Jeremy Kirk reports:
More than 20 travel-related websites have experienced data breaches in the past two months, according to a security expert who tracks the trade in stolen data.
Data from those websites is being sold on underground forums by cybercriminals, said Alex Holden, CTO of Hold Security, a company that specializes in monitoring the illegal trade and alerting companies if their data is found.
Read more on TechWorld.
In addition to the MileagePlus breach disclosed by United this week, American Airlines also disclosed a breach today that affected about 10,000 of their customers.
Breach is far to loose of a term. This seems like account takeover fraud as a result of malware on personal machines. Can companies do more to detect takeover fraud? YES.. However that is done by carefully mapping user behavior for non typical activity. This does not appear to be exploitation of any flaw in the systems of the airlines.
By this logic every company that doesn’t have fraudulent pattern recognition implemented is subject to being labeled as breached when their customer fail to protect their personal machines.
You raise a fair point. I did use the term (too) loosely. Thanks for calling me out on that.