Sonic Drive-In breach – Fraud.org

/in /by

sonic_breach_crop.jpg

Sonic Drive-In announced that nearly 3,600 of its locations were subject to a point-of-sale data breach. This breach is believed to have affected up to 5 million of its customers’ credit card numbers.

Announced: September 26, 2017

Description of the breach: On September 26, 2017 the drive-in burger chain, Sonic, acknowledged the breach of their payment systems. While the full extent of the breach is still unknown, it is believed that up to 5 million credit card numbers have been compromised through 3,600 locations.

Customers of Sonic Drive-In should closely monitor their credit and debit card statements, and report any unauthorized or suspicious charges to their financial institution immediately. Because of the way hackers are selling the compromised credit card numbers, fraudulent charges may occur in victim’s own neighborhood or zip codes, making it crucial for consumers to carefully monitor their accounts.

Data breach period: Unknown

More coverage of this breach: Krebs On Security and Business Insider

Equifax breach – Fraud.org

/in /by

equifax_breach.jpg

Credit reporting company Equifax announced that it was the subject of a massive data breach on September 7, 2017. An estimated 143 million consumers may have had their personally identifiable information compromised.It appears that Equifax’s records were breached from mid-May through July 2017.

Announced: September 7, 2017

Description of the breach: Credit bureau Equifax announced that it sustained a breach which affected about 143 million consumers. The compromised data included Social Security numbers, birth dates, addresses and in some cases, driver’s license numbers, credit card numbers, and documents provided by consumers in dispute cases.

Given the scale of this breach, Equifax is offering all American consumers free credit monitoring and identity protection through TrustedID Premier for up to one year. To take advantage of this offer, consumers can visit Equifax’s breach website, by clicking here.   

Data breach period: Mid May 2017-July, 2017

Official statement from Equifax: www.equifaxsecurity2017.com/

Find out if your personal information was compromised by clicking here.

To take advantage of free credit monitoring and identity protection click here.

More coverage of this breach: Associated Press and Yahoo Finance

 

The Buckle breach – Fraud.org

/in /by

jeans_buckle_breach-crop.jpg

On June 16, 2017, The Buckle Inc., a clothing retailer that operates over 450 stores in the U.S., announced that its brick and mortar locations were the subject of a point-of-sale data breach. The breach is believed to have compromised many of its customers’ credit card numbers, although no exact numbers have been released. The company believes the breach occurred between October 28, 2016 and April 14, 2017.  

Announced: June 16, 2017

Description of the breach: Fashion retailer The Buckle, Inc. released a statement announcing that malware was found installed on point-of-sale systems inside Buckle stores. The company does not believe that the malware collected data from all transactions during the data breach period. Additionally, online purchases are not at risk for this breach.

The malware was found to be able to copy data stored on the card’s magnetic stripe when swiped through the machine rather than inserted through the chip reader.  Possible compromised information include the cardholder’s name, the card number, and expiration date.  

Customers who were affected have or will likely receive communications from their banks with instructions on what to do next.  In the meantime, customers of The Buckle, should monitor their credit and debit card statements and report any unauthorized activity immediately to their financial institution.

Data breach period: October 28, 2016-April 14, 2017

Official statement from Buckle:https://corporate.buckle.com/about/data-security-incident

More coverage of this breach: Krebs On Security and Engadget

 

Cloud Pets breach – Fraud.org

/in /by

cloud_pets-crop.jpg

“Cloud Pets,” a company that makes stuffed animals that allow children to communicate with distant loved ones, has suffered a data breach. Cyber experts estimate that the connected stuffed animal manufacturer had more than 820,000 user accounts compromised. The user accounts contained sensitive information including the email addresses of the parents, passwords, child profile pictures, and over 2 million voice messages–although Cloud Pets denies that voice messages were compromised.

Announced: February 28, 2017

Description of the breach: On February 28, 2017, Spiral Toys, the parent company of Cloud Pets, notified the California Attorney General’s office that they were the subject of a data breach. Although, Cloud Pets has not published an official notification to consumers regarding the hack. Users of Cloud Pets products have had their emails, passwords, and child profile pictures compromised–a total of 820,000 accounts. Many experts also believe that 2.2 million private voice messages exchanged between kids using the devices and their parents were compromised as well.

Cloud Pets users are being urged to immediately change their account passwords. Users that have reused their Cloud Pets passwords across multiple platforms are particularly vulnerable to “fallout” hacking. These users should change the passwords of all of the accounts that share the compromised password. In addition, due to the toy’s susceptibility to outside hacking, many cyber experts are suggesting that parents consider discontinuing use of the toy all together.

Data breach period: Unknown-January 9, 2017

More coverage of this breach: Motherboard and CNN

 

Arby’s breach – Fraud.org

/in /by

arbys_breach.jpg

The fast food chain Arby’s has announced that their point-of-sales systems (POS) were compromised. The breach affected hundreds of corporate-owned stores between October 25, 2016 and January 19, 2017.  The stolen information reportedly included over 350,000 credit and debit card numbers.

