UPDATED 23:35 EDT / AUGUST 01 2018

INFRA

Three’s not so charming: Fashion Nexus, UnityPoint and Yale reveal data breaches

Three’s no charm today for customers using sites developed by U.K. web developer Fashion Nexus Ltd., patients at UnityPoint Health and students at Yale University — all affected by data breaches.

Starting with Fashion Nexus, which operates sites such as Elle Belle Attire, AX Paris and Traffic People on behalf of clients, about 1 million customer records were found exposed online by white-hat hacker Taylor Ralston.

The number of records is in some dispute. Graham Cluley, who first reported the data breach, pegged the number at 1.3 million. The company itself claimed it’s 642,000. But what’s not in dispute is that the data consisted of customer names, dates of birth, email addresses, phone numbers and hashed passwords.

Scott Schneider, chief revenue officer at CyberGRX Inc., told SiliconANGLE that the Fashion Nexus breach demonstrates the “powerful ripple effect” when a solution provider is compromised in an industry where retailers’ and vendors’ digital ecosystems have become increasingly intertwined.

“A single vulnerability at an e-commerce company’s network led to sensitive data for over a million customers across multiple retailers,” Schneider said. “When customers find out their data was exposed, it’s the retailers they will blame. As digital ecosystems grow increasingly interconnected, it’s critical that retailers understand and manage their own cyber risk and make decisions based upon the security postures of the third parties with access to their networks.”

UnityPoint Health, which was previously in the news back in 2016 when it was disclosed that an employee has been stealing patient information over the course of about seven years, has been outright hacked this time around via a phishing attack.

The hack, which occurred between March 14 to April 3, saw 1.4 million records stolen covering a wide variety of information: names, addresses, dates of birth, medical record numbers, medical information, treatment and surgical information, diagnoses, lab results, medications, providers, dates of service and insurance information.

Derek Lin, chief data scientist at Exabeam Inc. noted that many network attack vectors start with a link to a phishing URL.

“A carefully crafted email containing the malicious link is sent to an unsuspecting employee,” Lin explained. “As soon as it’s clicked, the cycle of information loss and damage begins. Any company that houses sensitive data — especially electronic healthcare records — should aim to nip this problem early on by identifying and alerting on these malicious links.”

Yale delivered the third of the data breaches, disclosing that its systems had been compromised 10 years ago.

The data intrusion is said to have a taken place between 2008 and 2009, with records of 119,000 students faculty members stolen. ZDNet reports that the hackers were able to exfiltrate names, Social Security numbers and in most cases dates of birth. Some victims also had the details of their Yale email addresses and physical addresses stolen.

Anurag Kahol, chief technology officer at Bitglass Inc., said that Yale is just one of many organizations breached long ago that failed to take immediate action.

“Unfortunately, countless more of these incidents have yet to be discovered,” he said. “While Yale hasn’t disclosed much information around how the breach occurred, this event highlights the need for proactive security that is constantly, vigilantly monitoring data. As the era of the cloud marches onward, hackers will become more and more capable of stealing massive amounts of data in the blink of an eye, so for unsuspecting organizations that lack adequate protections, the threat of data leakage will only increase.”

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU