Another month, another busy time in the world of information security news. Breaches, hacks and incidents are happening more frequently and on a bigger scale than ever before. Whole cities, massive companies and infamous consumer brands highlight this month’s Information Security News Roundup.
- City systems in Atlanta were held ransom by hackers in an attempt to negotiate cryptocurrency payments. The city was forced to unplug and shut down computers for five days, police had to write reports by hand, warrants couldn’t be validated, and payments couldn’t be processed. It has not yet been determined whether the city has paid the ransom.
- The city of Baltimore was also hacked in late-March. This hack attacked the city’s 9-1-1 dispatch system and caused a temporary shut-down of automated dispatching.
- A resurgence of last year’s WannaCry ransomware hit Boeing this month. Though there was worry that the virus would infect testing equipment and airplane software, it seems the vulnerability was limited to a small number of machines.
- Facebook was in the news in a big way in March. They recently experienced a data breach which is “probably the biggest mistake that the social media firm has made.” Further reports show that their data security measures were considered insufficient by an independent auditor. It’s been reported that the number of users impacted is nearly double the original estimate, reaching close to 87 million.
- An Applebee’s® franchise experienced a payment card breach on 166 of its 167 locations. The franchise stated that it recognized the breach on February 13 and quickly took measures to mitigate the attack. While the franchise says it has remediated the malware, locations in 15 states were impacted and Applebee’s® customers are strongly encouraged to watch their accounts for any unauthorized charges.
- Under Armour® shared that on March 25 it discovered unauthorized access that exposed or compromised 150 million MyFitnessPal accounts. It is currently being classified as the largest data breach in 2018, and Under Armour® stocks have already fallen almost 5%. MyFitnessPal users are being required to reset their password to prevent further issues.
- The Department of Health and Human Services’ Office for Civil Rights (OCR) and its officials are examining HIPAA policy initiatives and will seek the public’s input before making possible changes.
- A New York-based medical practice’s database server was misconfigured and left information about thousands of patients and staff records vulnerable. Social Security numbers, dates of birth, phone numbers, email addresses, ethnicities, and insurance policy information were among the types of data made available.
- The Department of Homeland Security is warning people of vulnerabilities in GE Healthcare equipment. The use of hardcoded and default passwords allowed for the successful exploitation of the devices. Depending on the password, these vulnerabilities could have affected the operation of the device, the data integrity and even allowed access to patient records.
Information Security in Government
- A venture capitalist and fundraiser for President Trump’s 2016 election campaign is suing Qatar. Elliott Broidy says that Qatar smeared him in planted news stories and that they did it because of his open criticism of Qatar.
- FBI Director Christopher A. Wray said that hacking has completely evolved. What used to be a hobby done for fun and for bragging rights has morphed into an economic endemic. He noted that they’re seeing a spike in “nation-state sponsored computer intrusions.”
- Uber is back in the information security news roundup. This time they are being sued by the state of Pennsylvania. The state’s data breach law, which went into effect in 2006, requires companies to notify those affected within a “reasonable” amount of time. Uber waited almost a year to disclose the breach, sparking the lawsuit.
Follow FRSecure’s Twitter and LinkedIn for consistent updates on information security news stories like the ones above, and visit our site to learn how you can prevent similar incidents from happening to your organization.