IT Security Stories to Watch: Did Hackers Attack, Infiltrate Staples?

Happy Halloweek! The days leading up to Halloween can be fun yet exhausting, and while many businesses may be getting ready for Halloween parties, others are investigating possible data breaches.

Staples (SPLS), for example, is one of the most recent big companies to start investigating a possible data breach. The office supply giant last week confirmed it was reviewing a potential credit and debit card breach at some of its U.S. locations, just hours after announcing its plans to leverage the Apple Pay mobile payment system.

What can managed service providers (MSPs) learn from Staples? Find out in this week’s IT security stories to watch:

1. Staples officials investigate a potential data breach

Krebs on Security last week reported several banks had identified a pattern of credit and debit card fraud that indicated hackers may have infiltrated numerous Staples locations.

The banks pointed out seven Staples stores in Pennsylvania, at least three in New York City and another store in New Jersey may have been affected.

Staples, meanwhile, is now investigating the potential data breach and said it will continue to update its customers.

“We take the protection of customer information very seriously, and are working to resolve the situation,” said Mark Cautela, Staples’ senior public relations manager. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis.”

2. NeedMyTranscript.com suffers a data breach

NeedMyTranscript.com, a website that provides transcripts to high schools and students across the United States, last week said nearly 100,000 users’ personal information was exposed.

The Washington Post noted hackers were able to access the following user data:

• Addresses
• Dates of birth
• Email addresses
• Mothers’ maiden names
• Names
• Phone numbers
• Social Security numbers

“It’s an embodiment of most parents’ worst nightmare,” said Elana Zeide, a research fellow at New York University‘s Information Law Institute. “Many of the concerns involve data security, who can access that information and identity theft — and this [site’s problem] seems to implicate all of those concerns.”

3. Is “Backoff” malware spreading?

Remember the “Backoff” point-of-sale (POS) malware that was discovered in August? Apparently, this IT security issue hasn’t gone away, and there are no signs it will be eliminated any time soon, either.

Computer security company Damballa reported Backoff infections jumped 57 percent from August through early September and then another 27 percent in September as well.

“POS malware offers a high rate of return for criminals, which helps explain the spike,” a Damballa spokesperson said in a prepared statement.

To date, Backoff has already affected several multinational businesses, including The Home Depot (HD), Target (TGT) and Dairy Queen.

4. Kaspersky: Cybersecurity incidents affect majority of organizations

A new Kaspersky Lab and B2B International survey of 3,900 IT security professionals revealed 94 percent of organizations reported at least one cybersecurity incident over the past 12 months.

Researchers also found spam was the top external threat to organizations, followed by viruses, worms, Trojans and other types of malware.

“The survey results clearly indicate that many businesses now recognize that the threat of a targeted attack is very real and could be very harmful for their organization,” Chris Doggett, managing director of Kaspersky Lab North America, said in a prepared statement.

What do you think will be the biggest IT security stories for MSPs this week? Share your thoughts in the Comments section below, via Twitter @dkobialka or email me at [email protected].