate ProtectMyID® , the customers have to request for an activation code through an email to hardrockhotel@protectmyid.com. Once they receive the code, they have to activate ProtectMyID® Elite at www.protectmyid.com/protect.

Harbortouch discloses a breach caused by malicious software


Harbortouch, which supplies point-of-sale (POS) systems to thousands of businesses across United States, disclosed a breach in which some of its restaurant and bar customers were impacted by a malware. The malware allowed hackers to get customer card data from the affected merchants.

A card issuer recently reported to KrebsOnSecurity about the concerned authority is ignoring the dangerousness of the breach. And the ignorance of the company would affect more than 4,200 Harbortouch customers nationwide.

Before the Harbortouch had revealed, many sources involved in financial industry suspected that there was a possibility of a breach at a credit card processing company.

According to an article published on  KrebsOnSecurity, the suspicion increased whenever banks realized card fraud that they could not easily trace back to one specific merchant.

Some banks wanted to know about the unrevealed fraud as stolen cards were used to buy goods at big box stores. They made some changes in the way they processed debit card transactions.  

United Bank recently issued a notice saying that in a bid to protect its customers after learning of a spike in fraudulent transactions in grocery stores and similar stores such as WalMart and Target, it has started a block in which customers will now be required to select ‘Debit’ and enter their ‘PIN’ for transactions at these stores while using their United Bank debit card.

Harbortouch issued a statement last week, in which the company said it has identified and contained an incident that affected a small percentage of its merchants. It also confirmed the involvement of malware installation on the POS systems. The advanced malware was designed in such a way that the antivirus program running on the POS System could not detect.

The Harbortouch however, removed the malware from affected systems shortly when the problem was detected.

Mandiant, a forensic investigator, helped the company in its investigation.

The company explained in the statement that it does not directly process or store card holder data and only a small percentage of their merchants got affected for a short period of time. 

Currently, the company’s officials are working with the parties concerned to notify the card issuing banks that were impacted. After that the banks can conduct heightened monitoring of transactions to detect and prevent unauthorized charges.

However, the sources at a top 10 card-issuing bank in the United States that shared voluminous fraud data with an author of KrebsOnSecurity on condition of anonymity, the breach extended to at least 4,200 stores that run Harbortouch’s the POS software.

Nate Hirshberg, marketing director at Harbortouch, said the statements are not true.

White lodging confirms second data breach at 10 hotels

White Lodging Services Corporation (WLSC), an independent company which manages more than 160 hotels in 21 states of America, has confirmed a second data breach on its credit card systems at 10 locations.

In a press release issued on April 8, the WLSC said that the suspected breach of point-of-sale systems at food and beverage outlets, such as restaurants and lounges, from July 3, 2014 to February 6, 2015 at 10 hotels.

While it is believed that some of the breached locations were the last year’s breached locations only, the Indiana-based company clarified that the second was a separate breach.

According to KrebsOnSecurity news report published on April 15, in February 2015 it reported for the second time within a year that multiple financial institutions were complaining about the fraud on customer’s credit and debit cards that were all recently used at a string of hotel properties run by the WLSC.

However, the company said it had no evidence of a new breach at that time, but last week only, it confirmed the suspected breach of point-of-sale systems at 10 locations.

Banking sources back in February 2015 said that the credit cards compromised in this most recent incident looked like they were stolen from many of the same WLSC locations implicated in the 2014 breach, including hotels in Austin, Texas, Bedford Park, Ill., Denver, Indianapolis, and Louisville, Kentucky.

“After suffering a malware incident in 2014, we took various actions to prevent a recurrence, including engaging a third party security firm to provide security and managed services,” said (in the press release) Dave Sibley, Chief Executive Officer (CEO) of the WLSC.

“However, these security measures failed to stop the malware occurrence on point-of-sale systems at those 10 hotels. We will continue our investigation as it is necessary to protect the personal information entrusted to us by our valuable guests. We deeply regret and apologize for this situation,” he added.

According the WLSC, the stolen data includes names printed on customers’ credit or debit cards, credit or debit card numbers, and the security code and card expiration dates.

The company is offering a year’s worth of credit protection services for customers impacted by the breach, from Experian.

