A security vulnerability affecting 16 companies worldwide, including Air Canada, the CN Tower, and the San Diego Zoo, has potentially revealed the unencrypted credit card data of hundreds of thousands of customers, according to a report by threat detection firm Wandera.
Today, Wandera announced the discovery of the CardCrypt security flaw affecting sixteen companies, including four major airlines – Air Canada*, easyJet*, AirAsia and Aer Lingus*. Each of the companies has been failing one of the most basic of security requirements by not fully encrypting the traffic to the payment portion of their mobile web site or app. This means that customers who use these services unknowingly may have had their credit card information sent ‘in the clear’, and have been at risk of having that information stolen.
* UPDATE: We are pleased to say we have learned that easyJet, Chiltern Railways, San Diego Zoo, CN Tower, Aer Lingus and Air Canada have now confirmed there is no ongoing issue. We will continue to assist others in trying to swiftly resolve this issue.
What information was exposed?
Every one of the companies has exposed the full credit card number unencrypted. All of the companies, except for Air Canada, also exposed the CVV number. But the CardCrypt flaw is not limited to just this information. Alarmingly, the amount of additional information that was exposed by some of the companies has been significant and included card expiration date, full name, billing address, email addresses and even passport information.
The federal agency that had more than 21 million Americans’ personal information stolen in a massive hack is once again in congressional cross-hairs — this time for improperly doling out taxpayer dollars to protect those Americans after the data breach.
The Office of Personnel Management’s inspector general released a report this month, made public Thursday, finding that the agency improperly handled its contract award to a company hired to protect the identities of the first 4 million federal employees affected by the breach, which has been blamed on China.
Ted Cruz’s presidential campaign is using psychological data based on research spanning tens of millions of Facebook users, harvested largely without their permission, to boost his surging White House run and gain an edge over Donald Trump and other Republican rivals, the Guardian can reveal.
A little-known data company, now embedded within Cruz’s campaign and indirectly financed by his primary billionaire benefactor, paid researchers at Cambridge University to gather detailed psychological profiles about the US electorate using a massive pool of mainly unwitting US Facebook users built with an online survey.
Computer scientists at the Massachusetts Institute of Technology (MIT) have developed a new SMS text messaging system that is untraceable and apparently even more secure than the Tor anonymity network, in order to create truly anonymous communications.
Despite a 2013 audit revealing significant information security flaws, the Judicial Council of California hasn’t improved its control systems and remains “unacceptably” at risk for data breaches, according to a follow-up audit.
The council’s case management records and human resources data are specifically jeopardized because of its failure to implement recommendations from the original audit, the state auditor said Thursday. The audit also criticized the council for a lack of urgency in setting a timeline for implementing better controls.