newsletter.jpg (228x152)




Chipotle & Auto Lending: Data Breach Impacts for CUs




Recent revelations show cybersecurity issues continue to plague financial institutions, businesses and consumers with the biggest potential breach possibly affecting some 550,000 to one million California auto loan company customers.


Kromtech Security Researchers discovered vulnerable data, which might have been unprotected for up to two years. Files purportedly belonging to a California auto loan company, Alliance Direct Lending, which works with individuals and auto dealership partners to help car owners refinance, exposed customer information including names, addresses, zip codes, the last four Social-Security digits, credit scores on an unsecure online database.


“We discovered this after noticing a few exposed (Amazon server) buckets. Technically, anybody could have guessed the name and put that into a URL line,” Bob Diachenko, Kromtech’s security communications specialist, said.


The leaked data contained 124 files with each containing from 5,000 to 10,000 records, as well as the names of 114 car dealerships located across the country including California, Colorado, Florida and Massachusetts.






It’s Always Data Breach Season


Shoney's restaurant chain and InterContinental Hotels Group are hit by a data breach.


Information privacy, security and compliance consultant Rebecca Herold, president of the Des Moines, Iowa-based SIMBUS and CEO of The Privacy Professor, said leaks like this are particularly problematic because loan refinance businesses are often associated with credit unions. In addition, many credit unions use managed service providers such as Amazon Web Services, Google Cloud Platform and Microsoft Azure. “Just because they have a certification or are large doesn’t mean they don’t need oversight,” Herold said.


Herold also suggested that leaked data could fall in fraudsters’ hands and lead to phishing, scamming and identity fraud. “This has implications for what every type of financial company needs to think about whenever they are putting data on a Web server. They need to ensure whoever is hosting has good security controls in place.”


An additional recent discovery was by San Francisco-based, RiskIQ, which reported an eight-fold increase in internet scams that deny the $83 billion digital advertising industry millions of dollars. RiskIQ identified NoTrove, a major threat actor that delivers millions of scam ads.


The ad scams work by serving up attractive but disingenuous ads on legitimate websites offering things like offer bogus surveys or free software upgrades. When clicked, the ad re-directs traffic toward various locations across the internet.


Because web traffic is an essential commodity, ad scammers like NoTrove profit from this demand, participating in traffic affiliate programs or selling to traffic buyers. Ad scammers can also download potentially unwanted programs and increase the likelihood consumers will implement ad blockers as a way to avoid bogus ads.


“NoTrove harms not only visiting users, but also legitimate advertisers, adversely affecting those reliant on the credibility of the digital advertising ecosystem, such as online retailers, publishers and networks,” William MacArthur, a threat researcher at RiskIQ, said.


The third recent disclosure involved the restaurant chain Chipotle, which revealed to customers, via its website, it recently discovered unauthorized activity on its payment processing network. There was no specific detail other than the investigation is ongoing and focused on card transactions from March 24, 2017 through April 18, 2017.


Chipotle is just the latest in a string of restaurant industry breaches, which includes Wendy’s, Arby’s and Shoney’s.


John Christly, Global CISO, Netsurion, a provider of managed security services, and EventTracker, a SIEM provider, provided the top five virtual attacks against restaurant brands and franchisees:


  1. Hackers: They target restaurants due to the abundance of poorly secured systems. Once they find vulnerability and get into the network they go after the POS systems.
  2. POS malware: Sometimes malware discreetly slips by antivirus programs and stealthily extracts payment data, despite the presence of traditional firewalls.
  3. Ransomware: Prevents users from accessing their system unless scammers receive a payoff in exchange of a decryption key. Ransomware attacks are on the rise and there is no end in sight.
  4. Inside threats: Whether it’s an honest mistake or a disgruntled employee, inside threats account for about 50% of all security incidents.
  5. Wi-Fi security: Securing Wi-Fi with firewalls and ensuring cellular backup from downtime protects cash flow, as well as restaurant and patron security. Having separate Wi-Fi access points for patrons versus the POS and business network is crucial.