Description of the breach: Arby’s has announced that many of their 1,000+ corporate owned stores had their POS systems comprised in a malware attack that occurred between October 25, 2016 and January 19, 2017. Arby’s has stated that none of their 2,000+ franchise locations were affected in the breach.

While a full list of the affected stores is not available yet, Arby’s is urging all of their customers to closely monitor credit and debit card statements and immediately report any discrepancies to their card issuer.

Data breach period: Oct. 25, 2016 to January 19, 2017

Contact Arby’s: 1-800-599-2729

Official information from Arby’s: https://arbys.com/security/

More coverage of this breach: Krebs on Security, Fortune, USA Today

 

E-Sports Entertainment Association (ESEA) breach – Fraud.org

/in /by

esports_gaming-crop.jpg

On December 30, 2016 the E-Sports Entertainment Association (ESEA) announced that they experienced a data breach, which news outlets are reporting to have affected 1.5 million of their users. The breach compromised users emails addresses, usernames, private messages, IPs, mobile phone numbers (for SMS messages), forum posts, hashed passwords, and hashed secret question answers.

Announced: December 30, 2016

Description of the breach: ESEA alerted their users on December 30 that they had received notice on December 27 that their system had been breached. Although the exact number of records compromised is unknown, many websites are reporting that 1.5 million user records were compromised in the breach.

ESEA is reporting that no credit card or payment information was compromised, however users emails, private messages, last login date, dates of birth, zip codes, mobile phone numbers (for SMS messages), forum posts, hashed passwords, usernames, Steam or Xbox IDs, and hashed secret question answers have leaked.

ESEA has not asserted when the records were breached, but is urging all users to immediately reset their account passwords and security questions, as well the passwords and security questions on different websites where they may have reused their login credentials.  

ESEA is also advising users to be wary of unsolicited communications that ask for personal information. It is recommended that you go directly to the ESEA website in a new browser to reset passwords or update security questions instead of clicking on links in an email related to the breach. Hackers are known to use information from large data breaches in phishing scams that lure individuals into clicking on dangerous links.

Official information from ESEA: https://play.esea.net/index.php?s=news&d=comments&id=14932

ESEA Frequently Asked Questions regarding the breach: https://play.esea.net/?s=content&d=securityupdate

ESEA Support Center: https://play.esea.net/?s=support&d=tickets

More coverage of this breach: International Business Times and ESPN

Yahoo breach – Fraud.org

/in /by

iStock_91988923_MEDIUM.jpg

On December 14, 2016, Yahoo Inc. announced that they were the subject of a data breach that occurred in August 2013, affecting more than one billion user accounts. This breach is believed to be separate from the one announced in September 2016 that affected 500 million user accounts. Yahoo’s latest breach has compromised users’ names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, unencrypted security questions and answers. 

December 16 update

Announced: December 14, 2016

Description of the breach: On December 14, 2016 Yahoo! announced that approximately 1 billion of their users had their personal data compromised by an unknown third party, making this the largest data breach in history. This breach is separate from the breach announced in September 2016 which affected a reported 500 million accounts.

Personal information compromised by this breach included names, email addresses, telephone numbers, dates of birth hashed passwords, and in some cases encrypted and unencrypted answers security questions.

Yahoo! has advised all users to immediately change their passwords as well as the passwords of any accounts where they may have re-used their compromised Yahoo! login credentials and/or password reset questions.

Affected users should be cautious of any unsolicited communications from a source claiming to be Yahoo! or any “help center,” as hackers tend to use the information from large data breaches in phishing scams to lure individuals into clicking dangerous links, or to convince consumers to give up additional private information. Yahoo! is reminding all users that they will not send out any emails asking users for personal information or to click on links or attachments. Any emails purporting to be from Yahoo! that ask for personal information or that ask you to click on a link or attachment are most likely a part of a phishing scam and should be immediately deleted.

Data breach period: August 2013

Official information from Yahoo: Available here

More coverage of this breach: New York Times

 ———————————————————

Announced: September 22, 2016

Description of the breach: On September 22, 2016 Yahoo announced that at least 500 million of their users had their account information compromised in a state sponsored hack that occurred in late 2014. Tumblr, a social media website owned by Yahoo was not affected in the breach.

Users that have not changed their password and security questions since 2014 are being advised to do so immediately. In addition, Yahoo is advising all users to be cautious of any unsolicited communications from a source claiming to be Yahoo or any “help center” as hackers tend to use the information from large data breaches in phishing scams to lure individuals into clicking dangerous links, or to convince consumers to give up private information. Yahoo is also reminding users that the company never charges for technical support, and anyone that is charging a fee for help related to this breach, is most likely a fraud.

Because many consumers reuse their passwords across multiple sites, those accounts are likely susceptible to hacking if the account holders uses the same login/password combination elsewhere. If you reuse your Yahoo password or suspect you may have, it is advisable that you change your passwords on those accounts immediately.

