| Individuals May 11, 2018

May 11, 2018

Why April proved no industry is safe from data breaches

By Lookout

Panera Breach Report

April proved yet again that breaches can (and do) affect all types of businesses across every industry. Some of the biggest names breached this month include Panera Breads, SunTrust Banks, and TaskRabbit, a subsidiary of Dutch-based IKEA.

Any individual, organization, or government agency is fair game for malicious actors working for financial, political, or ideological gains. Wherever personal or enterprise data is stored, there are malicious actors seeking ways to gain access to it.

The takeaway: If you want to keep your information safe and secure online, it's critical you take a proactive approach. For example, be aware of the sites you transact with, change passwords frequently and use different passwords for your various accounts, download apps from official app stores only, and keep up to date on the latest breaches that may affect you.

Let's take a closer look at three of the most significant breaches from April.

Panera Bread exposed the personal information of 37 million customers over a period of at least eight months, according to security researcher Brian Krebs. The bakery-cafe chain purportedly leaked the names, emails, addresses, birthdates, and last four digits of credit card numbers for every customer who signed up for an account to order Panera Bread online. The company briefly took its ordering portal offline to resolve the issue, but security researchers say the data is still accessible.

TaskRabbit is back to full operations after shutting down its online and mobile services for two days following a security breach. At this time, the number of affected users and the type of data compromised are unclear. TaskRabbit and its parent company IKEA are working with law enforcement and a cybersecurity firm to determine how the security flaw happened, and what types of data were affected. The company will reportedly compensate users who were unable to perform a task while the app was offline. TaskRabbit encourages users to change their passwords if they use the same password on multiple sites.

SunTrust Banks announced that the personal and banking information of 1.5 million customers was leaked to a criminal organization. A former bank employee leaked the customer data including names, addresses, phone numbers, and account balances. The data breach does not appear to include social security numbers, account numbers, PIN, User ID, passwords, or driver's license information. The company is offering free identity protection through Experian, and more information can be found by calling (404) 813-0463 or emailing Sue.Mallino@suntrust.com.

April by the numbers

Over 106.6 million accounts were impacted by breaches during the month.

The number of key breaches ticked up to 16 during April, including Mississippi State Department of Health, Hudson's Bay Company (owners of Saks 5th Avenue and Lord & Taylor), and LocalBlox, a data search service that left 48 million records of personal information vulnerable in an unprotected cloud storage repository. Exposed information included names, addresses, birthdates, LinkedIn job histories, Facebook data, Twitter handles, and Zillow account information.

When it comes to the hardest hit industries, tech companies led the way with seven breaches in April. Healthcare and retail organizations were a close second experiencing four significant breaches in each industry. Government agencies and finance organizations both saw two breaches during the month. This includes California's Department of Developmental Services which reported the private information of 600,000 clients and employees may have been accessed during a break-in that occurred in February.

Update: MyFitnessPal hacked in March, 150 million affected

A major breach was reported after our March post, so we wanted to provide an update here.

MyFitnessPal, a diet and fitness-tracking app owned by parent company Under Armour, announced that 150 million users were impacted by a large-scale data breach.

The athletic apparel maker disclosed that an unauthorized party accessed usernames, email addresses, and hashed passwords associated with the 150 million user accounts. According to company officials, no Social Security or driver's license numbers were breached. In late March, the company began notifying MyFitnessPal users through email and in-app messaging, and is requiring all users to change their passwords.

We live in a digital world. From shopping to going to the doctor to banking, your personal information - health to financial and everything in between - is out there. You need to know when the companies and services you use are breached so you can keep your accounts and data as safe as possible.

As the incidents in April highlight, breaches can (and will) happen anywhere at any time. With Lookout Premium Plus, you have a trusted resource you can turn to 24/7 to protect your data as well as keep you up to date on the latest breaches with our monthly Breach Report and phone support.

Upgrade to Premium Plus to keep pace with the insights and help you need to navigate security today.