May in review: Breaches and ransomware

June 04, 2018//Ellen Neveux

Last Updated: November 18, 2020

May 2018 was a month filled to the brim with breaches, hacks, and ransomware attacks. It has been reported that during the month of May, 17,273,571 records were leaked. Remember, this number is only reflective of the breaches that have been found and reported; frequently cyberattacks are found and reported months or even years after they have occurred.

One of the most talked about breaches of May happened at Chili’s Grill & Bar, a well-known Tex-Mex restaurant. On the other hand, Bombas, a sock company, reported a breach that occurred in 2015. The Health and Human Services’ Healthcare Cybersecurity and Integration Center (HHS HCCIC) released a report at the end of this month talking about ransomware attacks. Let’s take a closer look at the biggest data breach news items for the month of May.

The Chili’s breach
“I want my data back, data back, data back…” jokes were all over the Internet once the Chili’s breach was known by the masses. The restaurant chain has more than 1,600 locations worldwide, but it is unclear, or just unreported, which of the restaurants were affected by this breach. The breach occurred between the months of March and April and was reported on May 11 to the authorities. In a statement Brinker International, the parent company to Chili’s, said that they “believe that malware was used to gather payment card information including credit or debit card numbers and cardholder names, and potentially expiration dates and CVV codes from [their] payment-related systems for in-restaurant purchases at certain Chili’s restaurants.”

SecureLink | Chilis Website Data Breach
Banner on Chili’s website about the breach.

Chili’s and Brinker International announced the breach one day after it was known by them and created a webpage that included more information and a question and answer section. Their response time was quick, which may be able to save their brand image and reputation after this breach. Although they had a good response time and were open about what happened, a study from KPMG found that 19 percent of customers said they would stop shopping at a breached retailer, and 33 percent said they would take a long-term break. It will be interesting to see how, or if, consumers take this into consideration before going back to the chain for their baby back ribs.

Bombas socks breach
The story of Bombas’ breach is a lot different than what Chili’s went through. Chili’s made an announcement within a day of finding out about the breach. Bombas took over three years to find and report. According to Databreaches.net, this breach happened in 2015 and wasn’t found out or reported until the end of May 2018. So, where was the disconnect? Bombas sells its socks online and used a vendor to develop and manage their website, and also used a third-party e-commerce platform. The e-commerce platform Bombas used had malware planted in the code. This malware placed on the platform may have taken names, addresses, and credit card information; Bombas is also unable to determine which transactions were impacted. So, Bombas had to send out a notice to nearly all 41,000 customers who made a credit card purchase since the launch of their website in 2013. Bombas has since changed to a different service provider and e-commerce platform. For the 41,000 people who made a credit card purchase on their website, Bombas is offering free identity monitoring for two years.

HHS on ransomware
News outlets are continually downplaying the number of ransomware attacks that happen, but that isn’t how healthcare and government organizations feel. Ransomware continues to be a huge issue as we are nearly at the halfway mark of 2018. With the most recent, and reported, attack being on Allied Physicians of Michiana. If ransomware wasn’t a big deal to the healthcare and government sectors, would the HHS HCCIC release a report on SamSam, one of the largest ransomware campaigns that has been targeting the healthcare and government sectors since 2016? No, they wouldn’t. To put it in numbers, since the beginning of 2018, eight SamSam attacks have been reported within the healthcare and government sectors. Sadly, SamSam isn’t the only type of malware targeting the healthcare industry. Symantec has issued a warning that Orangeworm malware may victimize hospitals worldwide. It is believed that this “strain” of malware is being used to get into sensitive medical information, but the attacker’s end-game is still unclear. In other words, anyone and everyone is trying to get their hands on sensitive information (e.g. personal health information, or PHI) from the healthcare industry.

Beyond being an inconvenience for everyone involved in a ransomware attack, attacks like these can also impact the care patients receive. With a ransomware attack, network files cannot be accessed, so patient care can be compromised. The HSS released a list of strategies to follow to prevent attackers from gaining access to servers via a remote desktop protocol (RDP), which is one of the main attack vectors taken. The easiest, and best, way to check off all the items on the list is to implement the best secure remote access software. It not only helps with all of what the HSS has released, but it also makes compliance with industry standards a breeze. The right secure remote access platform will also offer real-time notifications, high-definition audit, authorization, and granular access control.

Protect your network
Both breaches and ransomware attacks aren’t going away, so the best thing any organization can do is protect itself from bad actors with a layered defense. It has been widely accepted that one of the main attack vectors for bad actors to access a network is through third-party access. Regulate and take control of the access granted to third-parties to save yourself from a data breach or ransomware attack.

About SecureLink
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

close close