About CSS

CSS News Round-Up: Unprotected MoviePass Database Includes Customer Card Numbers

August 22, 2019

News Round-Up – Get a Quick Rundown of What You Need to Know

 

The Converged Security News Round-Up looks into recent reports and journalism covering converged security threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @ConvergedSecSol. Visit our services page to learn more about the CSS suite of services, including managed security services and end-to-end cyber-and-physical protection.

 

Unprotected MoviePass Database Includes Customer Card Numbers

An unprotected database was found by researchers and included over 161 million records, says Tech Crunch, including thousands of customers’ personal credit card numbers, expiration dates, and billing information. The database was likely left this way for months before MoviePass finally took it offline recently, as it was discovered in June. Additional information exposed includes many emails and logged incorrectly typed passwords, the article states. The incident comes after a massive decline in the company’s business after it ran out of funds to operate before restarting its service.

 

Massive Cyber Attack Takes 20+ Local Government Victims in Texas

According to Security Week, 22 local government organizations were impacted by a coordinated ransomware attack in Texas. The cyber branch of the FBI, DHS, Texas Military Department, and others are currently assisting those affected. As evidence is being reviewed, the article states, it is currently believed that one actor alone completed the entire attack. It is not yet known if the organizations have backups or how they are working on getting back online. The incident is one of many that have taken place targeting governments in recent years including Florida, North Carolina, and more. The cybercriminals responsible for the attack are now demanding $2.5 million in order to unlock the files.

 

700,000 Records Stolen From Exposed Choice Hotels Database

A database left unsecured online with 5.6 million records belonging to Choice Hotels was found by criminals that stole 700,000 records, says Cyber Defense Magazine. The information included names, phone numbers, and email addresses. The hackers have demanded a $4,000 (.4 BTC) ransom, the article states, and the database was finally secured on July 2nd after being indexed on June 30th. The hotel chain has stated that the data was located on a vendor’s server and that they will not be working with the vendor anymore.

 

Man Sentenced to Prison After Using Stolen Data for Fraud

A man located in Brooklyn, NY was sentenced to 57 months in prison due to his role in a $1.1 million fraud scheme that took place over a decade, says Info Security Magazine. “Jason Mickel Elcock, aka “Prezzi”, pleaded guilty in March to a series of wire fraud and money laundering charges, as well as unlawful possession of a firearm,” the article notes. By purchasing stolen data, Elcock and his partner, Shoshana Marie McGill hacked countless emails accounts, password vaults, and bank accounts. The pair was able to open accounts on their victims’ behalf, transfer their phone numbers, move funds between accounts, and more, beginning in 2008, Info Security states.

 

Medical Research is the Main Target of State-Sponsored Cyberattacks

According to Dark Reading, state-sponsored cyberattacks carried out by Russia, China, and Vietnam have made medical research one of their main targets. Chinese cybercriminals focus mostly on cancer research, likely to gain information for their own use in battling the disease. The information stolen is helpful for attackers to hack medical devices and other vital technology found in hospitals, the article notes. Groups such as APT 28 have attacked the World Anti-Doping Association (WADA), while others have focused repeatedly on cancer research centers.

 

Converged Security Solutions provides our clients with measurable value by better quantifying, reducing, and managing security risk through assessments, remediation, and monitoring of IT and critical infrastructure. Our services span cyber and physical security to address the growing complexities in a world with internet enabled devices. Contact us to request quotes, learn more about the full catalog of services, or for a free initial consultation.