Evolver News Round-Up: Nordstrom Hit With Data Breach, Blames Contractor
News Round-Up – Get a Quick Rundown of What You Need to Know
Evolver’s Cyber News Round-Up looks into recent reports and journalism covering cyber threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @EvolverInc. Visit our cybersecurity services page to learn more about cyber risk assessment and threat protection.
First ICO Prosecution to Result in Jail Sentence
InfoSecurity reports that the ICO has prosecuted a Nationwide Accident Repair Services employee, Mustafa Kasim, for “securing unauthorized access to personal data”, in which he pleaded guilty. The crime took place from January 13th, 2016 to October 19th, 2016. Kasim used fellow employees’ log in credentials to view customer records and will serve six months in jail as a result of the data theft. Even after switching to a new company, Audatex, Kasim continued to access the data, says InfoSecurity. The prosecution was under the Computer Misuse Act 1990 rather than more recent data protection laws in efforts for a heavier penalty.
Nordstrom Hit With Data Breach, Blames Contractor
Nordstrom has reported a data breach that took place in October that has not impacted customers but employees, says Bank Info Security. The breach was a result a contractor inappropriately handling data but it was not found that the data was misused, says the retail giant. Amongst the sensitive data exposed were dates of birth, social security numbers, names, checking account and routing numbers as well as salary information. Though the number of victims has not been announced, the retailer will be offering two years of prepaid identity theft monitoring, according to Bank Info Security.
Film Company Loses $21 Million to BEC Scam
After cyber criminals posed as an executive of Pathé, a French film company, employees handed over $931,600 in one payment that the attackers claimed would be paid back, says Info Security Magazine. The money was sent to a bank in Dubai and soon more payments were requested and fulfilled. Eventually, the amount received by attackers landed at a whopping $21 million according to the article. As a result, the company’s finance boss, Edwin Slutter, as well as chief, Derte Meijer, were fired for handing over the money in the scam.
Hackers Can Make Most ATM’s Dispense Tons of Money in Minutes
Due to weak security measures, it is easy for hackers to carry out Black Box attacks that take control of the dispenser in the ATM, get past security, and cause the machine to spit out cash in sometimes 10 minutes or less, says Tech Republic. 69% of ATMs have been found to be susceptible to this type of attack. Furthermore, according to the article, 85% of these machines are not properly secured to prevent attacks through the network. The article notes that ATMs also need improved physical security, monitoring, and regular analysis of machine security.
USPS Lack of Security Measures for Informed Delivery Creates New Privacy Threat
The USPS’s new service, informed delivery, allows users to receive photos of the envelopes containing their mail before they are delivered to their mailbox. According to Krebs on Security, there have been multiple arrests made as mail such as credit cards are stolen from citizen’s mailboxes. Criminals have taken advantage of the easy sign-up for the service to create accounts in other peoples’ names and receive the photos themselves. Once this is complete, these attackers are able to sign up residents for credit cards and steal them from their mailboxes before they find out. As a result, says the article, massive frauds have been committed with these cards.