Corporate Hack Roundup: Panera Bread, Boeing, and More
A slew of cybersecurity news have made the rounds in the past week, illuminating just how vulnerable companies — and consequently, their customers — are to online threats. Some of the most notable cases:
Panera Bread: A security flaw in the restaurant chain’s website left millions of customers’ information exposed, including username, first and last name, email address, phone number, birthday, last four digits of saved credit card number, home address, and more. Even worse, when the company was alerted to the danger, it accused the security researcher of trying to scam them, and sat on the problem for eight months!
Boeing: The aerospace giant was hit by WannaCry, the malware that continues to rear its ugly head. Though it potentially targeted manufacturing and assembly lines, a company spokesperson said “Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems.”
Under Armour: About 150 million users of the nutrition app MyFitnessPal suffered a data breach. The good news: The intrusion only exposed usernames, email addresses, and passwords, indicating that systems were segmented enough to protect major information like birthdays, location information, or credit card numbers. But they also admitted that some passwords were protected by a function called SHA-1, which has had known flaws for a decade.
Saks 5th Avenue/Lord and Taylor: The high-end retailers suffered a data breach that my have compromised 5 million customers’ credit cards and information. The company had to admit the hack after a group JokerStash or Fin7 claimed it was putting up for sale up to 5 million stolen credit and debit cards on the dark web; about 125,000 records were immediately released for sale.