| Individuals June 5, 2017

June 5, 2017

Household brands breached in May including TripAdvisor, Brooks Brothers, and Docusign

By Lookout

In May, multiple well-known name brand companies were breached, including electronic signature company DocuSign, education technology company Edmodo, travel website TripAdvisor, publishing giant Gannett, and luxury men's clothing retailer Brooks Brothers.

The causes of these breaches ranged from phishing attacks to compromised systems, and yet another point-of-sale attack as is the case of Brooks Brothers. All of the breaches in May totalled 96,973,000 pieces of stolen data, the second largest data breach month this year after March.

The largest breach

Edmodo, though perhaps only well-known among the parent-teacher demographic, was the largest breach this month. Details from Edmodo's over 78 million user accounts were compromised and published for sale to the dark web.

Edmodo CEO Vibhu Mittal wrote on the company blog, "As we have already communicated to our users, Edmodo was recently alerted that somebody may have stolen Edmodo usernames, email addresses and hashed passwords. We immediately started investigating how this incident might have occurred, and we engaged the services of outside cyber-security experts and reported the incident to law enforcement."

The concerning element here is the involvement of student data now potentially available for sale. Mittal explained that the passwords were encrypted and that the company does not collect or store sensitive information such as, "social security numbers, date of birth information, race/ethnicity information, or free and reduced lunch information on our system."

The overall data

Thus far in 2017, there's been an average of 16 breaches in any given month. May falls right in that range at 15 compromised companies.

Total reported companies breached

Following a trend from last month, financial data and email addresses accounted for the most breached data types in the month. Actual home addresses came in third, followed by phone numbers and social security numbers.

Breached data-types

Phishing: a consistently widespread problem

A notable trend Lookout identified in the data this month is a connection between two high-profile companies and phishing attacks. Attackers compromised information for around 18,000 current and former employees of Gannett, the publishing house behind USA Today, using a phishing scam that reportedly started with emails to the company's HR department. DocuSign also discovered that attackers gained access to a "communications system used for service-related announcements," after seeing an uptick in a phishing campaign sending spoofed DocuSign emails. The company explained that the only email addresses were obtained as the result of the system attack.

Phishing tends to play a role in many data breaches. Oftentimes, attackers use stolen data like email addresses and phone numbers to target individuals and gain further sensitive information such as usernames, passwords, and financial data.
Individuals should always be cautious of text messages and emails that ask for sensitive information. Unfortunately, many of these emails are spoofed or made to look like well-known services, such as DocuSign. Check links before clicking them and know that companies will never ask you for login information or personally identifiable information over email or text. If a service you use asks for this kind of data, such as in an "account recovery" email, you should navigate directly to the service's website and avoid clicking emailed or SMS links.