This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
Information Security Risk
“Retailer Hudson’s Bay Co disclosed that it was the victim of a security breach that compromised data on payment cards used at Saks and Lord & Taylor stores in North America. One cyber security firm said that it has evidence that millions of cards may have been compromised, which would make the breach one of the largest involving payment cards over the past year, but added that it was too soon to confirm whether that was the case. Hacking group JokerStash a.k.a. Fin7 is alleged to have spent a year collecting payment card records with the intention of selling the compromised accounts on the dark web.”
Insurance + Healthcare
“New Jersey’s Division of Consumer Affairs is levying a fine against Virtua Medical Group after the provider organization suffered a breach that released the protected health information of several hundred of its patients two years ago. The network of physicians, which spans more than 50 South Jersey practices and part of the Virtua Health delivery system, will pay a total of $417,816 and improve data security following a breach of protected health information affecting 1,654 patients whose health records were found to be viewable on the Internet because of a server misconfiguration by a vendor in January 2016.”
“Sears Holding Corp, Best Buy, and Delta Air Lines have announced that some of their customer payment information may have been exposed in a cyber security breach at software service provider 7.ai. In a statement made by Delta Airline, cybercriminals planted a piece of malware in 7.ai software, which captured some payment card data between September 26 and October 12, 2017. Sears and Delta said they were only notified by 7.ai in mid and late March, several months after the breach had been supposedly contained.”
“Malaysia’s central bank announced that it has suffered a cyberattack in which hackers sought to steal money through fraudulent wire transfers over the SWIFT network. The bank did not disclose who was behind the attack or how they accessed its SWIFT servers while also noting that no funds were lost. The incident marked the second known hack of a central bank after the 2016 theft of $81 million from the Bangladesh Bank. ”