#CyberFLASH: Customers at Sheraton, Westin, other hotels hit by data-stealing hack

NYBZ120-15_2013_124926_highIf you stayed at a Sheraton, Westin or other Starwood hotel in the US or Canada this past year, you’ll want to keep an eye on your credit or debit card account.

Starwood Hotels and Resorts Worldwide said this week that point-of-sale systems at more than 50 of its hotels had been infected with malicious software. The malware, installed at gift shops, restaurants and other locations, let hackers make off with payment card data, including cardholder name, card number, security code and expiration date.

The company said in a statement that it has removed the malware and “implemented additional security measures to help prevent this type of crime from reoccurring.” It also said there’s no indication at this point that its guest reservation or preferred-guest membership systems were affected. The company added that there is no evidence that customer PINs or contact information were captured.

A list of affected hotels includes facilities in major cities, such as the Sheraton New York Times Square hotel, the Westin Michigan Avenue Chicago, the Westin Los Angeles Airport and Le Centre Sheraton Montreal. The Walt Disney World Dolphin hotel was also hit. Timing of attacks varied from place to place, but the earliest listed happened in November 2014, with the most recent occurring in March of this year.

Read more here

#CyberFLASH: Hundreds of Canadian credit cards hacked by infected terminals, firm warns


A new strain of computer malware infecting payment card terminals in restaurant and gas station has compromised nearly 700 credit cards in Canada, a computer security firm says.

The viral code, JackPOS, infects point-of-sales terminals, a security breach similar to other highly publicized recent cases that struck victims such as the Target retailing chain or the White Lodging hotel management firm

According to a map released Monday by the California security firm IntelCrawler LLC, JackPOS stole data from 400 cards in Vancouver and from 280 other cards at a location in Longueuil, Que., south of Montreal.

IntelCrawler said the infection appeared about three weeks ago.

In an e-mail to The Globe and Mail, IntelCrawler CEO Andrew Komarov said the point-of-sales terminals were breached through remote access, by hackers who created a large list of possible passwords (such as POS1, Administrator or 123456789) and then “brute-forced” themselves into the systems.

Read more here

#CyberFLASH: Nanaimo BC – Banking information for City of Nanaimo customers safe from big security breach


The City of Nanaimo says customer banking information is safe from a security breach that affected other municipalities that use the same online bill-paying software.

On Friday, the city learned about a cyber-threat to an application used to power web applications for online billing, licensing and tax statements. The threat could result in theft of customers’ login and password information, raising the spectre of unauthorized access to banking information.

Software firm Adobe issued a patch to block the vulnerability. Victoria and several other cities warned customers who use Mycity software to scan their bank statements. The city of Nanaimo did not issue such an alert, and nor will it. City staff apply all software security patches immediately when they are issued, and staff spent the weekend running software analysis to ensure nothing got missed.

“In this case, Nanaimo has not been affected,” said Guillermo Ferrero city of Nanaimo manager, business applications. “After we knew about this, we spent the weekend doing all kinds of testing. For IT people, there is no rest.”

Read more on Canada.com

#CyberFLASH: Oak Bay Ontario-Municipal website payment server hacked, users urged to contact their banks

Oak Bay Municipal Hall

The District of Oak Bay is warning residents to monitor their bank accounts after the municipality’s online servers were hacked.

The municipality said its oakbay.ca website was attacked on July 22.

A preliminary review has not found any evidence that residents’ personal information had been compromised, but residents who use Oak Bay’s pre-authorized withdrawal system to pre-pay taxes are being urged to contact their banks for advice.

The computer systems used do not store social insurance numbers, driver’s licence numbers, or credit or debit card numbers, but do contain the bank account numbers of about 1,500 residents as well as names and addresses.

Read more on Times Colonist

Stopping digital pickpockets: contactless credit cards face fraud risk


MONTREAL – They’re easy to use. But the information inside? Easy to lose.

As more consumers buy things by waving their credit or debit card or cellphone at a payment terminal — no PIN, no signature, no contact — a new frontier has opened up for digital thieves.

With something as simple as a downloaded freeware app, hackers can place their phone near your wallet or phone and get your name and basic card data immediately, without you knowing. 

Read more here

CBE hit by new privacy breach as laptop containing 2,000 report cards stolen

The Calgary Board of Education has been hit by a second significant privacy breach this month after an employee laptop containing the report cards of more than 2,000 students was left in a car and stolen.

The theft happened Oct. 5 and was reported to police and the Alberta privacy commissioner.

The CBE said it held off from a broader public notification because it wanted to first pull files and student information to build a clear contact list of those affected.

On Tuesday, 225 principals were called to a northeast hotel, briefed on the situation, and many were given phone numbers to begin calling the parents of those students.

Read more here

RCMP arrest Alberta man who US says is a suspect in international cyber crime

RED DEER, Alta. – Police in central Alberta have arrested a man wanted by the FBI as a suspect in an international ring that allegedly used the Internet to obtain and trade personal credit card and bank information.

RCMP say Eric Bogle, 23, of Red Deer was arrested on July 2 on a warrant that was issued in the U.S.

Read more here

BC Hydro asks customers to check bills after online security breach


BC Hydro is asking its online credit-card customers to check their bills after a security breach was detected last week.

Vancouver, BC — BC Hydro is asking its online credit-card customers to check their bills after a security breach was detected last week.

Corporation spokeswoman Jennifer Young said the breach — which involved credit card information not being properly encrypted — has been corrected, but urges those who paid online with a credit card in June to double check just in case.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.