IT Security Stories to Watch: Comcast Passwords Leaked

Last week, Comcast (CMCSA) reset passwords for 200,000 accounts after a list of 590,000 accounts was offered for sale on the Dark Web.

As a result, Comcast tops this week’s list of IT security newsmakers to watch, along with  TalkTalk, the North Carolina Department of Health and Human Services (DHHS) and the Cherry Picker point-of-sale (POS) malware.

What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week’s edition of IT security stories to watch to find out:

1. Comcast denies data breach

Comcast customers’ email addresses and passwords were listed for sale on the Dark Web last week.

However, Comcast denied it was hacked and said its systems and applications were not compromised. 

“We’re taking this seriously and we’re working to get this fixed for those customers who may have been impacted,” a Comcast spokesperson told The Washington Post. 

2. TalkTalk data breach could cost $53 million

TalkTalk Chief Executive Dido Harding released details about the one-off costs of a recent data breach that may have affected up to 4 million customers.

“The estimated one-off costs are between [$46 million and $53 million] — that’s covering the response to the incident, the incremental calls into our call centers, obviously the additional IT and technology costs and then the fact that over the … online sales sites have been down,” Harding told BBC News.

TalkTalk also announced it will offer all customers a free upgrade depending on the service package they have.

3. North Carolina DHHS provides information about data breach

The North Carolina DHHS said a staff member may have compromised the confidential health information of hundreds of Medicaid patients.

This incident represents the second data breach for the North Carolina DHHS over the past few months; the department previously reported a data breach took place on Aug. 19 that affected 1,615 Medicaid patients.

WRAL-TV reported that the most recent data breach occurred Sept. 14 and impacted 524 patients.

4. Introducing the Cherry Picker POS malware

Managed security service provider (MSSP) Trustwave has identified malware that targets the food industry and steals credit card information and privileged credentials to access a customer’s network.  

The malware, named “Cherry Picker,” was first discovered by Trustwave in 2010.

In addition, Trustwave Security Researcher Eric Merritt told SCMagazine.com that the malware removes all traces of an infection from targeted systems, which makes it more difficult to detect.

What are your thoughts on this week’s IT security stories to watch? Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at [email protected].