5 Breaches and Vulnerabilities to Watch from September 2014
September 2014 saw attacks on the scale of millions of records as well as the discovery of the severe Shellshock vulnerability. The financial and retail industries continue to be major targets for large-scale attacks.
1. JPMorgan Chase – 76 million households impacted
In a string of sophisticated malware attacks on U.S. banks this summer, JPMorgan experienced a breach in August and recently released details about how many clients were impacted. As reported by the Wall Street Journal, 76 million households were affected by the breach. According to JPMorgan Chase, client contact information was exposed but banking credentials and login information remained protected. On October 3, the banking company announced that the breach lasted longer and was more widespread than they initially realized.
2. Home Depot – 56 million payment card records exposed
In early September, the home improvement chain became the victim of one of the biggest credit card data breaches in the retail industry to date. In a statement, the company said the breach could affect customers who swiped their cards at American and Canadian stores from April to September, 2014.
3. Shellshock – Unknown number of systems impacted
In September, security researchers discovered a critical vulnerability in the Bash shell. Whether they know it or not, most people use Bash every day, either directly or because it runs under countless commonly used pieces of software. This vulnerability, known as Shellshock or the Bash bug, is being labeled even more severe than Heartbleed because of the widespread nature of Bash and the unexpected ways it interacts with other pieces of software. The security community reacted fast and released patches to help protect systems against Shellshock, but complete patching for all affected devices and systems will likely be a multiyear process.
In the first week since Shellshock’s discovery, security experts are already observing related attacks. FireEye reported in a blog post that they have observed attacks against Network Attached Storage systems (NAS), which are used by companies, universities, and consumers to store large volumes of data. iT News and and Wired have reported that attackers are exploiting Bash to harness botnets, networks of infected computer used to wield distributed denial-of-service (DDoS) attacks. No Shellshock-related breaches have been confirmed to date, but the security community is keeping their eye on this vulnerability.
4. Signature Systems, Inc. – Customers of 216 Jimmy John’s locations and 108 other restaurants impacted
In a year of severe breaches caused by point-of-sale (POS) malware, Signature Systems is the latest vendor to fall victim. Signature Systems is the POS vendor for the sandwich chain Jimmy John’s and over 100 other restaurants. Customer credit cards swiped at 216 Jimmy John’s stores are vulnerable as a result of the breach.
5. Viator – 1.4 million records exposed
Viator alerted 880,000 users whose credit card information, addresses, and passwords were exposed in a recent breach. An additional 560,000 customers had their site nicknames and passwords (but not payment card information) exposed. Viator, a travel site acquired by TripAdvisor in July, has hired forensic investigators to try to ascertain how their system was hacked.
Unfortunately, in the digital world there is never a guarantee that your data is safe. Take what steps you can to protect yourself by keeping a close eye on your credit card activity, choosing strong passwords, and enabling two-factor authentication on your banking and other sensitive online accounts.
