Data breaches and security threats are an all too common part of the news cycle. Over the last few years attacks have ramped up at an alarming rate. The success of attacks, the ability to acquire threats like Ransomware strains combined with the inability of businesses to protect their assets, has led to these threats becoming part of our everyday concerns.

It can become easy to quit paying attention to the threats as we often suffer from alert fatigue. However, it is important to pay attention so you know which attacks might affect you. This post covers some of those recent breaches.

Security Round Up: Capital One, MoviePass, Apple & More


Capital One

Last month Capital One revealed they suffered from a data breach that included 100 million credit card applications as well as thousands of social security and bank account numbers. The good news? Most of the applications affected did not expose the corresponding social security numbers. Also, user logon credentials and credit card numbers were not compromised.

Capital One's data breach was the second largest financial services breach, surpassed only by Equifax.

Moving forward: If you are a customer, be cautious of emails or other communications that appear to be from Capital One. With the breach being public knowledge, phishing scams will inevitably accompany this breach. This means hackers will try to get you to respond out of fear by sending you information related to the breach in hopes you are a customer and they can further violate your security. If you need to contact Capital One, use the contact information from their website.

MoviePass

MoviePass has been in the news this week after revealing they suffered from a data breach. This breach occurred because they stored confidential customer data on an unsecure server. Without any protections in place, unauthorized access to the following customer data was gained:

  • Credit card numbers
  • Expiration dates
  • Names and addresses

Current landing page for MoviePass's website. Until the internal investigation into their current data breach is complete, no new subscriptions will be accepted.

Moving forward: MoviePass is doing an internal investigation to understand how bad the breach is and which of their customers have been affected. Once this process finishes, those affected will be notified. In the meantime, the service remains offline for some current users, and no new subscribers are presently being accepted. Because of the severity of the information leaked, it is wise to keep diligent on all charges to a credit card used with MoviePass. Hopefully, reparations will include free credit monitoring at the minimum.

Apple two ways

Part 1: The patch that killed an existing patch

When the recent Apple iOS update was released for the iPhone, it inadvertently included code that allowed iPhones to be cracked via a public jailbreak. The original jailbreak was found in iOS versions preceeding 12.3, yet somehow was reintroduced with recently released iOS version 12.4. Luckily, Apple has already addressed the bug and issued iOS version 12.4.1, which is already available to users.

A recent update to the Apple iPhone iOS caused a previously fixed bug to be reintroduced.

Moving forward: If you installed iOS 12.4, be sure to update to the now available 12.4.1 version. If you had not already updated, then the available update will automatically be 12.4.1. Bugs in new software releases are common to EVERY software manufacturer. This is why it is prudent to wait a week or two after an update comes out before upgrading. The only time this does not make sense is when the update is addressing a large security vulnerability.

Part 2: It's not just Siri listening

Like their competitors, including Google and Amazon, Apple was caught allowing outside contractors to listen in on some of the conversations their users have with Siri, their digital assistant. In the case of each of these companies, snippets of recorded audio was being sent to external contractors, often without customers giving explicit consent or even being aware this was happening.

Moving forward: Each company has responded differently to public outcry over this information being revealed. Most users had no idea any of their conversations were being recorded, let alone sent to real people to be analyzed later. If you have one of these devices, or use any of these digital assistants, be sure you understand how much of your data can, and likely is, being used by the company.

Student records

Last month Washoe County School District, located in the state of Nevada, notified parents that 114,000 students may be impacted by a data breach they suffered. The breach allowed unauthorized access to student names and birthdays, some staff names and emails, and affects students enrolled during the time period between 2001 - 2016.

Moving forward: Hospitals are often targets of data breaches, but attacks are branching out to different targets. Any institution or business with a great deal of user data is a potential target. In this breach the information was collected long ago so the students affected are as of yet unknown. Luckily, the amount of information gathered was less than is often the case for those breaches affecting adults. These often include addresses, social security numbers, bank accounts and more.

All data breaches, including those listed above, are costly to both the business and those individuals affected. They mar the reputation of the business who suffered the attack. They risk people's privacy and financial information. They threaten the security of the systems we use every day. Last but not least, they shake the trust we have in companies and their systems. This is why it is important to stay informed and be aware of existing breaches and how we can best protect ourselves.

As always, it is important to pay attention to your accounts, to question communications that seem out of the ordinary, and be diligent about security at all times.