Database hacked at Biggby Coffee, personal information of customers at risk


Security breach at Biggby Coffee has potentially exposed personal information of some of its customers and job applicants.

Biggby Coffee, a leading coffee franchise business based out of Michigan stores information like customer or applicant’s name, date of birth, email address, address, telephone number, Social Security number, driver's license record, employment history.

However the company maintains that no sensitive data like financial information has been leaked, only details like name, contact details and employment history might have been subjected to the breach.

A spokeswoman for the company added that less than 20 % of Biggby's customer data was affected and only information submitted via the website had been compromised. Also, the information accessed had nothing to do with the cash registers or point of sale systems in the stores,

The attack on the company's systems was discovered on the last week of March, when its web developer and hosting company Traction revealed that a criminal has forced its way into the system and accessed the consumer database.

The data breach has been reported to the police and FBI.

Hackers target Executive club members of British Airways

Being an executive customer at British Airways (BA) does not guarantee any better security from hackers. Thousands of executive customers found this out to their peril as BA confirmed the hacking of the accounts.

According to the company, it was not a direct attack on the central database; the attack was carried out on some account holders using information on the users available elsewhere on the internet. Also, the company maintained that only “a small number of frequent flyer Executive Club accounts” had been affected and though there has been some unauthorized activity, no sensitive information had been leaked.

Though the company said that the hackers had not gained any access to any subsequent information pages like travel histories or payment card details within accounts, BA Executive Club (BAEC) account holder have registered complaints on the forums saying that their Avios points have been stolen. Avios points are accumulated through frequent travel can be used for other flights or upgrades. Tier points have not been affected due to this hack.

One user wrote, “My Avios balance, which was 46,418 yesterday, is suddenly zero,” Another said, “217,000 taken from my account this morning. 30 minute hold on the silver line.”
Other people are also reporting they are unable to access their accounts at all, with their BAEC number not being recognized at all.The company responded saying that the accounts have been locked down from access as a response to the breach and all the points would be subsequently reinstated.

Some members of BAEC affected by the issue have received emails requesting change of passwords, for those who have not but still are locked out of the accounts can place a call to the customer care.

For customers wanting to book flights now, bookings as redemption of points might not be available pending resolution of the matter but still can be checked for availability.

Alternatively, one might, if the options are available try to book through Avios.com which has not been affected.

However, with so many cases, it is best to wait for a few days till the situation becomes clearer.

Slack hacked, over 100k users data compromised


Slack, a team communication tool, has suffered suffered a security breach on its central user database, potentially leaving user's login credentials in the hands of hackers.

Slack was launched in 2013 and its android application has been downloaded by more than 100,000 users so far(according to Google Play store).

The company confirmed the breach in a company blog post. The unauthorized access took place for about 4 days in February.

The database accessed by the intruders included usernames, email IDs, and  passwords(hashed). It also contained optional data added by users such as phone numbers, Skype IDs.

On the bright side, Slack didn't store the passwords in a plain-text format. The passwords have been hashed with a bcrypt and a randomly generated salt.  It does not mean this will thwart hackers from accessing your account, it will just slow down the process and give you a time to take action. And, NO Financial or payment data compromised in this attack.

In the wake of security breach, the company strengths its security for the authentication.  One of them is "2 step authentication" - a verification code in addition to your normal password whenever you sign in to Slack. Let's hope the company also fixes any other vulnerabilities in their website.

Data Breach at Sacred Heart Health Systems


A security breach at one of the third-party vendors of Sacred Heart Health Systems has resulted in the exposure of health and personal information of approximately 14,000 patients.

Hackers were able to access patients’ names, dates of service, dates of birth, diagnoses and procedures, total charges, and physicians’ names, and 40 of the patients Social Security numbers were also compromised, through phishing attack by gaining access to the email account of an employee of the billing vendor.

The incident was first discovered on Dec. 3, 2014, and username and password of the employee was immediately shut down. On Feb 2,2015, Sacred Heart was notified of the attack.

 They immediately launched an internal investigation by engaging computer forensics experts, to conduct and analyze the incident and help to accurately identify affected ones, and they sent letters to all affected patients informing them about the hacking attack. The hacker has not been identified.

