Brian Krebs reports: Sources at nearly a half-dozen banks and credit unions independently reached out over the past 48 hours to inquire if I’d heard anything about a data breach at Arby’s fast-food restaurants. Asked about the rumors, Arby’s told KrebsOnSecurity that it recently remediated a breach involving malicious software installed on payment card systems at hundreds of…
Category: U.S.
While investigating W-2 phishing scam, company discovers they were scammed last year, too (Updated)
The 2017 W-2 Phishing Victims List continues to grow, and I’m not posting most of them as individual reports, but one news story involving Monarch Beverage Company in Indianapolis deserves special mention because as CBS reports: While investigating this incident, the company discovered the same thing happened in April 2016. A scammer posing as the…
Good guy Logic Supply resolves breach in days, unlike some companies
John Leyden reports: US-based industrial computer supplier Logic Supply has reset user passwords following a suspected security breach. Unauthorised access through the firm’s website on 6 February may have exposed customer/company names, usernames and passwords, and order information. Payment card details were not exposed, Logic Supply reassured customers in a breach notification email (extract below) forwarded to El…
IL: Alton Steel employees report tax refund fraud following W-2 phishing incident (Updated)
Update: This incident actually was a phishing incident, and The Telegraph‘s story now reflects that, so I’m adding this one to the 2017 victims list. Originally, their story sounded like a straight-up hack. Their story now reads: The Alton steel company’s data system was victim to a “phishing expedition,” according to Alton Steel CEO Jim…
Multnomah County notified 1,700 patients after discovering employee was forwarding emails to personal account
From Multnomah County, Oregon: January 20, 2017 On August 24, 2012, a Health Department employee began automatically forwarding all emails received in the employee’s county email account to a personal Google email account not maintained by the county. Some of these emails included protected health information (PHI) subject to the Health Insurance Portability and Accountability…
Five months after learning of problem, Michigan cancer treatment provider notifies 22,000 patients
On October 21, 2016, Singh & Arora Oncology Hematology PC in Michigan notified HHS of a hacking incident that they reported impacted 16,000 patients. Today, we learn that 22,000 patients are first getting notification letters this week. Why has it taken more than three months since HHS was notified for patients to be notified? Jessica Dupnack reports: According to the letter, one of…