Recent Cyber Security Breaches: TOMS, Lumin PDF, EA Sports and More

Keeping your technology safe should be top priority. Cyber security breaches can happen to anyone or any type of business. As an outsourced IT solution provider we want to make sure to stay in know about the latest cyber security attacks. Every few weeks we like to share our findings with you here on our blog. Please take a peek below to learn more about some of the most recent hacks affecting small to large businesses.

TOMS

Designer and producer of shoes, eyewear, coffee, apparel, and handbags

The Hack: Unauthorized database access

Analysis from Kevin Lancaster: “In an unusual cybersecurity incident, a hacker hijacked the mailing list for TOMS and sent a message encouraging customers to log off their devices and enjoy the outdoors. The message was not malicious in nature, but the hacker admitted that he accessed the platform for a significant time period before sending the email. The hacker also ridiculed bad actors, describing their actions in obscene language sent to TOMS customers. Fortunately, the hacker didn’t disrupt any other elements of TOMS’ IT infrastructure, but his actions highlight the company’s weak cybersecurity standards, which could negatively impact the company on many fronts.”

Read More Here >> Toms Shoes’ Mailing List Hacked to Tell Users to Log Off

 

EA Sports (United Kingdom)

Developer and publisher of sports video games

The Hack: Accidental sharing

Analysis from Kevin Lancaster: “EA Sports inadvertently leaked the personal data of 1,600 gamers who participated in a competition on the company’s website. The breach is related to the company’s FIFA 20 Global Series competition. Aside from becoming a PR nightmare for EA Sports on social media, the leak occurred just hours after the company’s announcement of new security features and promotional events related to the UK’s National Cyber Security Month. The web form was removed after thirty minutes, and the competition was temporarily cancelled.”

Read More Here >> EA Games Leaks Personal Data of 1600 FIFA 20 Competitors

 

Lumin PDF

Cloud-based service PDF service provider. You may recognize them when you use Google Drive, they are a 3rd party option to help view PDF files.

The Hack: Unauthorized database access

Analysis from Kevin Lancaster: “Hackers obtained and published a spreadsheet containing the personal information of every Lumin PDF user. The information was acquired from a database in April 2019, and it was published after repeated attempts to contact the company. Since then, the data was accessed by an additional hacking group, which left a ransom note for the company before deleting the data. The company’s slow response, given that they did not acknowledge the breach until September 17, reflects a general malaise about data security that most consumers would find completely unacceptable in 2019.

Read More Here >> Data of 24.3 million Lumin PDF users shared on hacking forum

 

The National Basketball Association (Canada)

Men’s professional basketball league in North America

The Hack: Unauthorized database access

Analysis from Kevin Lancaster: “An unauthorized user accessed a server managed by the NBA for its Canadian business efforts. The league quickly identified the intrusion and took the server offline, began an investigation, and hired cybersecurity experts to make further recommendations. However, these measures can’t retroactively restore users’ data integrity, nor will it negate the reputational damage that always accompanies a privacy breach.”

Read More Here >> NBA Canada Just Experienced A Massive Data Breach

 

Restaurant Depot

Commercial food service wholesaler.

The Hack: Spear phishing attack

Analysis from Kevin Lancaster: “Restaurant Depot’s customers are receiving phishing emails requesting payment for invoices, purportedly from the company. In response, customers began lashing out on social media, and the company was forced to issue a statement on its website discrediting the email content. The emails are personalized so cybercriminals likely purchased company data from a Dark Web marketplace, which could suggest the possibility of an even more expansive data breach at Restaurant Depot.”

Read More Here >> Restaurant Depot customers targets of phishing emails

 

Carle Foundation Hospital

Regional, not-for-profit healthcare provider

The Hack: Phishing attack

Analysis from Kevin Lancaster: “Three company employees fell victim to a phishing scam that gave hackers access to their email accounts containing patient data. Although the hospital immediately secured the accounts, the easily preventable incident will expose Carle Foundation Hospital to intense regulatory scrutiny and cascading costs related to the breach.”

Read More Here >> Carle Foundation Hospital Suffers Data Breach Due to Phishing Attack

To learn more about how to keep your company safe and secure, click here to explore our IT services & security plans that are offered by SDTEK.

Leave a Reply