A couple of years ago, it seemed like every time people turned around, a different retailer was being hit by a data breach. Nowadays, the focus of hackers seems to have turned toward hotels and restaurants, as we’ve seen from the numerous data breaches within both industries lately. Because the world of cybersecurity is ever-changing, we decided to round up three of the hottest stories right now that consumers should know about and give you the need-to-know details in one convenient blog post. Keep reading to learn about further woes for customers of an international hotel corporation and a much-loved southern restaurant chain, plus potential Microsoft Windows exploits you will want to know about.
InterContinental Hotel Chain breach is much bigger than originally reported
The breach acknowledged by InterContinental Hotel Chain (IGH) earlier this year, which we reported on in February, has expanded. Previously, it was indicated that only payment cards used at restaurants and bars at certain IGH-branded locations were impacted; however, upon further investigation, IGH has acknowledged that malware was discovered infecting payment card processors at front desks of a number of locations. This malware worked to steal payment card information during on-site transactions only. The dates for this range from Sept. 29 to Dec. 29, 2016, though the specific time frame varies from hotel to hotel. If you’re concerned that your payment card might have been compromised, you can use the state-by-state lookup tool IGH published on its site.
There is not yet an official total for how many properties were impacted, but according to cybersecurity blogger Brian Krebs, so far approximately 1,175 properties across the U.S. have been added to the list. However, that number could increase. Although IHG has been offering franchised properties a free examination of its payment system by a third-party computer forensic team, not all of them have done so yet. Thus, it’s entirely possible that more locations have been compromised than is currently known. Concerned customers should monitor their payment card statements and report any suspicious activity to their bank or card issuer, especially if they stayed at an IGH-branded hotel at any point during the time period when the data breach was happening. You might also want to consider placing a fraud alert or full-blown freeze on your credit reports.
37 Shoney’s restaurants were hit by credit card-stealing malware
According to a statement released by Best American Hospitality Corp., which operates Shoney’s, a total of 37 different restaurants across the southern U.S. were impacted by a payment card data breach. After receiving reports of a potential problem, BAHC contacted Kroll Cyber Security LLC, which investigated and determined that malware had been remotely installed onto the point-of-sale (POS) equipment at multiple restaurants. This malware worked to steal payment card information when cards were processing, including the cardholder’s name, card number, expiration date and verification code. The breach was determined to have begun at some locations around Dec. 27, 2016, and it lasted until it was discovered and eradicated on March 6, 2017. All of the affected locations are corporate locations, not franchise restaurants, and concerned customers can view a PDF with specific information on dates and locations on the BAHC website. Most locations are in Tennessee, but other states with impacted Shoney’s restaurants include Arkansas, Florida, Georgia, Louisiana, Mississippi, Missouri and Virginia.
Similar to our advice for consumers potentially impacted by the IGH breach, it’s best for concerned Shoney’s customers to monitor their payment card statements and consider other protections available to them.
Microsoft claims to have beaten hackers to the punch
Last Friday, a group of hackers known as Shadow Brokers published a series of tools for hacking Microsoft Windows that it claimed belonged to the National Security Agency (NSA). However, Microsoft has countered that it already patched the vulnerabilities identified in this breach in March. According to a Microsoft spokesperson who spoke with CNNTech, consumers who have up-to-date computers and devices are protected. If you haven’t updated your computer recently, you should take some time to do that. And if you’re running any Windows software older than Windows 7, it might be time to consider a serious upgrade, as Microsoft recently stopped providing support for Windows Vista altogether. Although it is certainly concerning to consider the NSA’s potential purposes for these exploits, the most important information for the average consumer to take away from this is that Microsoft has done its due diligence to protect people. You can learn more about this issue by reading Microsoft’s security blog post on the topic.
To keep yourself up to date with all the latest news and information regarding protecting yourself and your identity both online and off, keep up with our identity theft protection blog.