Analecta Cyber Company Blog: September 2015

2015-09-30

Error Exposes 1.5 Million People's Private Medical Records on Amazon Web Services

Several large-scale data breaches have been uncovered within the past couple of years. They usually involve hackers trying to access various data for their personal benefit. But that wasn’t the case this time. A wide variety of information for approximately 1.5 million people was strangely exposed on a public subdomain of Amazon Web Services. This includes details from police injury reports, patients’ notes from their doctors, Social Security numbers and other bits of information. Instead of a cyber hack, the sensitive information was exposed due to the third party contractor’s negligence.
A Texas-based researcher in early September discovered the massive data breach online that revealed private medical information available online for anyone to download. After realizing what it was, the researcher immediately contacted the organizations impacted such as Kansas’ State Self Insurance Fund, CSAC Excess Insurance Authority and the Salt Lake County Database.

2015-09-29

Suspected thief in Bel Air coffee shop caught on camera


The Hartford County Sheriff’s Office is seeking information in a case of a stolen credit card at a Bel Air coffee shop. Cameras at the shop recorded a man apparently stealing someone’s wallet. Several hours later, a woman tried to use a stolen card at several shops in Abingdon. The alleged crimes happened on Thursday, Aug. 20.
The Sheriff’s Office is offering a $2,000 reward for help in the case.

2015-09-25

IRS says 220,000 more people may have been hack victims

The Internal Revenue Service may have been the recent target of a cyber attack, causing various types of personal information of taxpayers to be compromised. The IRS has identified about 334,000 Americans that could possibly be affected by the cyber hack, according to news reporter. It was believed to have started in February but was only uncovered last May.

2015-09-24

Hackers compromise computers at Mandarin Oriental hotels in the US and Europe

Several Mandarin Oriental hotels in the United States and Europe were compromised in early 2015 by hackers. The cyber attackers worked to steal customer financial information via malware that bypassed detection of the antivirus software protecting the hotel’s cyber systems.


2015-09-23

Virginia credit union hit by ATM skimmer attack

Virginia Credit Union (VACU) based in Richmond, Virginia is conducting an investigation on card skimming incidents that happened at several ATMs and resulted in fraud. During the normal maintenance conducted on one of its branch ATMs, the credit union discovered the skimming devices which led the company to immediately commence an investigation.

2015-09-22

Chick-fil-A says customer data may have been hacked

Reports confirmed that within the previous year, about four out of 10 companies suffered a data breach and Chick-fil-A may be one of them. Security reports further stated that a security breach may be linked to Chick-fil-A locations in Georgia, Maryland, Pennsylvania, Texas and Virginia.

2015-09-21

Pentagon food court hack exposes employee bank information

Hackers will try to find ways to attack anything that has value to it. And it seems the Pentagon is no exception. Hackers recently were able to infiltrate the Pentagon food court's computer system, leading to an unknown number of employees’ bank information being
compromised.


2015-09-17

Washington D.C. think tank hacked, 700,000 charities at risk

The Urban Institute, a group of experts based in Washington D.C providing research articles for nonprofits on management and governance, disclosed that the organization’s National Center for Charitable Statistics (NCCS) network has been the recent focus of a major security breach.

2015-09-15

DC To Probe City Traffic Lights After Man Hacks System

Washington, D.C. will conduct an audit of its traffic light grid to test its vulnerability. City officials will launch the audit this summer to identify the traffic light system’s potential weaknesses. 



2015-09-09

$100,000 stolen in Baltimore credit card hack

Local residents switching to cash

Following the latest large-scale hack of Baltimore residents’ credit and debit card information, some local victims decided to switch from cards to cash for their personal purchases. It was reported that the number of complaints regarding fraudulent charges stemming from the hack have been between 350 and 400 cases after locals used their debit cards at one or more businesses in the Baltimore area. 

2015-09-06

$100k Settlement over Data Breach

A settlement has been reached between Visionworks LLC and the Maryland Associate General in connection with a data breach that exposed the private health information of 112,627 people. An estimated 72,000 victims lived in Maryland. Visionworks LLC will pay a $100,000 fine to the state for the data security breach. The breaches were classified as the result of a lost server, which exposed 74,944 records, and another from a network server theft exposing 47,683 records. The breaches possibly exposed names, addresses, dates of birth and even purchasing histories of patients. Reports stated that Visionworks was upgrading to encrypted servers but then failed to secure the old servers, which is a breach of the HIPAA security rules requiring physical safeguards for PHI security. The state’s Office of the Attorney General Consumer Protection Division entered into a settlement agreement with Visionworks LLC and ensured proper implementation of the disposal. “This case should put businesses on notice that they need to be vigilant on behalf of their customers”, Attorney General Brian E. Frosh warned companies doing business in Maryland. Aside from the monetary fine, the company must implement various new security measures to ensure data is safe. However, the financial penalty may add up considering about 50,000 other individuals, mostly living in Pennsylvania, were also affected but not covered by the settlement.

More information can be found at: http://www.hipaajournal.com/visionworks-agrees-to-100k-data-breach-settlement-with-maryland-ag-8075/

2015-09-04

Major flaws identified in Belkin N600 routers



Password protected WiFi may not be enough security - researchers at the Computer Emergency Response Team Coordination Center (CERT/CC) at Carnegie Mellon University who study Internet security vulnerabilities have issued a warning to the users of these routers. The researchers noted that a number of Belkin router models (specifically the Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 plus possibly earlier versions) are among those affected by the security vulnerabilities.

2015-09-03

White Marlin Open website hacked, multiple times


Tournament website hacked

The website for the  White Marlin Open fishing tournament, www.whitemarlinopen.com, has been the victim of multiple recent cyber attacks. Officials with the tournament wrote on Facebook that a disgruntled former employee may have been behind the attacks. The site has been repaired and is running again. Officials said the attack did not affect boat registrations and tournament entries.


Attacks on the rise

While impact appears to be minimal, small businesses and organizations are increasingly targeted and attacked online. These websites can then be used to serve malicious software (malware) to anyone on the Internet. Often the website's good reputation is used to send massive amounts of dangerous email hoping to ensnare unsuspecting users.

How to know if you've been hacked