If you’ve dined at Chipotle, your credit card might be at risk

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Chipo­tle cus­tomers nation­wide might have had their cred­it card infor­ma­tion stolen as part of a recent hack, the com­pa­ny said. The company’s inves­ti­ga­tion revealed that hack­ers used mal­ware cre­at­ed with the intent to gain access to cus­tomer card info at var­i­ous Chipo­tle loca­tions from March 24 through April 18. The soft­ware specif­i­cal­ly searched for “track data,” which can include a customer’s name, card num­ber, expi­ra­tion date and the inter­nal ver­i­fi­ca­tion code. It gained the infor­ma­tion by read­ing each card’s mag­net­ic strip. Chipo­tle said that “there is no indi­ca­tion that oth­er cus­tomer infor­ma­tion was affect­ed.” A com­plete list of Chipo­tle loca­tions that the hack affect­ed can be viewed in the online data­base, which includes the times and loca­tions of sus­pect­ed inci­dents. Source: WTVJ, Mia­mi

National Medicaid insurer Molina closes online portal amid breach fears

Moli­na Health­care, a major insur­er in Med­ic­aid and state exchanges across the coun­try, shut down its online patient por­tal as it inves­ti­gates a poten­tial data breach that may have exposed sen­si­tive med­ical infor­ma­tion. The com­pa­ny said that it closed the online por­tal for med­ical claims and oth­er cus­tomer infor­ma­tion while it exam­ined a “secu­ri­ty vul­ner­a­bil­i­ty.” It’s not clear how many patient records might have been exposed and for how long. The com­pa­ny has more than 4.8 mil­lion cus­tomers in 12 states and Puer­to Rico. Source: The Long Beach, Calif., Press Telegram

Safer Medicare cards on the way starting next year

The gov­ern­ment is on track to meet a 2019 dead­line for replac­ing Social Secu­ri­ty num­bers on Medicare cards with ran­dom­ly gen­er­at­ed dig­its and let­ters to pro­tect seniors against iden­ti­ty theft. Ben­e­fi­cia­ries and their fam­i­lies should start see­ing changes next April when the agency will mail new cards to more than 57 mil­lion elder­ly and dis­abled ben­e­fi­cia­ries. Source: The Asso­ci­at­ed Press via WMAR, Baltimore

University of Alaska gets a hard lesson in phishing risks

Approx­i­mate­ly 25,000 stu­dents, staff and fac­ul­ty mem­bers asso­ci­at­ed with the Uni­ver­si­ty of Alas­ka were affect­ed fol­low­ing a phish­ing scam and sub­se­quent data breach late last year. The uni­ver­si­ty sent let­ters to those peo­ple who had their names and accom­pa­ny­ing Social Secu­ri­ty num­bers exposed to “an indi­vid­ual or indi­vid­u­als unknown to [the uni­ver­si­ty]” due to an email scam. Source: KTUU, Anchor­age

Price concerns prevent some businesses from buying cyber insurance

A full 50 per­cent of U.S. firms do not have cyber risk insur­ance and 27 per­cent of U.S. exec­u­tives say their firms have no plans to take out cyber insur­ance, even though 61 per­cent of them expect cyber breach­es to increase in the next year, accord­ing to a sur­vey by research firm Ovum for FICO. Among those that have insur­ance, only 16 per­cent said they have cyber­se­cu­ri­ty insur­ance that cov­ers all risks. Mis­trust about pric­ing is one rea­son some firms aren’t buy­ing. Source: Insur­ance Journal

China cybersecurity law proves worrisome to some nations

China’s top cyber author­i­ty said it is not tar­get­ing for­eign firms with a con­tro­ver­sial nation­al cyber law that took effect this week. More than 50 over­seas com­pa­nies and busi­ness groups have lob­bied against the law, which includes strin­gent data stor­age and sur­veil­lance require­ments. Source: Reuters via Insur­ance Journal

IBM, Cisco to work closely on security, share intelligence

IBM and Cis­co announced an agree­ment that will see the two tech giants col­lab­o­rate more close­ly on secu­ri­ty threat intel­li­gence, prod­ucts and ser­vices. The com­pa­nies will share threat intel­li­gence and work on prod­uct inte­gra­tion. Source: eWeek

Clinton says Trump might have had a hand in Russian cyber attacks

Hillary Clin­ton went a step fur­ther Wednes­day in blam­ing her elec­tion loss to Don­ald Trump on cyber attacks by Rus­sia, say­ing Amer­i­cans includ­ing asso­ciates of the Repub­li­can pres­i­dent, and even Trump him­self, like­ly had a hand in the effort. The Demo­c­ra­t­ic nom­i­nee spoke of “dis­in­for­ma­tion” against her that she said was led by Moscow and influ­enced the out­come of the cam­paign. Source: Times of Israel

Medical employee pleads guilty to selling patients’ information

A med­ical employ­ee in North Car­oli­na plead­ed guilty to pro­vid­ing the per­son­al infor­ma­tion of more than 150 patients to a co-con­spir­a­tor, who used the infor­ma­tion to make fraud­u­lent pur­chas­es and obtain fake driver’s licens­es. Christo­pher Roach, who was pre­vi­ous­ly sen­tenced, paid Keniona Thomas $10 per patient, court doc­u­ments say, before open­ing new cred­it accounts to defraud vic­tims and banks of at least $97,000. Thomas faces up to 15 years in prison. Source: WBTV, Char­lotte, N.C.

Britain’s sub fleet might be at risk from cyber attackers

The U.K.’s Tri­dent sub­ma­rine fleet is vul­ner­a­ble to a “cat­a­stroph­ic” cyber attack that could ren­der Britain’s nuclear weapons use­less, accord­ing to “Hack­ing UK Tri­dent: A Grow­ing Threat,” a report that warns that a suc­cess­ful cyber attack could “neu­tral­ize oper­a­tions, lead to loss of life, defeat or per­haps even the cat­a­stroph­ic exchange of nuclear war­heads (direct­ly or indi­rect­ly).” Source: The Guardian

Health company to improve training after worker accesses patient data

Trios Health is step­ping up pri­va­cy train­ing for staff, updat­ing poli­cies and pro­ce­dures, and installing addi­tion­al secu­ri­ty soft­ware after a large-scale elec­tron­ic health records breach. A Trios employ­ee improp­er­ly access­ing the elec­tron­ic health records of about 570 patients from Octo­ber 2013 through March 2017. The employ­ee could have seen demo­graph­ic infor­ma­tion such as the patient address­es, phone num­bers, driver’s license num­bers and Social Secu­ri­ty num­bers, as well as lim­it­ed med­ical infor­ma­tion. Source: The Ken­newick, Wash., Tri-City Herald

Plastic surgery clinic hacked, patient photos, information exposed

Per­son­al data, includ­ing nude pho­tographs, were made pub­lic in Lithua­nia by a hack­ing group that broke into the servers of a chain of Lithuan­ian plas­tic surgery clin­ics and tar­get­ed high-pro­file clien­tele. Police said vic­tims of the hack received text mes­sages demand­ing they pay a ran­som equiv­a­lent of $2,238 for the safe­ty of their data. In addi­tion to pho­tos, oth­er data col­lect­ed in the hack includ­ed copies of their pass­ports and oth­er forms of per­son­al iden­ti­fi­ca­tion. Source: Voca­tiv