IT Security Stories to Watch: Kmart, Snapsaved Data Breach Updates
Happy Columbus Day and Happy Canadian Thanksgiving! While today marks two holidays, many hackers across the globe are not resting on their laurels.
Instead, cyber criminals worldwide continue to put managed service providers (MSPs) and their customers in danger, and malware, viruses and other cyber threats pose numerous risks to both parties.
This week’s IT security stories to watch show hackers can attack businesses, web applications and much more.
Here’s a closer look at four IT security stories to watch this week:
1. Kmart investigates payment data systems breach
The Hoffman Estates, Illinois-based retailer has launched a full investigation and is working with federal law enforcement authorities and IT security firms to review the incident.
“Based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no Social Security numbers were obtained by those criminally responsible,” Kmart said in a prepared statement. “There is also no evidence that kmart.com customers were impacted.”
Kmart said customers who shopped with a credit or debit card at one of its stores between Sept. 1 and Oct. 9 can sign up for free credit monitoring protection as well.
2. Were Snapchat users victimized by hackers?
Hackers allegedly have published pictures and videos from roughly 200,000 Snapchat users that were stored on Snapsaved, a third-party application for both iOS and Android that enables users to save Snaps.
Snapchat officials told The Guardian that its servers were never breached.
Snapsaved, however, said its website was hacked and immediately deleted the entire website and the database associated with it after the data breach was discovered.
“I would like to inform the public that snapsaved.com was hacked … Snapchat has not been hacked, and these images do not originate from their database,” Snapsaved wrote in a Facebook post.
3. Dairy Queen releases a list of stores affected by data breach
The fast food and soft serve restaurant chain also provided updates on its investigation into the cyber attack, noting:
- The time periods during which the Backoff malware was present on the relevant systems vary by location.
- The affected systems contained payment card customer names, numbers and expiration dates.
- The company has no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses, was compromised as a result of this malware infection.
Dairy Queen officials added that they are confident that the cyber attack has been contained.
“We are committed to working with and supporting our affected DQ and Orange Julius franchise owners to address this incident,” Dairy Queen CEO John Gainor said in a prepared statement. “Our customers continue to be our top priority.”
4. Kaspersky Lab and INTERPOL discover “Tyupkin” malware
The malware, “Tyupkin,” allows cyber attackers to remove money directly from ATMs, according to Kaspersky.
Tyupkin has already been detected on ATMs in Asia, Europe and Latin America, and INTERPOL is alerting affected countries about this IT security threat.
“Over the last few years, we have observed a major upswing in ATM attacks using skimming devices and malicious software. Now, we are seeing the natural evolution of this threat with cyber criminals moving up the chain and targeting financial institutions directly,” Vicente Diaz, Kaspersky’s principal security researcher, said in a prepared statement. “The Tyupkin malware is an example of the attackers taking advantage of weaknesses in the ATM infrastructure. We strongly advise banks to review the physical security of their ATMs and network infrastructure and consider investing in quality security solutions.”