Three U.S. restaurant chains hacked, more breach statistics and soccer game punts privacy.
Welcome to Cyber Security Today. It’s Monday October 7th, I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
By now I hope credit and debit card users know about cards with little gold squares called security chips. If you have a card with a chip you should NOT swipe the card when you pay for things. Swiping is bad, because the machine reads your personal data on the black stripe on the back of the card. And the machines that read that data can be easily compromised by crooks. That’s why newer cards have those chips. So you don’t swipe, you insert the card at the bottom of the card reader, and it reads the data on the security chip — which can’t be copied. However, lots of people either forget or their card provider hasn’t issued modern cards. I mention this because news is now out that a number of Americans were stung earlier this year when credit card machines at three restaurant chains — Moe’s Southwest Grill, McAlister’s Deli, and Schlotzsky’s — were hacked. In a press release last week the company that owns the chains admitted hundreds of outlets had their credit card machines compromised between April 11th and July 22nd, and those who swiped their cards were the ones victimized. If you have a credit or debit card that does NOT have a security chip, don’t use it. And if your card does have a security chip, never swipe.
As part of Cyber Security Awareness Month I’m reporting on security statistics. Here’s new ones from a survey by security vendor Carbon Black of 250 Canadian information technology or security leaders. Eighty-eight per cent of responding organizations said they had suffered one or more data breaches in the last 12 months from an outside attacker. Of those, 65 per cent said their businesses’ reputation had suffered some damage. Forty-nine per cent said the attack had a negative financial impact. The prime cause of breaches: Phishing. Second was ransomware. Companies are going to have to be be creative and thorough as they form cyber defence strategies, the report concludes.
Finally, more than one IT expert has said people who make mistakes are the biggest problem in cyber security. Here’s another example: Online computer competition games, like one around soccer called FIFA 20 Global Series, are hugely popular. But when online registration opened last week players found a surprise on the sign-up page: They could see personal details of people who had previously registered. This privacy breach included usernames and dates of birth, which of course could have been fake, but also email addresses. Crooks could at least use email addresses to spread malware. Games company EA quickly took down the page. According to news reports information on 1,600 people could have been copied. Seems like a programmer made a mistake so the sign-in page didn’t clear after each player registered. It also seems EA’s quality assurance procedures have a lot to answer for.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon