data breach

Almost 8,000 could be affected by federal emergency loan data breach

Three people stand by a podium in front of the White House logo.

Enlarge / Small Business Administrator Jovita Carranza is flanked by Donald Trump and Secretary of Treasury Steve Mnuchin on April 2, 2020.

Almost 8,000 business owners who applied for a loan from the Small Business Administration may have had their personal information exposed to other applicants, the SBA admitted on Tuesday.

The breach relates to a long-standing SBA program called Economic Injury Disaster Loans (EIDL). It has traditionally been used to aid owners whose businesses are disrupted by hurricanes, tornadoes, or other disasters. It was recently expanded by Congress in the $2.2 trillion CARES Act. In addition to loans, the law authorized grants of up to $10,000 that don’t need to be paid back.

The EIDL program is separate from the larger Paycheck Protection Program that was also part of the CARES Act. The SBA says that PPP applicants were not affected by the breach.

A Trump administration official described the problem to CNBC:

The official said that in order to access other business owners’ information, small business applicants must have been in the loan application portal. If the user attempted to hit the page back button, he or she may have seen information that belonged to another business owner, not their own.

The SBA says it discovered the flaw on March 25 and notified affected users. One victim posted a copy last Friday of a paper letter she received about the breach. The letter stated that personally identifiable information—including Social Security numbers, addresses, dates of birth, and financial data—may have been exposed. The letter said that, as of last week, there was no sign yet of the data being misused.

The SBA says that it immediately disabled the portion of its website that was exposing applicant data, fixed the problem, and re-launched the website. Affected businesses have been offered a year of free credit monitoring.

Overwhelming demand

The SBA has struggled to deal with demand for EIDL loans. Before the coronavirus crisis, small businesses were supposed to be eligible for up to $2 million in disaster loans.

But with millions of firms seeking assistance, the SBA was forced to limit the loans to as little as $10,000. Despite the limits, the SBA website currently states that it is not accepting new applications due to a lack of funds.

As of April 19, SBA had approved almost 27,000 EIDL loans valued at $5.6 billion. Another 755,000 businesses received EIDL grants worth a total of $3.3 billion. The Trump administration official told CNBC that 4 million business owners had applied for assistance worth $383 billion—far more than the $17 billion allocated for the program.

The PPP has also seen overwhelming demand, with funding running out in a matter of days. A legislative compromise announced on Tuesday could replenish both programs, with the PPP getting another $320 billion and the EIDL getting $60 billion.

Security Breach Disrupts Fintech Firm Finastra

Finastra, a company that provides a range of technology solutions to banks worldwide, said today it was shutting down key systems in response to a security breach discovered this morning. The company’s public statement and notice to customers does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks.

London-based Finastra has offices in 42 countries and reported more than $2 billion in revenues last year. The company employs more than 10,000 people and has over 9,000 customers across 130 countries — including nearly all of the top 50 banks globally.

Earlier today, sources at two different U.S. financial institutions forwarded a notice they received from Finastra saying the outage was expected to disrupt certain services, particularly for clients in North America.

“We wish to inform our valued customers that we are investigating a potential security breach. At 3:00 a.m. EST on March 20, 2020, we were alerted to anomalous activity on our network which risked the integrity of our data-centers,” reads the notice. “As such, and to protect our customers, we have taken quick and strict remedial action to contain and isolate the incident, while we investigate further.”

Update, 5:21 p.m. ET: Finastra has acknowledged that it is battling ransomware.

“At this time, we strongly believe that the incident was the result of a ransomware attack and do not have any evidence that customer or employee data was accessed or exfiltrated, nor do we believe our clients’ networks were impacted,” the company said in a revised statement.

The statement continues:

“Our approach has been to temporarily disconnect from the internet the affected servers, both in the USA and elsewhere, while we work closely with our cybersecurity experts to inspect and ensure the integrity of each server in turn. Using this ‘isolation, investigation and containment’ approach will allow us to bring the servers back online as quickly as possible, with minimum disruption to service, however we are anticipating some disruption to certain services, particularly in North America, whilst we undertake this task. Our priority is ensuring the integrity of the servers before we bring them back online and protecting our customers and their data at this time.”

