Signature Systems Responsible for 108 Small Business Breaches

SignitureSystems

SignatureSystemsLogoWhat happened?

Signature Systems Inc. the point-of-sale (POS) vendor responsible for leaking customer payment card information at more than 200 Jimmy John’s locations has announced that 108 other businesses have also suffered a breach as a result of using their payment card scanners.

After conducting a forensics investigation, Signature Systems learned that the attack took place between June 16 and September 18. An overwhelming number of these businesses are mom-and-pop pizzerias located across the Mid-Atlantic and Mid-West.
Continue reading

Breach News for April 2014

EZShield_BreachSummary_April2014

Organizations Impacted by a Breach in April

LocationCompany#BreachedInformation ExposedCause of BreachDate
CaliforniaKaiser Permanente5,100 Involved patients participating in specific research studies and may have compromised their names, birth dates, medical record numbers, lab results associated with research, addresses and additional medical research dataInfected with malicious software10/2011 - 02/2014
New YorkThe Rochester Housing Authority180Names and Social Security numbersEmployee errorUnknown
IowaIowa State University18,949Student ID numbersHack04/2014
IowaIowa State University29,780Social Security numbersHack04/2014
NationalLaCieUnknownCustomers’ names, addresses, email addresses, and payment card numbers and card expiration dates. LaCie website user names and passwords could also have been accessedHack03/2013 - 03/2014
TexasEveryChild, Inc2,934Patients’ birthdates, Social Security numbers, Medicaid numbers, photos and other health informationStolen computers02/2014
TennesseeUniversity Urology, Knoxville,Tenn1,144Patient names and addressesEmployee theft2013-2014
CaliforniaVeterans of Foreign Wars55,000Names, addresses, and Social Security numbersHackUnknown
NationalBigMoneyJobs.com36,800Full names, home addresses, phone numbers, email addresses, website registration information, and plaintext passwordsHack04/2014
VirginiaDeltek Inc.80,000Payment card informationHack03/2014
NationalBoxee TV158,128Names, e-mail addresses, message histories, and partially protected login credentials Hack03/2014
CaliforniaSutherland Healthcare Solutions 338,700Patients' first and last names, Social Security numbers and certain medical and billing information. Birth dates, addresses and medical diagnoses may also have been includedStolen computers08/2012 - 11/2013
MichiganMDCH2,595Names and addresses, and for some individuals, dates of birth. Of those, 1,539 records also included either a Social Security number or a Medicaid identification number.Stolen Laptop and drive01/2014
CaliforniaPalomar Health5,000 Patients' names, dates of birth, diagnoses, insurance carriers and other treatment-related information. It also included 36 patients' Medicare identification numbers,Stolen Laptop and drive03/2014
TexasSpecs8,900 Employee names, addresses,
phone numbers and
Social Security numbers
Hack10/2012 - 04/2014
TexasSpecs 550,000Bank routing
numbers card
security codes
and other
payment card
and check
information.
Hack10/2012 - 04/2014
Learn more about breaches here.

Breach News for March 2014

EZShield_BreachSummary_March2014

Organizations Impacted by a Breach in March

LocationCompany#BreachedInformation ExposedCause of BreachDate
MassachusettsBoston Medical Center15,000Patients’ names, addresses, and medical information, including what drugs they were taking, but did not include Social Security numbers or financial informationVendor error03/2014
PennsylvaniaUPMC322Names, home addresses, Social Security numbers, wage information, birth dates and bank account and routing numbers
Property theft05/2014
NationalStatista50,000Email addresses and passwordsHack12/2013 - 03/2014
NationalSmuckers Online StoreUnknownCustomer name, address, email address, phone, credit or debit card number, expiration date, and verification code.Hack12/2012 - 01/2014
PennsylvaniaSands, Bethlehem CasinoUnknownCredit card information or bank account information, as well as Social Security numbers, driver’s license numbers, and other confidential information used to initiate a line of credit, for tax reporting purposes or for gaming. HackUnknown
PennsylvaniaSands CasinoUnknownCredit card information or bank account information, as well as Social Security Numbers, driver's license numbers and other confidential information used to initiate a line of credit for tax reporting purposes or for gamingHackUnknown
NationalSally Beauty25,000Payment card dataHack02/2013 - 03/2014
North DakotaNorth Dakota University300,000Names and Social Security numbersHack02/2013
NationalComixologyUnkownUsernames, emails and encrypted passwordsHackUnknown
ColoradoValley View Hospital5,400Names, addresses, and in some cases credit card numbers, bank account numbers, Social Security numbers and phone numbersHack09/2013 - 01/2014
MarylandService Coordination Inc9,700Social Security numbers and medical informationHack10/2013
MarylandJohns Hopkins University1,307Names, email addresses and phone numbers Hack03/2014
IllinoisAssisted Living Concepts43,600 Names, address, birth dates, Social Security numbers and pay information of current and former employeesHack12/2013 - 01/2014
OhioHealthsource of Ohio8,800Patients' dates of birth, Social Security numbers, credit card numbers and some healthcare informationHack11/2013 - 12/2013
New YorkSyracuse Retired Police Officers Association300Names, addresses and Social Security numbers Employee error03/2014
VirginiaRichmond Fire Department400Names, Social Security numbersEmployee errorUnknown
NationalIRS20,000Names, Social Security numbers and addresses of employees

Employee error03/2014
New YorkNYC MTA15,000Social Security numbers, dates of birth, earnings information and other data.Employee error03/2014
MichiganCity of Detroit1,700Names, birth dates and Social Security Numbers for the current and former employees

Employee errorUnknown
CaliforniaLA County Public County Health168,500Patients’ names, medical and billing information and Social Security numbersComputer theft02/2014
CaliforniaUniversity of California, San Francisco10,000Names, dates of birth, mailing addresses, medical record numbers, health insurance ID numbers, and driver's license numbers

Computer theft01/2014
IndianaIndiana University146,000Names, addresses and Social Security numbers of students and recent graduates who attended the university on any campus from 2011 to 2014 was unsecured for more than 11 months An authentication point was not working correctly; data were accessed by Web crawlers, software that is used to improve Web searches.02/2014

Why the Small Business is Big Business for Hackers

smallbiz

It’s tough starting a small business, and even tougher to run one. When you’re caught up in the excitement of the start-up phase of a business, you’re often fuelled by hope and excitement, a kind of adrenaline that keeps you going through long days and steep climbs.

But once you’ve settled into your stride and get past the start-up phase, much of your day is spent spinning plates and fighting fires. Many of those fires are started maliciously by hackers, scammers, identity thieves and other miscreants who see small businesses as a big payday. All signs suggest that the small business is now the biggest target for cyber crooks. Continue reading