Welcome to The Dashlane Tech Check for July 14, 2017! I’ll help you catch up on Dashlane-related news and the big news in the tech industry. And just for fun, I’ll include a useful lifehack that will keep you safe and secure all year long.
Data Breach Alert
Hotel reservation system to blame for data breaches at Trump, Hard Rock, and Loews Hotels
Hard Rock Hotels & Casinos, Loews Hotels, Trump Hotels and several other hotel chains have suffered from yet another high-profile data breach. Infosecurity Magazine reports that hackers accessed the hotels’ Sabre SynXis Central Reservations System to compromise payment information, including cardholder name, payment card number, card expiration date, and possibly security codes; in some instances, the hackers may have also collected guest names, emails, phone numbers, street address, and other consumer data. The hackers were able to access the reservation system undetected for 7 months, from August 2016 to March 2017. However, it is currently unclear how many customers have been affected.
6 Million Verizon users’ data leaked online
Due to a security lapse, Verizon admits that data for at least 6 million customers were exposed online. According to InfoSecurity Magazine, exposed data includes names, addresses, account details, and, most importantly, account PIN numbers. As Buzzfeed notes, an attacker with access to your four digit PIN number–which is used to verify your identity during a customer service call–could easily impersonate a user and gain access to your account.
Infosecurity Magazine also reports that the data was exposed because a third-party partner, NICE Systems, did not secure external access to an Amazon S3 server, which exposed as many as 14 million records of subscriber calls. “Verizon is committed to the security and privacy of our customers. We regret the incident and apologize to our customers,” a Verizon spokesperson said in a statement to BuzzFeed.
Theatre chain B&B investigates a possible two-year credit card data breach
B&B Theatres is investigating a potential card data breach beginning around April 2015 after being notified from a bank partner. “While some malware was identified on B&B systems that dated back to 2015, the investigation completed by Trustwave did not conclude that customer data was at risk on all B&B systems for the entirety of the breach,” the company said in a statement published in Infosecurity Magazine. “Trustwave’s investigation has since shown the breach to be contained to the satisfaction of our processing partners as well as the major credit card brands. B&B Theaters values the security of our customers’ data and will continue to implement the latest available technologies to keep our networks & systems secure into the future.”
Healthcare group Bupa suffers data breach
International healthcare provider, Bupa, has also been hit by a data breach due to employee error. Infosecurity Magazine reports that an “employee inappropriately copied and removed information from one of the company’s systems.” The data breach–which only affected Bupa Global– affected 108,000 international health insurance customers by exposing names, dates of birth, the nationality of customers, as well as some contact and administrative information.
Hackers launch malware attack affecting food kiosks in employee break rooms
Food kiosk vendor Avanti Markets may have compromised payment card information and biometric data for as many as 1.6 million users. According to a statement republished in Infosecurity Magazine, Avanti Markets discovered a “sophisticated malware attack” which affected some kiosks tied to vending machines, potentially compromising a cardholder’s first and last name, card number, expiration date, and biometric data. It is currently unclear exactly how many users have been affected thus far.
What in the (security) world?
Here’s what made headlines this week in the world of digital identity, security, and privacy:
President Trump walks back forming a cybersecurity unit with Russia
President Donald Trump has retracted plans to create an “impenetrable cyber security unit” with the Russian government, following backlash from both senior Democrat and Republican lawmakers, as well as cybersecurity experts. “Putin & I discussed forming an impenetrable cyber security unit…so that election hacking, & many other negative things, will be guarded…and safe,” Trump wrote on Twitter following his G20 meeting with Russian president Vladimir Putin. He later walked back his statements via Twitter, saying, “The fact that President Putin and I discussed a Cyber Security unit doesn’t mean I think it can happen. It can’t…”
75-year-old man charged with money laundering after running a ransomware tech support scam
An elderly Australian man has been arrested and charged with money laundering after running a tech support ransomware scam, which earned him over AU $1 million ($762,000 US dollars), according to Queensland Police. According to authorities, “as part of the scam, a number of victims were subject to overseas cold calling scams, advising their computer needed repairs and provided remote access to the scammers, who then downloaded ransomware virus. It will be further alleged the scammers demanded money to be paid to a Mackay-based bank account or money order to facilitate unlocking the victim’s computer.” The 75-year-old set up three companies between 2015 and 2017 to launder money from his victims.
Tech giants got together to for an online protest on net neutrality rules
— Google (@Google) July 12, 2017
On Wednesday, hundreds of tech companies coordinated an online protest against the US Federal Communication’s Commission’s (FCC) plans to remove net neutrality rules. According to The New York Times, Google, Facebook, Netflix, Amazon, and hundreds of other tech companies came together to protect the government’s rollback of net neutrality rules, which prevent Internet Service providers–like Comcast or AT&T–from creating faster delivery lanes for some websites and not others.
This Week’s Lifehack to Improve Your Security
Did you know Dashlane gives you the option to store your encrypted data on our servers or locally on your device? If you’re a security-minded Premium user weary of keeping your data in the cloud, you can manually disable Dashlane’s syncing features. We’ll show you how!