Cybersecurity Digest

Equifax Situation Gets Worse, Whole Foods Hit Too

Like what you are reading?  Share it with others.

2.5M More Hit by Equifax Breach

Initial estimates of the Equifax breach showed an already astounding 145.5 million people had data exposed, but new data shows some 2.5 million more were affected. The new information came out of a forensic investigation by Mandiant, a cybersecurity consulting firm contracted by Equifax.

Mandiant’s investigation found no evidence that hackers accessed databases outside the U.S., but 8,000 Canadians were affected. An additional investigation is expected to take place to examine whether or not British consumers were also exposed.

Former Equifax CEO Richard F. Smith is expected to appear before a congressional subcommittee this week to testify.

“Equifax was entrusted with Americans’ private data and we let them down,” Smith said in a prepared statement on Monday.

Whole Foods Hit With Credit Card Breach

Another national cybersecurity threat has risen in the wake of the Equifax breach. Whole Foods, which was recently purchased by Amazon for $13.7 billion, has built a database for consumers to see whether or not their store was affected.

The nation’s biggest cities were hit, including two stores in New York City, two in Los Angeles and six in Chicago. Aside from the searchable database, Whole Foods has released little information about the breach, and people, including politicians, are concerned.

“Whole Foods needs to tell the whole truth about this incident, and soon,” said Rep Diana DeGette of Colorado. “Customers need to know whether and how they were affected, when, and in what way. How many people, and in which regions of the country, are at risk? How long ago did Whole Foods learn of it, and what steps have been taken to mitigate the damage?”

The breach is supposedly only linked to taprooms and restaurants within Whole  Foods’ stores. Current information states consumers who only purchased groceries at Whole Foods should not have been affected.

SEC Cybersecurity Statements Draw Criticism

This week, SEC Chairman Jay Clayton provided an update to the 2016 EDGAR software hack investigation. EDGAR, a financial database used by the federal government,  was breached last year, but it wasn’t announced until last month.

Officials have stated they believe the hack did not result in stolen personal information or jeopardize government operations. But the most recent statements do not acknowledge whether or not any private information had been exposed aside from that of individuals.

Without asking, the Department of Homeland Security is conducting its own investigation into the hack.

“In addition to this incident and several others, we are reviewing our procedures to ensure that it’s clear that when an incident happens, what role the department needs to play in a response, not just at the request of an agency,” said Jeanette Manfra, the assistant secretary for cybersecurity and communications at the National Protection and Programs Directorate.

Video of the Week

Homeland Security Information Network – Cybersecurity | U.S. Department of Homeland Security

Twitter Follow of the Week

Graham Cluley | Cluley has held senior roles at McAfee and Sophos, where he founded their Naked Security blog. He has also worked in the computer security industry since the early 1990s. He and his writing has been featured on NPR, BBC, TechCrunch, The Telegraph, as well as many others.

Security Tool of the Week

HYPR | HYPR, not to be confused with the influencer marketing softwareHYPR, is an internet of things (IoT) and identity security solution. Last week it raised $8 million for its “decentralized approach” to security. According to its site, its customers include four of the world’s top ten banks, two of the world’s top four automakers and two of the world’s four top credit networks.

Quick Hits

  • Showtime Websites Secretly Mined User CPU for Cryptocurrency (The Verge)
  • Gun Control Tech Exists. But It Won’t Stop Mass Shootings (WIRED)
  • China Blocks WhatsApp, Broadening Online Censorship (NY Times)
  • Study Finds Significant Number of Macs Running… (Mac Rumors)
  • Signal Has a Fix for Apps’ Contact-Leaking Problem (WIRED)
  • Microsoft Looks to the Cloud to Expand Its Security Offerings (TechCrunch)
  • Oracle Launches 18c, Its Autonomous DB and Cybersecurity System (ZDNet)
  • HPE Let Russia Scrutinize Cyberdefense System Used by Pentagon (Fortune)
  • HYPR Raises $8 Million to Prevent Another Equifax Hack (TechCrunch)
  • The Deloitte Breach Was Worse Than We Thought (WIRED)

Want more cybersecurity news from around the web sent to your inbox once a week?