Written by: Bridget Doyle | Fri, 18 Dec 2015 19:49:25 +0000
2015 was a big year for data breaches, with major corporations like Primera Blue Cross, Sony Pictures, and JP Morgan Chase, among others reporting major instances of data theft throughout the year. Here are four stories of identity theft from around the web that may not have made your radar.
A well-known children's electronics manufacturer is one of the latest to report
a large-scale data breach, proving that all demographics are vulnerable to this type of crime.
In a company press release, VTech recently announced a data breach occurred on Nov. 14 that comprised 5 million customers and includes the profiles of children connected to those accounts. Wired magazine reported
the attack targeted VTech's "Learning Lodge" app store database, so anyone who had downloaded an app, game, ebook, or other through Learning Lodge, or has used the Kid Connect service, should consider their information compromised. According to Wired, stolen information includes names, email addresses, encrypted passwords, security questions, and answers, IP addresses, mailing addresses, and download history. On the company website
, VTech states that credit card information was not stolen in the breach, and the company is working to inform customers through its website.
Two major hotel chains—Hilton Worldwide
and Starwood Hotels & Resorts Worldwide
—recently reported that some of its customers' information had been compromised. Starwood and Hilton join The Trump Hotel Collection, Mandarin Oriental, and White Lodging hotel groups in reporting attacks on clientele this year.
Starwood reported malware designed to steal credit and debit card information was found on point-of-sale cash registers at a handful of its North American hotels. The hotels, mostly Sheratons and Westins, were reportedly breached sometime between November 2014 and May 2015. Starwood published a list of its affected properties
, which includes the restaurants, gift shops, and other point-of-sale systems at the individual hotels. Starwood's president did state that information such as Social Security numbers and PINS were not affected.
Hilton Worldwide reported a credit card breach
just two months ago, and the well-known hotel chain is back in the spotlight for a similar announcement. Five days after Starwood's reported breach, Hilton acknowledged a similar breach affecting some point-of-sale-systems. According to a statement by the company, the attack, which also used malicious software, occurred over a 17-week period from Nov. 18, 2014 to Dec. 5, 2014, or April 21 to July 27, 2015. The stolen information includes cardholder names, payment card numbers, security codes, and expiration dates, but no addresses or personal identification numbers (PINs), according to the statement.
It seems there's no end to the tools and capabilities of data hackers, and one privacy and security researcher has created a device to prove how vulnerable credit card consumers may be.
The MagSpoof device
, created by hacker Samy Kamkar, wirelessly emulates any magnetic stripe on a credit card via a strong electromagnetic field. MagSpoof can also disable chip cards and PIN protection, switch between different credit cards, and accurately predict the card number of recently replaced American Express credit cards. MagSpoof is as small as the face of a watch, reports Wired
, and can store more than a hundred credit card numbers at a time.
One thing MagSpoof can't do is provide the CVV numbers on the back of the card, which prevents it from being usable at a number of retailers. Kamkar, an entrepreneur and well-known privacy and security researcher, said he does not plan to share how he created the device for fear that a criminal might use the product for fraud.
Krebs On Security news blog recently reported criminals are embedding skimming devices inside fuel station pumps to steal credit card information. The cards are then cloned and used to steal gas, with hundreds of gallons often filled into hollowed-out trucks and vans. Thieves then sell the gas at reduced prices via fuel theft rings in order to make a profit, Krebs On Security reports. Some thieves even gain access to the inside of pumps by allegedly bribing gas station attendants
to hook the skimmer up to the pump's credit card reader. Police task forces have been created in places like Los Angeles to battle this burgeoning crime. Credit card users can rest easy knowing a majority of banks do not hold customers liable for fraudulent charges on their cards. However, reporting the activity to your bank is still important and necessary.