IT Security Stories to Watch: How Does Experian Breach Affect T-Mobile?
Credit services provider Experian this month discovered an unauthorized party accessed T-Mobile (TMUS) data housed in an Experian server.
And as a result, Experian tops this week’s list of IT security newsmakers to watch, followed by Scottrade, the Trump Hotel Collection and the YiSpecter malware.
What can managed service providers (MSPs) and their customers learn from this week’s IT security newsmakers? Check out this week’s edition of IT security stories to watch to find out:
1. Experian’s data breach: Here’s what you need to know
Experian said a hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for T-Mobile service or device financing from Sept. 1, 2013, through Sept. 16, 2015.
The hacker accessed Experian records containing the names, addresses, Social Security numbers, dates of birth and other information used in T-Mobile’s own credit assessment, according to Experian.
However, Experian noted that T-Mobile’s consumer credit database was not accessed in this incident, and no payment card or banking information was obtained.
2. Scottrade gets breached
Retail brokerage firm Scottrade last week notified its customers that it recently heard from federal law enforcement officials about crimes involving the theft of information from Scottrade and other financial services companies.
Krebs on Security reported that up to 4.6 million Scottrade customers may have been affected by the data breach.
“Based upon our subsequent internal investigation coupled with information provided by the authorities, we believe a list of client names and street addresses was taken from our system,” Scottrade said in a prepared statement. “Importantly, we have no reason to believe that Scottrade’s trading platforms or any client funds were compromised. All client passwords remained encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident.”
3. Trump Hotel releases details about data breach
Trump Hotel has disclosed a data breach that may have compromised customers debit and credit card data for more than a year,American Banker reported.
Investigators found that malware was used to collect payment card information as it was entered into the hotel’s payment card system between May 19, 2014, and June 2, 2015, according to Trump Hotel.
Trump Hotel also noted that the investigation has not conclusively shown that customer payment card information was taken from the company’s payment card system or misused.
4. Introducing the YiSpecter malware
Palo Alto Networks (PANW) has identified the YiSpecter malware, the first iOS malware that attacks non-jailbroken Apple (AAPL) iOS devices by abusing private application programming interfaces (APIs).
“On infected iOS devices, YiSpecter can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages and upload device information to the C2 server,” Palo Alto Networks wrote in a blog post. “According to victims’ reports, all these behaviors have been exhibited in YiSpecter attacks in the past few months.”
To date, the malware primarily has affected iOS users in mainland China and Taiwan, Palo Alto Networks said.
What are your thoughts on this week’s IT security stories to watch? Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at dan.kobialka@penton.com.
