Payment systems at two U.S. restaurant chains hacked, cellphone maker OnePlus victimized and more
Welcome to Cyber Security Today. It’s Wednesday November 27th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
It’s a bad week for data breach discoveries. I’ve got a bunch to tell you about today.
Have you eaten this year at a Catch NYC, Catch Roof or Catch Steak restaurant? The company is notifying customers some of its payment card machines were compromised, so customers’ credit and debit card numbers could have been scooped up between March 19th and October 17th. People who should particularly be concerned are those who paid at the bar. The machines there were infected. The wireless payment machines that waitstaff bring to tables are safe — except if cards were swiped. However, anyone who swiped their credit or debit card at these restaurants should be watching their bank and card statements. As I’ve said before, recently-issued cards with a special shiny chip on them are safe from attack. The chip has their personal information which is encrypted. But they’re safe only if the cards are inserted at the bottom of a card reader, or tapped on the top of the reader. Cards that are swiped along the side of the card reader are open to attack. Swiped cards read the user data from the black stripe on the back of the cards, which can be captured by criminals. If you don’t have a payment card with a chip, think about switching to one that does. Even if you have a chip card, make sure neither your nor the waiter or waitress swipes the card.
Have you eaten lately at a Church’s Chicken restaurant? The company is letting customers know card payment systems of 160 company-owned outlets in 11 states were compromised lat last month. There are no details about how the payment system was compromised, but the company says stolen data may have included customer names their payment card numbers and card expiration dates.
Android handset manufacturer OnePlus, which sells phones online, says that last week it discovered some customer information had been stolen. That includes buyers’ names, contact phone number, email address and shipping address. Not exposed were payment information or passwords. The company didn’t detail whether the attacker got into a company database or website. Impacted customers are being notified by email. The news site The Hacker News notes that in 2018 the website of OnePlus was hacked, with the attacker getting away with credit card information on 40,000 customers.
October was the month with the largest number of data breaches in the U.S. healthcare sector. According to the news site Bleeping Computer, 52 data breaches or ransomware attacks impacting hundreds of thousands of health records were reported last month. However, some of them were encrypted so hackers didn’t get personal information.
Security firm Kaspersky is warning the public to beware of browser push notifications that are increasingly being used by criminals. These start with a prompt that asks if you want to allow or block notifications. Notifications can be innocent, for example, telling you some new content is available on a website. However, scammers are trying to find ways to trick users into allowing notifications, then flooding the victims with ads and malware. Tricks include passing of approval of a notification service as a Captcha notice to prove you aren’t a robot, switching the “accept” and “decline” buttons and showing notifications from phony copies of real websites. The scam notifications that pop up later include ads, phony alerts that your computer has a virus or has out of date software, phony lottery wins or offers of money for completing a survey. To avoid receiving these notifications Kaspersky advises users to block subscriptions for notifications unless they come from a trusted website. If you do approve one of these unwanted services it can be blocked in your browser settings under Notifications. In Chrome its in the Site Settings section. In Firefox its in the Privacy and Security setting.
Finally, Canadian listeners should know that at various times today provincial and territorial governments will test their Alert Ready emergency alert system. This tests the ability to deliver alerts over cellphones, radio stations and TV. In New Brunswick, and Newfoundland it will be heard at 10:55 this morning; in Prince Edward Island at 12:55 this afternoon; in Nova Scotia, Quebec and Western Canada the test alert will be held at 1:55 p.m. and in Ontario at 2:55 p.m.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon