This has become an all too common event these days. I am glad my home state has taken the time to inform citizens via recommendations protect ourselves. Here is the latest information from New Jersey Cybersecurity & Communications Office.
Under Armour/MyFitnessPal
Under Armour announced that, in February 2018, an unauthorized party obtained access to data associated with MyFitnessPal user accounts. Information exposed in the breach includes usernames, email addresses, and hashed passwords. The NJCCIC recommends that MyFitnessPal users immediately change the passwords to their accounts and be on alert for phishing campaigns associated with, and resulting from, this breach.
Saks Fifth Avenue and Lord & Taylor
Saks Fifth Avenue and Lord & Taylor department stores released a statement regarding a data breach that resulted in the theft of customer payment card data. According to Gemini Advisory, a cybersecurity firm that specializes in tracking stolen financial data, the compromise likely occurred beginning May 2017 and the majority of stolen payment card information was obtained from the companies’ New York and New Jersey locations. Saks Fifth Avenue and Lord & Taylor will offer impacted customers free credit and web monitoring services, as well as free identity protection services. The NJCCIC recommends affected customers take advantage of the free credit and web monitoring services, as well as the identity protection services offered, monitor their financial accounts for suspicious activity, and notify their card issuers immediately if they notice unauthorized charges made to their accounts.
Panera Bread
On April 2, security researcher Brian Krebs reported that, for at least eight months, Panerabread[.]com had been leaking millions of customer records that included names, email addresses, home addresses, dates of birth, customer loyalty card numbers, and the last four digits of their payment card numbers. In August 2017, another security researcher, Dylan Houlihan, had reportedly notified the company about the data exposure but the company did not address the issue until April 2, 2018. Cybersecurity firm Hold Security suggests that the number of exposed records likely exceeds 37 million and that the data leak may also impact Panera’s commercial division. The NJCCIC recommends all Panera Bread customers monitor their financial accounts and loyalty accounts for suspicious activity and report any unauthorized charges immediately. Additionally, we recommend Panera Bread customers be on alert for phishing campaigns associated with, and resulting from, this data leak.
CareFirst
CareFirst BlueCross BlueShield reported that, on March 12, 2018, an employee within the company took action on a phishing email and, as a result, may have exposed the personal information of 6,800 of the insurer’s members. The employee’s account was used to send spam emails to recipients who are not associated with CareFirst. The unauthorized access to the employee’s email account could have potentially exposed CareFirst member names, identification numbers, and dates of birth. Eight members’ Social Security numbers may have also been exposed. CareFirst is offering two years of free credit monitoring and identity theft protection services to affected members. The NJCCIC recommends affected members take advantage of the free credit monitoring and identity theft protection services offered.
The above and more can be found here on the NJCCIC site for April Alerts