Credit Card breach at Zoup puts NEXTEP in a soup


Eating out at Zoup? Be careful while using the credit card.
Thousands may be affected by a credit card breach that originated at the popular point-of-sale vendor NEXTEP systems which serves Zoup, and many other restaurants, corporate cafeterias, casinos, airports.

The incident came to light after  sources in the financial institutions  noted that all the cards which have recently showed fraudulent activity have been used at any of the 75  Zoup outlets across northern half of the United States and Canada. Zoup, one of Nextep’s biggest customers uses Nextep’s services at all outlets.

On being contacted by KrebsonSecurity, Zoup CEO Eric Ersher referred the calls to Nextep who admitted the breach. Nextep President Tommy Woycik  however added that he believed not all customers were impacted by the breach.

The pattern of breach is similar to the ones at other fast food chains —  Dairy Queen and Jimmy Johns, reported last year. In all such cases, malware is injected at the point of sale systems, which is designed to steal data encoded onto the magnetic strip at the back of credit and debit cards. The stolen data is then used to create counterfeit cards, which are then typically used to make purchases at big-box retailers. Such stolen cards are of considerable value at the underground cybercrime stores, and each card is sold for anywhere between $20 and  $100.

It is not clear how the nextep breach occurred but if previous examples are studied, the cause might be traced to stolen credentials which were then used to remotely administer malware into the system.

Effects of breach at point of sale vendors are huge. Last year, breach at the POS vendor Signature Systems Inc affected Jimmy John sandwich shops and at least 100 other restaurants. Earlier this year, Advanced Restaurant Management Applications (ARMA) suffered from a similar breach that affected many of its client restaurants.

Historically, food institutions have been prone to these attacks.While attacks at chain restaurants can be well  detected owing to pattern originating from the  huge data collated, the magnitude of the breach also increases owing to the number of outlets it affects.

KrebsOnSecurity is currently tracking down the commonalities between the POS breaches across the country.

Limited portion of ASML's IT System hacked


An unnamed hacker broke into a limited portion of an  IT system of a semiconductor supplier company called ASML on Sunday. In their initial investigation, ASML revealed that only a limited amount of data has been accessed.

According to  ASML, there has not been any evidence of  valuable files, both  from their or customers and suppliers side, has been compromised. Their IT staff quickly got to know about the break-in the IT system and took immediate step.

ASML is a multinational Dutch company, with its presence  felt in more than 16 countries in over 70 different locations. They make photolithography machines for the production of integrated circuits such as CPUs and memory chips, that improve the quality of life.

In recent times, many large companies have been targeted by hackers, but they  are constantly working to improve their defenses against hacking attempts and their detection capabilities.

ASML is listed in Euronext Amsterdam and NASDAQ under the symbol ASML.

Uber files John Doe lawsuit in response to nine month-old data breach


Uber has filed a John Doe lawsuit in the district court of Northern California as part of its investigation regarding a data breach of one its driver’s database.

Last year in on September 17th, Uber discovered that one of its databases had been accessed using a login key that was posted on a post on Github.  The key was used to access Uber's internal database which houses information about 50,000 drivers.

Uber has begun reaching out to drivers whose information was stored in the breached database. The company has also provided a one year free membership of Experian’s ProtectMyID Alert to drivers whose information has been stolen.

Uber has also subpoenaed Github to share the IP addresses of anyone who visited a particular gist post (the login key used to access the database was posted there) between March and September 2014.

Uber shared the information about the breach through a post on its blog, on which it mentioned that the breach of data had occurred sometime around 12th May, last year. The files that were stolen from the database contained names and driving license numbers of its drivers, past and present. According to Uber, no case of misuse of any stolen data has been reported.

Questions have risen after the post was published on Uber's blog as to why the company did not come forward with the information earlier, and why were driver partners whose information was stolen and put at risk, not informed about the incident earlier?

Cape May-Lewes Ferry Confirms Credit Card Data Breach


The Cape May – Lewes Ferry has confirmed its payment data systems were infiltrated by hackers who took payment card data on certain systems at the Cape May-Lewes Ferry’s terminals and vessels.

Delaware River and Bay Authority(DRBA) that operates the Cape May – Lewes Ferry learned of a possible data breach on July 30 - The same day Jimmy John's learned of the data breach.

