data breach
Blog

Two New Data Breaches

As beneficial as technology can be, it also creates risk. In fact, this week witnessed more than one major data breach surface…

PayMyTab Personal Data Breach

Last month, cybersecurity company vpnMentor alerted PayMyTab – an at-table mobile payment application – that an unsecured Amazon Web Services data bucket has been exposing a variety of its customer records to hackers since July 2018.

Despite Amazon rolling out a security feature last year specifically designed to prevent S3 data storage bucket leaks like this from occurring, PayMyTab users have been victimized by a long-running data breach that makes them likely targets of spearphising attacks moving forward.

While Amazon and the app state they corrected the vulnerability earlier this month, users are at risk of having the following information leaked:

  • Names
  • Email addresses
  • Cell phone numbers
  • Credit card numbers
  • Meal items ordered
  • Dates/times/locations of purchases
  • Restaurants visited

Macy’s Magecart Attack

Unfortunately, mobile apps aren’t the only recent victim of tech-driven attacks. Recently, Macy’s website was hacked by malicious scripts in an attempt to steal customer payment information – and it seems to have worked.

On October 7th, Macy’s ‘Checkout’ and ‘My Wallet’ pages were infected with unauthorized code that allowed hackers to capture individuals’ credit card data. More specifically, it appears a ClientSideErrorLog.js script was infected by malware to harvest transaction details and transmit customer data to a remote command-and-control server.

This scenario is by no means unique. In fact, these attacks – dubbed Magecart attacks – have become increasingly popular. Over the last two years, over 18,000 domains have been negatively impacted by similar efforts. While Macy’s acted quickly and promises all affected shoppers one year of complimentary credit monitoring, this data breach stole customer payment information for more than a week before it was corrected. Leaked data includes:

  • Names
  • Email addresses
  • Mailing addresses
  • Telephone numbers
  • Credit card numbers
  • Credit card security codes
  • Credit card expiration dates

data breachIn the wake of data breach after data breach, enterprise executives need to continuously revisit their security practices to prevent devastating attacks. Want to know how today’s leading CIOs and CISOs are addressing their cybersecurity concerns? Access AOTMP® Research’s recent Analyst Perspective report now!