Finastra also acknowledged an incident via a notice on its Web site that offers somewhat less information and refers to the incident merely as the detection of anomalous activity.

“The Finastra risk and security services team has detected anomalous activity on our systems,” wrote Tom Kilroy, Finastra’s chief operating officer. “In order to safeguard our customers and employees, we have made the decision to take a number of our servers offline while we investigate. This, of course, has an impact on some of our customers and we are in touch directly with those who may be affected.”

Once considered by many to be isolated extortion attacks, ransomware infestations have become de facto data breaches for victim companies. That’s because some of the more active ransomware gangs have taken to downloading reams of data from targets before launching the ransomware inside their systems. Some or all of this data is then published on victim-shaming sites set up by the ransomware gangs as a way to strongarm victim companies into paying up.

One reader on Twitter told KrebsOnSecurity they’d heard Finastra had sent thousands of employees home today as a result of the security breach. Finastra told this author the company closed select offices in Canada and Paddington, London today where employees were unable to access the servers which they took offline.

“The majority of the Company’s employees are already working from home,” a statement shared by Finastra reads. “This is determined by Finastra’s response to COVID-19 and not related in any way to this incident.”

Interestingly, several ransomware gangs have apparently stated that they are observing a kind of moratorium on attacking hospitals and other healthcare centers while the COVID-19/Coronavirus epidemic rages on. Bleeping Computer’s Lawrence Abrams said he recently reached out to the operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware infections to ask if they would continue targeting health and medical organizations during the outbreak.

Abrams said several of those gangs told him they would indeed stop attacking healthcare providers for the time being. One gang even used its victim-shaming Web site to post a “press release” on Mar. 18 stated that “due to situation with incoming global economy crisis and virus pandemic” it would be offering discounts to victims of their ransomware.

“We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus,” reads the release from the Maze ransomware gang.

A press release published by the Maze ransomware group.

This story will be updated as more details become available.

Fin7 behind DiBella’s data breach affecting 305,000 cards

Fifteen
months after DiBella’s Old Fashioned Submarines was notified by the FBI and
credit card companies of a data breach the sandwich shop chain has issued a
notice informing its customers of the incident.

The company
reported its stores in Connecticut, Indiana, Michigan, Ohio, New York and
Pennsylvania may have had the information on as many as 305,000 payment cards
compromised. DiBella’s said it was informed by the FBI and its credit card
firms on August 27, 2018 of the data breach and that Fin7 were the likely
actors behind the attack gaining access to the company’s payment card data and
computer system.

The majority
of the locations were victimized between March 22, 2018 and December 28, 2018
with its Cranberry, Penn. store possibly being hit as early as September 2017.
The customer data involved included individual names, payment card numbers,
expiration dates, and CVV numbers, DiBella’s
stated
.

DiBella’s
has not yet returned an SC Media inquiry into why the company waited until now
to disclose the issue.

The company
does not know which individuals were impacted and said it has not received any
customer complaints about their payment cards being misused. But it is warning
anyone who visited the locations in questions to  

The leaders
behind FIN7,
aka the Carbanak gang, were caught by law enforcement starting in January and
June of 2018. In August 2018 the U.S. Department of Justice made public arrests
of the three Ukrainian men who allegedly were key players in the cyber gang. However,
the arrests did not stop other members of the gang from continuing their activities.

The security
notice said the malware found on the company’s system ties the attack to Fin7.

The post Fin7 behind DiBella’s data breach affecting 305,000 cards appeared first on SC Media.

Catch NYC, Catch Steak hit with payment card skimming malware

Our Services

A solution for every security need

Solutions for every need

Whether you’re a global company or a local business, you have one thing in common: important information that’s at risk of a security breach. IT Security.org services help you overcome challenges specific to your business—whether that’s making you compliant with the latest regulations or designing your security framework. Take a look at our services to see how we can help you today.

compliance

Assess your organization against UK, EU and US legislation and regulations: GDPR, PCI-DSS, ISO27001, Money Laundering, Sarbanes-Oxley.

