Category Archives: Breaches

Breach Notifications

SK Bithumb Cryptocurrency breach of 30k customers

Names, mobile numbers, and email addresses of approximately 30,000 South Korean Bithumb exchange customers were exposed from an employee's home computer.  Bithum has indicated no passwords were stolen but some customers have claimed to have lost their funds as a result.  Bithumb is one of the largest bitcoin exchanges and the amount affected is estimated to be billions of SK Won (almost $1M US Dollars.)

Bithumb has promised to pay 100k Won ($87 USD) to each member whose information was exposed.  Once again, the cost savings of bring your own device (BYOD) has proven not to be equal to the reputation and financial costs to a company which should retain workstation security controls and ownership.
 

50% of SharePoint Installations experience data breach

A report by the Ponemon Institute has revealed that over the last two years, 49% of responded resported a data breach in their SharePoint systems.  Approximately 68% of those respondents have indicated they don't have good visibility where their sensitive data is being stored.

The founder of Ponemon Institute, Dr. Larry Ponemon, has stated "…The pressure to be productive is causing employees to put sensitive data at risk.."

Some key preventative measures for SharePoint security should include an evaluation of your SharePoint’s ability to address regulations such as HIPAA, HITECH, and EUGDPR; maintaining an older version of SharePoint; understanding the security controls in SharePoint 2016 and Office 365 prior to a migration; and maintaining controls with regular periodic reviews of all sensitive data and logs.
 

Avanti Markets’ vending company PCI Breach

On July 4, 2017, Avanti Markets of Tukwila, Washington discovered some of their self check out payment kiosks had been affected by malware which stole payment card information.  Name, credit card number, and expiry date information was stolen included some customer biometric data.  

Avanti Market self checkout kiosks allow breakroom customers to buy food and drinks with cash, credit cards, or via a fingerprint scan (biometrics.)  
 

Hard Rock Hotels & Casinos breach

Hard Rock Hotels & Casinos state that beginning August 10, 2016 and ending March 9, 2017, an unauthorized party obtained access to payment card and other reservation information.  Unencrypted payment card information for hotel reservations included card names, numbers and expiry dates.  In some instances security codes, email addresses, phone numbers and addresses were included.  The hotels use SynXis which is their 3rd party reservation system which provided the backbone for the data theft.

Hard Rock's properties in Chicago, Goa, Las Vegas, Palm Springs, Panama Megapolis, Punta Cana, Rivera, Maya, Sand Diego, Biloxi, Cancun, and Vallarta are all affected.  
 

Avanti Markets’ vending company PCI Breach

On July 4, 2017, Avanti Markets of Tukwila, Washington discovered some of their self check out payment kiosks had been affected by malware which stole payment card information.  Name, credit card number, and expiry date information was stolen included some customer biometric data.  

Avanti Market self checkout kiosks allow breakroom customers to buy food and drinks with cash, credit cards, or via a fingerprint scan (biometrics.)