Data breach period: Late 2014

Official information from Yahoo: https://yahoo.tumblr.com/post/150781911849/an-important-message-about-yahoo-user-security

Yahoo Q&A regarding the breach: https://help.yahoo.com/kb/account/SLN27925.html?impressions=true

Yahoo Help Center: https://io.help.yahoo.com/contact/index?page=contact&locale=en_US&y=PROD_ACCT#

More coverage of this breach: New York Times and USA Today

 

FriendFinder Networks breach – Fraud.org

/in /by

friendfinder-crop2.jpg

The adult entertainment and online dating conglomerate FriendFinder Networks recently announced that the personal information of its users has been compromised, including users’ email addresses, passcodes, log-in times, IP addresses and membership statuses. Cyber experts estimate that more than 412 million user accounts have been breached.

Announced: November 14, 2016

Description of the breach: On November 14, 2016, FriendFinder Networks announced that their websites had suffered a breach which compromised the data of their users. Cyber experts believe that more than 412 million user accounts have been compromised, making this one of the largest data breaches in history. FriendFinder Networks is urging all users of their sites which include: cams.com, stripshow.com, asiafriendfinder.com, alt.com, friendfinder.com, icams.com as well as penthouse.com, a site that they no longer own, but one that was compromised as part of this breach, to change their FriendFinder Networks password as well as any other account passwords that has been reused. No credit card information is believed to have been compromised.

FriendFinder Networks is advising all users to be cautious of any phishing scams in the wake of this breach. Phishing scams typically appear to be from a legitimate source but are designed to lure individuals into clicking dangerous links or to convince consumers to share private information with a fraudster. FriendFinder Networks is urging consumers to be suspicious of any emails asking them to act quickly or to follow links provided in emails where either the body of the email or the email address itself contains spelling errors, as these are red flags for a phishing attack.

Data breach period: October 2016

Official information from FriendFinder Networks: https://www.prnewswire.com/news-releases/important-message-from-friendfinder-networks-about-security-incident-300362494.html

FriendFinder Networks additional security information and recommendations: https://ffn.com/security_recommendations.html

FriendFinder Networks Customer Support: 408-702-1040

FriendFinder Networks Billing Support: 888-575-8383

More coverage of this breach: The Guardian and The Washington Post

Kimpton Hotels and Restaurants breach – Fraud.org

/in /by

kimpton_crop.png

Kimpton Hotels and Restaurants has announced that the point-of-sale systems at 62 of their boutique hotels and/or restaurants have been compromised by malware between February 16, 2016 and July 7, 2016.

Announced: August 31, 2016

Description of the breach: Malware infected the point-of-sale systems of 62 Kimpton Hotels and/or their coinciding restaurants. This malware was collecting the card numbers, expiration dates, internal verification codes, and in some cases, the names of cardholders/guests of the company’s boutique hotels and restaurants.

Although this breach has since been secured, Kimpton is reminding their guests that it is always wise to closely monitor their credit accounts for fraudulent activity. If any suspicious activity is spotted, guests should immediately contact their bank or card issuer to avoid any liability for unauthorized charges.

Data breach period: February 16, 2016 to July 7, 2016

List of affected hotels and restaurants: https://www.kimptonhotels.com/promos/payment-card-notification-property-list

Official information from Kimpton Hotels and Restaurants: https://www.kimptonhotels.com/promos/payment-card-notification

Contact Kimpton Hotels and Restaurants: (888) 339-3142

More coverage of this breach: Krebs on Security

Cici’s Breach – Fraud.org

/in /by

cicis_pizza-crop.jpg

The fast food pizza buffet chain, Cici’s, has announced that their point-of-sales systems have been compromised. The breach, which affected 140 of their 450 restaurants from June 2015 through July 2016, is believed to have compromised more than 600,000 payment cards.

Announced: July 19, 2016

Description of the breach: The majority of Cici’s restaurants’ point-of-sale (POS) systems were compromised between March and July of 2016. However, several Cici’s stores had their POS systems hacked as far back as 2015.  

Although the breach has now been contained and all malware has been removed from Cici’s POS systems, customers are being asked to check if their local restaurant was one of the 160 restaurants that were affected by the breach. Customers may search the full list of compromised Cici’s locations by clicking here. Customers who shopped at affected locations are being urged to carefully monitor their credit or debit statements for fraudulent activity and to consider placing a fraud alert or credit freeze on their account. Placing a fraud alert on your account requires creditors to take extra steps to verify your identity before granting credit in your name. A credit freeze prevents any access to your credit until the freeze is lifted. To place a fraud alert or credit freeze on your credit, contact one of the the three major creditors below:

  • Equifax: 800-525-6285

  • Experian: 888-397-3742

  • TransUnion: 800-680-7289

Data breach period: June 2015 – July 2016

Official information from Cici’s: https://www.cicis.com/news/data-notification-all

Full list of affected Cici’s locations: https://www.cicis.com/media/1328/by-statev2.pdf

Contact Cici’s: 877-220-1388

More coverage of this breach: Krebs on Security and Security Week

NCL’s Programs

NCL-logo

Fraud.org is a project of
The National Consumers League.

info@nclnet.org
(202) 835-3323

1701 K St NW
Suite 1200,
Washington, DC 20006

© Copyright 2025. All rights reserved.