The organization with the help of third-party cyber forensic experts has determined that its card processing systems relating to food, beverage , and retail sales only were compromised.

Credit and Debit card data of individuals who have made purchases from September 20, 2013 through August 7, 2014 at the Cape May – Lewes Ferry ’s terminals and vessels at risk.

The malware planted by the cyber criminals has been eliminated.  The card data accessed by the malware includes card numbers, cardholder's names and/or card expiration dates.

DRBA is offering free identity protection services, including credit monitoring to affected customers.

Kmart is the latest security breach victim

Kmart is the latest largest U.S. retailer to experience a data breach, confirmed that hackers had accessed certain debit and credit card numbers.

IT Security firm hired by the Kmart found the store payment data systems "were infected with a malware that was undetectable by current antivirus systems".

The company says no personal information, no debit card PIN numbers, no email addresses and no social security numbers were accessed in the security beach.

According to the investigation, the cyber criminals got into their systems in early September.  The company said it immediately removed the malware. 


Yahoo says ShellShock vulnerability is NOT the cause of the servers hack

Researcher Jonathan Hall says he found evidence that Romanian hackers used the recent "ShellShock" vulnerability to hack a number of high profile websites including Yahoo, WinZip.

Hall said he informed Yahoo, WinZip and FBI about the issue.

Yahoo earlier today said their servers were compromised by the ShellShock vulnerability.  But, Yahoo's Chief Information Security Officer Alex Stamos published a statement in Hacker News that the breach is not a result of 'Shell Shock'.

"Three of our Sports API servers had malicious code executed on them this weekend by attackers looking for vulnerable Shellshock servers." Stamos wrote.

"These attackers had mutated their exploit, [and] this mutation happened to exactly fit a command injection bug in a monitoring script our Sports team was using at that moment to parse and debug their web logs."

The company claimed hackers did not gain access to any user data and the affected servers are used to provide live streaming for its sports service that don't store user data.

In response, Hall said in his blog "The Yahoo! infiltration WAS from the 'Shellshock' vulnerability, and it did NOT originate on the sports servers / API’s".

About 5 million Gmail IDs and passwords leaked

Around 5 million Gmail user names and related passwords have been leaked in Russian Bitcoin security forum.

Is Google got hacked?
No, the leak was not the result of a security breach of Google systems.  The dump is said to have been obtained from other websites.

So, if you have used the same password used anywhere else, your gmail account could be compromised.

Google's response
"We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords." Google wrote.

What You should do?
  • There are few websites available online to check whether your gmail ID have been compromised or not.  My suggestion is don't use them.  I suggest everyone to change the password.(I believe most of the people keep the same password for years, so it's better to change now).
  • If you have not enabled 2-step-factor feature, it is good to enable it.
  • Never use the gmail password in any other websites.

A Test server of HealthCare.gov infected with malware



Hackers managed to breach a server which is part of HealthCare.gov and managed to upload a malicious software.

The server in question is a test server that was not meant to be connected to the Internet, it reportedly doesn't contain consumer personal information. 

The incident was originally reported by the Wall Street Journal.  The attackers broke into the server in july but the security breach was only detected on August 25 during routine review of security logs.

Department of Health and Human Services said the website was not specifically targeted.  The malware used in this attack was likely to perform denial of service attacks on the other websites.

The malware has been removed from the server.

Security breach at Bartell Hotels affects over 40,000 individuals


Bartell Hotels announced that it had detected potential unauthorized access by a third-party attacker to its customer's financial data.

The payment card processing systems used at five Bartell Hotels were compromised.

The five impacted hotels are Best Western Plus Island Palms Hotel & Marina, The Dana on Mission Bay, Humphreys Half Moon Inn & Suites, Pacific Terrace Hotel and the Days Hotel–Hotel Circle

The official statement says the security breach occurred between February 16,2014 and May 13,2014.  The breach involves theft of certain credit card data including names of customers and credit card numbers.

According to SC Magazine, the data breach affects between 40,000 and 45,000 individuals.  About 16,000 individuals who provided their email ids to the Bartell are currently informed of the breach.

The company is offering free credit monitoring and identity protection to the affected individuals.

