Here are the top security stories from recent weeks.
- McDonald’s Hit by Data Breach Exposing Customer Information in South Korea and Taiwan Markets
- Children’s Apparel Giant Carter’s Exposes 410K Customer Records
- Hackers Steal EA’s FIFA 21 Source Code After Breach
- Ransomware Hits Foodservice Supplier Edward Don, Affects Business Operations
- Dept. of Justice Recovers $2.3 Million of Colonial Pipeline Ransomware Payment
Fast food giant McDonald’s recently disclosed a data breach exposing customer information from its South Korea and Taiwan markets. Customer information stolen included emails, phone numbers, and addresses for customers in South Korea and Taiwan. Employee information including names and contact information was also stolen in Taiwan. No U.S. customer data was exposed, but some business contact information for U.S. employees and restaurant information were also exposed. McDonald’s did not disclose the number of records exposed, stating that a small number of files were affected. The breach was discovered during an investigation on unauthorized activity on internal security systems.
Carter has unintentionally exposed the personal data of more than 410,000 customers through unauthenticated, shortened URLs sent by partner vendor Linc. Carter uses Linc to automate online purchases, but the vendor sent out shortened URLs that never expired to purchase confirmation pages without basic security protection. This exposed the full names, physical addresses, email addresses, phone numbers, shipment tracking IDs, and transaction details of customers dating as far back as 2015. vpnMentor discovered and notified Carter’s of the data leak on March 17, and the links were eventually deactivated April 4-7.
Electronic Arts (EA), video game maker of popular title series including The Sims, Need for Speed, and FIFA, stated they are investigating a breach of their systems. While the company said no player data was accessed, hackers did steal game source codes and tools. Hackers posting on dark web forums claim to have the FIFA 21 game source code and tools, asking $28 million for the data. EA is working with law enforcement and security experts in continued investigation of the incident.
Edward Don, a leading distributor of foodservice equipment and supplies, was hit by a ransomware attack affecting business operations. The company shut down phone systems, network, and email to prevent further spread of the attack. Edward Don has paused acceptance of new orders, and its service disruption is expected to cause disruption in the supply chain of hospitals, restaurants, and hotels.
The U.S. Department of Justice was able to recover $2.3 million worth of Bitcoin, approximately 85% of the ransomware payment Colonial Pipeline paid to the DarkSide ransomware gang. The ransomware group shut down shortly after the attack, citing their servers and cryptocurrency was seized by law enforcement. The DOJ tracked and identified 63.7 bitcoins from Colonial Pipeline’s ransom payment that was transferred to an address where the FBI had the “private key” needed for access.
To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from data leakage, malware, and more, download the Top CASB Use Cases below.