| Individuals May 3, 2017
May 3, 2017
Lookout tracks breaches related to companies and services that may impact customers with our Breach Report feature. Breach Report looks at the largest companies globally, and reports on those breaches to provide customers the most relevant information. It also provides remediation actions to help keep them safe. Interested in getting Breach Report? Upgrade to Premium now.
Criminals breached a number of well-known companies this month including Chipotle, Gamestop, and Intercontinental Hotel Group. A common thread: stolen credit card data.
Monetary gain is one of the most common reasons why we see attackers breaching companies. Criminals breach companies to steal people's credit card information and other personally identifiable information that they can sell on the dark web to turn a profit. They may also choose to use that information themselves to commit identity theft.
This month, we specifically saw a significant increase in the instances of stolen financial data, representing a 260 percent jump from March, a 120 percent jump from February, and a 450 percent jump from January of this year. Of course, the industry often only knows what the breached companies publicly report, but it shows that interest in targeting financial data is not dying down any time soon.
Chipotle is the latest example of point-of-sale credit card theft. Often when an attack compromises a POS system, they do so by installing malware on the servers that process credit and debit card sales, which then exfiltrates that data to an attacker-controlled server.
Chipotle said in a statement to customers, "We want to make our customers aware that we recently detected unauthorized activity on the network that supports payment processing for purchases made in our restaurants. ... We believe actions we have taken have stopped the unauthorized activity, and we have implemented additional security enhancements."
The company further explained that the transactions likely occurred between March 24, 2017 through April 18, 2017.
Intercontinental Hotel Group also issued a new statement, following up on its February breach announcement, showing that many more properties were impacted by point-of-sale malware than it originally thought. The company initially believed the breach had impacted a dozen locations. You can find a list of the breached locations here.
Gamestop is separately investigating a credit card breach; however, this one seems to be associated with credit card payments made through the company's website.
There were 23 companies breached in April, and 11,550,326 instances of compromised personal data. Home Depot was another household name to be compromised in April, in which around 8,000 customers reportedly had personal information breached. Many others were in the gaming/entertainment industries, as well as the education sector.
By far, financial data, full names, and email addresses were the most common types of data breached in April.
All of this information can be used for monetary gain. Thankfully, in the case of identity theft and credit card fraud, individuals have many resources at their fingertips to help them stay safe. Here are a few tips:
Interested in learning more? Watch this video of people giving their personal testimonies about experiencing identity theft and check out the Lookout personal product.