Security Breach Report: January 13, 2015

As President Obama pushes for new data security policies, we explore vulnerabilities exposed during recent data breaches, insider security incidents, social engineering threats, and cases of cyber espionage:

• Bitcoin exchange Bitstamp is back online after temporarily suspending service following a breach that compromised “operational wallets” and resulted in the loss of 19,000 bitcoins valued at more than $5 million.
• Junior financial advisor Galen Marsh allegedly stole data from 350,000 of the wealthiest Morgan Stanley clients, ultimately posting details of more than 1,200 accounts on Pastebin and offering more data in exchange for 78,000 speedcoins, a virtual currency.
• Hackers who claimed affiliation with Anonymous hacktivists leaked data of more than 13,000 Amazon, Xbox, and Playstation users.
• A data breach at the U.S. Department of Veterans Affairs (VA) exposed the protected health information of more than 7,000 veterans. A flaw in a third-party contractor’s database was reportedly the source of the leak.
• Few details are available, but fast food chain Chick-fil-A is investing a suspected data breach that is reported to have lasted from December 2013 through September 2014 may have impacted as many as 9,000 consumer credit cards.
• U.S.-based technology company NVIDIA reportedly suffered a network breach that compromised more than 500 employee user accounts and passwords.
• Independence Blue Cross, a health insurance company based in Philadelphia, Pennsylvania, disclosed a data breach that affected more than 12,000 of its customers. Maintenance workers reportedly discarded boxes of member records instead of moving them to a new office.
• News about the U.S. Postal Service cyber security breach, originally disclosed in November 2014, continues to get worse. The latest reports state that, in addition to compromising the personally identifiable information of 750,000 employees, the breach may have also exposed the protected health information of more than 485,000 employees.
• A cyber attack on U.S. federal contractor KeyPoint Government Solutions reportedly compromised the computer files of more than 40,000 government workers. 
• A suspected data breach at AMResorts could have compromised the personal and credit card data of the luxury hotelier’s customers.
• Scotland Yard has launched an investigation in the UK after an illegal migrant was found to be working in the House of Commons. The woman had a “casual worker” status, but she reportedly gained unfettered access to areas of Parliament by using the security pass owned by a permanent staff member.
• The FBI is investigating after the U.S. Central Command Twitter account and YouTube channel were apparently hacked by ISIS supporters.
• Clothing retailer and Amazon subsidiary Zappos.com has agreed to pay $106,000 to settle an investigation into a 2012 cyber attack and the resulting data breach that exposed data of 24 million customers.

Have you made any cyber security resolutions for 2015? Follow our advice to help improve employee behaviors in the months and years ahead.

Want to improve your cyber security posture? Our assessment and education solutions can help.