GDPR Compliance
ISO27001 Compliance
PCI-DSS Compliance
ISO22301 Business Continuity Compliance
ISO29100 - Privacy Compliance

Data protection

Assess your Data Protection environment against recent regulatory and legislative requirements including GDPR.

Virtual Data Protection Officer
Data Security Services

IDENTITY & ACCESS

Ensure that the right individuals to access the right resources at the right times and for the right reasons.

IAM Design
IAM Policies, Standards, Procedures And Guidelines

Incident Management

Provision of Incident Management Services to your organisation including personnel, policies, standards procedures and guidelines in line with International Standards and Best Practice.

Emergency Incident Response
Forensic Support
Incident Response

INFORMATION SECURITY

Our Consultants are able to lead and deliver any aspect of Information Security.

Emergency Incident Response
Forensic Support
Incident Response

IT Risk Management

ITSecurity.Org can deliver to you a complete risk management framework in line with ISO27005 through to identifying areas of potential risk and designing a customized, complete security solution.

Risk Management Framework
Auditing
Risk Acceptances And Waivers

IT Security Consulting

Whatever your IT Security requirements, ITSecurity.Org can lead and deliver with our experienced IT Security Consultants.

IT Security Governance Services
IT Security Policies And Standards

additional security

ITSecurity.Org have consultants that have extensive experience and expertise in providing the following security services.

Risk Management Framework
Auditing
Risk Acceptances And Waivers

physical security

Physical Security is the first line of defence. ITSecurity.Org is proud to be able to offer the following Physical Security Services.

IT Security Governance Services
IT Security Policies And Standards

policies & standards

ITSecurity.Org provide a wide range of services covering policies and standards throughout their lifecycle including: Framework, Initial risk assessment, creation and authoring, review, compliance and gaps assessments, checklists, evangelising, training and publishing.

IT Security Governance Services
IT Security Policies And Standards

Programme & Project

ITSecurity.Org have consultants that have extensive experience and expertise in leading, delivering and supporting all sizes of Security Initiatives including International and Enterprise-wide Security Initiatives.

Risk Management Framework
Auditing
Risk Acceptances And Waivers

risk management

ITSecurity.Org can lead and deliver an International Standard of Risk Management for you ISO27005. Or do you have a more internal focus? Do you need a Risk Management tool such as Abriska setting up or a risk framework that needs to be created?

IT Security Governance Services
IT Security Policies And Standards

security awareness

Ensure that you instil a security culture within your organisation. We offer and ensure bespoke security awareness courses and training. We guarantee the best fit with your particular organisation.

IT Security Governance Services
IT Security Policies And Standards

security design

ITSecurity.Org can provie for all All Security Design and Architectural Services Security Design and Architecture.

Risk Management Framework
Auditing
Risk Acceptances And Waivers

security metrics

ITSecurity.Org can deliver the Security Metrics that your business needs in line with ISO27004. From specific individual KPIs and KRIs through to full security metrics frameworks with dashboard reporting.

IT Security Governance Services
IT Security Policies And Standards

Technical Security Assessment

Securing online assets and supporting regulatory compliance by exposing the vulnerabilities on the network.

IT Security Governance Services
IT Security Policies And Standards

Third-Party And Supplier Assurance

Many organisations are not conducting third-party assurance services as efficiently as they could do. Let us show you how we can help.

Risk Management Framework
Auditing
Risk Acceptances And Waivers

About

IT Security.org are based in the UK, offering a range of IT security solutions ranging from compliance and risk management to testing, training and much more.

Follow Us

Contact Us

© Copyright ITSecurity.Org Ltd 2015-2019 All Rights Reserved. Company Registration Number:11208508. Registered office address: 27 Old Gloucester Street, Holborn, London, United Kingdom, WC1N 3AX. VAT Reg.299747227