Goodwill confirms Credit card breach

Goodwill Industries confirmed that a third party vendor's system hit with malware attack, resulting in its customers credit card data being compromised.

The data security issue was intially announced in July,  the organization said it is working with federal authorities to investigate the issue.

Following the investigation , the organization determined that malware had been installed on third party vendor's system used by 20 Goodwill customers(about 10% of all stores) to process credit card payments.

The affected systems contained names, payment card numbers, and expiration date.  The company says it has found no evidence that customer's personal information affected by this breach.

UPS store at 51 locations hit with Malware, Customers' Card data at risk

UPS Store, a subsidiary of UPS, said that 51 US Stores in 24 States were hit with a malware which was not detected by current Antivirus software.

The breach puts customers who used a credit or debit card at one of the affected locations between January 20,2014 and August 11 at risk.

Customer information that may have been exposed in this breach includes names, postal addresses, email addresses and payment information.

The company hired an IT Security firm to conduct forensic investigation after receiving a notification about a "broad-based malware intrusion" from US Government.

The UPS Store said it eliminated the malware as of August 11.  The company is offering identity protection and credit card monitoring services to impacted customers.


Hackers exploit HeartBleed vulnerability to compromise CHS


Community Health Systems (CHS) recently revealed that hackers have compromised their computer network and stolen personal information of around 4.5 million patients.


The report says the attackers have breached the CHS network in between April and July.  Mandiant, the company that did the forensic investigation found that the group responsible for the "Advanced Persistent Threat" attack is originated from China.

The compromised information includes patients names, phone numbers, Social Security Numbers and other details.

The company claims that no patient credit card, medical or clinical information has been taken.

According to TrustedSec, hackers have exploited the infamous OpenSSL "heart bleed" vulnerability to compromise the CHS network.

"Attackers were able to glean user credentials from memory on a CHS Juniper device via the heartbleed vulnerability (which was vulnerable at the time) and use them to login via a VPN." TrustedSec explained.



New Zealand Super Computer FitzRoy Hacked


FitzRoy, one of the fastest supercomputer weighing 18 tonnes, equivalent to 7000 laptops working simultaneously, supplying information on future severe weather, as well as greater world issues such as climate change, has been targeted by a computer hacker assumed to hail from China.

FitzRoy is owned by Niwa and is housed in a specially constructed room at the National Institute for Water and Atmospheric Research base at Greta Point, Wellington.

John Morgan chief executive of Niwa confirmed the news on May 23rd that supercomputer's security has been compromised by "an unauthorized person" overnight on Thursday.

He further said- "We immediately isolated the supercomputer, and switched functionality to back-up facilities in Hamilton"

"We are . . . confident the intruder did not get beyond the supercomputer."

FitzRoy provides a Capability Class supercomputer for use by New Zealand scientists working at the forefront of some of the largest scientific challenges faced by the nation. It is the fastest machine of it's kind in the southern hemisphere and comfortably in the world's top 500 supercomputers. It has a peak speed of 34 Tflops which a low latency, high bandwidth interconnect allowing the machine to act as a unified tool to solve the largest scientific problems.

Though it has been confirmed that the attacking IP address is from China still it cannot be confirmed that the attack originated from China, Prime Minister John Key said.“I would be very wary of attributing it to any country,” he says.

Meanwhile Niwa assures that the attack was in vain and FitzRoy has resumed its work normally."After taking a number of mitigation steps, the supercomputer was back online on Saturday evening with all normal services resumed," Niwa says.

Furthermore security expert Dr Paul Buchanan — a former policy analyst for the US Secretary of Defense advising the Pentagon — told NBR the attack followed the Chinese pattern of cyber trawling.He suggests the attack was to look for a back door or weak link, if Fitzroy is connected to other government computers.

But Daniel Ayers, a one-time Ernst & Young computer forensic expert and fraud investigator now private company Special Tactics, has different interpretation.He says-the attack could be used to mount a brute force attack on encryption of the supercomputer."The culprit in this case might have been seeking to establish a ‘botnet’ of super computers to solve a particularly difficult problem — possibly cryptographic. Or they might have suspected that the machine had covert classified uses, and it may do.”-he adds.

On the way we can now be sure that the day is not far when the security of super computer can be interrogated heavily.