CSS News Round-Up: 106 Million Capital One Customers Affected in Newest Breach
News Round-Up – Get a Quick Rundown of What You Need to Know
The Converged Security News Round-Up looks into recent reports and journalism covering converged security threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @ConvergedSecSol. Visit our services page to learn more about the CSS suite of services, including managed security services and end-to-end cyber-and-physical protection.
106 Million Capital One Customers Affected in Newest Breach
Capital One has announced a breach that took place on the 22nd and 23rd of March this year and impacted 106 million of its customers, says The Hacker News. The breach was not discovered until July 19th, however, when it was posted on GitHub by the hacker herself. Paige Thompson, the hacker behind the incident, used to be a software engineer for Amazon Web Services, according to the article. She did work for a contractor from Capital One between 2015 and 2016, and has now been arrested. 100 million customers whose data was exposed are American, while 6 million are Canadian. As stated by The Hacker News, “The compromised data includes approximately 140,000 Social Security Numbers and 80,000 bank account numbers linked to American customers, and 1 million Canadian Social Insurance numbers.”
National Australia Bank Hit With Data Breach
Due to human error, 13,000 of National Australia Bank’s customers had their personal data uploaded to two different data providers, says Bank Info Security. Names, contact information, birth dates, and government ID numbers of passports or drivers licenses were all included in the incident. According to the article, the providers that received the data have stated that they delete such information within two hours. Customers impacted have the ability to request a new number for their drivers licenses, but must prove that they were victims of fraud, Bank Info Security says.
New York Passed Two Laws Updating Data Breach Notification Requirements
As discussed by Naked Security, the new Stop Hacks and Improve Electronic Data Security (SHIELD) Act was passed on Thursday, which will add biometric information and emails with passwords or security questions and answers to the types of information included in the state’s data breach notification requirements. SHIELD will go into effect on March 21st, 2020. The Identity Theft Prevention and Mitigation Services Act, beginning September 23rd of this year, was also passed. Credit reporting agencies whose breaches left Social Security numbers exposed must give identity theft prevention and mitigation services to those affected for five years under this act, according to the article.
State of Emergency Declared in Louisiana Due to Cyber Attack
According to Bank Info Security, “Louisiana’s governor issued an emergency declaration on Wednesday in response to a rash of malware infections, hitting some of the state’s public schools.” So far, one of the affected schools has labeled the attack as ransomware. The article notes that the purpose of the declaration is to enlist the help of the Louisiana National Guard, the state police, and more. The Sabine Parish School System and Morehouse Parish School District were some of those affected.
City Traffic Can Be Gridlocked by Cyber Attacks
According to a recent article by Naked Security, a recent study from Georgia Institute of Technology and Multiscale Systems Inc. shows that if cyber criminals hacked cars via IoT, they could leave cities completely gridlocked. In theory, this could be accomplished by carrying out denial-of-service (DoS) attacks on vehicles to stop them from moving. One of the biggest issues with this possibility is that emergency vehicles could find themselves stuck, putting lives at risk, says the article. The study concluded that a mere 20% of cars in Manhattan would need to be hacked to freeze the whole city’s traffic.
Honda Database Leaves 134 Million Documents Exposed
A Honda database containing around 40GB of data was found online and required no authentication to access, says Info Security Magazine. The discovered data was company data regarding computer and network information, according to the article. Honda has been notified and the database has been secured, but it is not clear whether or not any third-parties had accessed it yet. If the data was in fact accessed, Info Security notes, it would allow a malicious person to break into company networks and potentially cause serious damage.
Another Malware Attack Targets Georgia
Once again, Georgia has been attacked with malware—this time, the Georgia Department of Public Safety was the target. All servers have been taken offline during investigation, requiring police officers and other officials to use old-fashioned pen-and-paper methods, says Naked Security. The state has been attacked a number of times since March of last year, when dash cam videos from over the years were ruined using SamSam ransomware. DPS’s CISO has stated that they will not be paying the ransom, the article notes.
Converged Security Solutions provides our clients with measurable value by better quantifying, reducing, and managing security risk through assessments, remediation, and monitoring of IT and critical infrastructure. Our services span cyber and physical security to address the growing complexities in a world with internet enabled devices. Contact us to request quotes, learn more about the full catalog of services, or for a free initial consultation.