A Look Back at Cybercrime in the First Quarter of 2018

Cybercrime made headlines in 2017, and so far, it has shown no signs of slowing down in 2018 either. Less than half of the year has passed, and there have already been numerous cybercrime incidents that have affected countless businesses and consumers. Here’s a look at some of the biggest cybercrimes from the first quarter of 2018:

Under Armour and My Fitness Pal

The My Fitness Pal app was hacked in February of this year, however Under Armour, the company that owns the app, did not discover the breach until about a month after it occurred. The company estimates that about 150 million users of the My Fitness Pal app were affected by the data breach. Although payment information was not compromised, the hackers gained access to these users’ usernames, passwords, email addresses, and other identifying information. The brand notified the affected users immediately after discovering the breach. Even though the company handled the breach fairly well, shares of Under Armour fell roughly 3.8% following the news.

Chili’s Bar and Grill

Chili’s Bar and Grill recently announced that they were affected by a data breach earlier this year. Brinker International, Chili’s parent company, believes the hackers only accessed data acquired during the months of March and April of 2018. However, the company is still not clear how many customers were affected by the breach. Until Chili’s has finished its investigation, countless customers who visited the restaurant during this two-month time period must assume that their payment information was compromised in the breach.

Hudson Bay

Hudson Bay, the parent company of Saks Fifth Avenue and Lord & Taylor, discovered a data breach in early 2018. The company has not completed its investigation into the matter, so it has not officially announced how many customers were affected. However, a well-known hacker group that goes by the name JokerStash attempted to sell information for over 5 million debit and credit cards shortly after the breach occurred. The hacker group claimed that the debit and credit card information up for sale belonged to Saks and Lord & Taylor customers, but this has not been independently confirmed as of yet.

In an effort to win customers back, Hudson Bay has offered free identity protection services to everyone affected. The company has also promised all of its customers that they will not be liable for fraudulent charges that appear on their bills.

Panera Bread

Last year, a cybersecurity expert contacted Panera to let them know about a flaw in their website design. The flaw made customer information such as names, addresses, and the last four digits of credit card numbers visible and accessible to the public. Even though the company was initially notified in August of 2017, they failed to fix the flaw until April of this year. Cybersecurity experts estimate that information from millions of customers was probably breached as a result of the company’s failure to immediately fix the flaw. But, Panera insists that no more than 10,000 customers were affected by the breach. It’s unclear how many customers were truly affected in the breach, but it is clear that Panera needs to revisit their response plan to potential data breaches to ensure they can fix issues in a more timely manner in the future.

SunTrust Banks

SunTrust Bank revealed that they were looking into a possible data breach involving a former employee several months ago. The company believes that a former employee attempted to print personal information belonging to 1.5 million customers and sell it to a criminal third party. The bank stated that only information regarding names, addresses, phone numbers, and account balances was stolen. It is believed that the former employee did not gain access to pin numbers, bank account numbers, or any other type of payment information. The extent of this breach is still unclear, but SunTrust is working with law enforcement to uncover more information. In the meantime, the bank plans on closely monitoring all of their customers’ accounts so they can quickly identify fraudulent activity.

BJC Healthcare

BJC Healthcare, which consists of 15 hospitals and many other healthcare organizations, was another company that was affected by a data breach this year. As a result of a configuration error in a data server, images of documents containing sensitive data were accessible to the public online. The documents that were visible exposed names, addresses, Social Security numbers, driver’s license numbers, and other confidential information belonging to over 33,000 patients. The company is not sure whether anyone actually accessed the information while it was visible, but to be safe, they are providing affected patients with free identity theft protection services.

Rail Europe

A lot of people in the U.S. use Rail Europe to book tickets for trains throughout Europe. But unfortunately, many of these customers could have been affected by the company’s data breach that took place between November of 2017 and February of this year. Rail Europe discovered that hackers used credit card-skimming malware to steal customers’ payment information, passwords, and other data during this three-month period. The company notified customers as soon as they discovered the hack, but have failed to publicly reveal how many customers were affected by the breach. Rail Europe also admitted that they are not sure how hackers gained access to the information in the first place. If the company is unable to identify how hackers obtained the information, it will be difficult for Rail Europe to prevent additional data breaches in the future.

Protect your customers’ sensitive data by working with ERI, the leading e-waste recycler & ITAD service provider in the U.S. ERI carefully destroys data so it is no longer readable or recoverable. For more information on recycling electronics, or to request a quote from ERI, contact us today.