Tag Archive for: customer

Toyota Financial Services ransom attack exposes customer banking info

/in


Toyota Financial Services (TFS) says personal details, including bank account information, were compromised in last month’s ransomware attack claimed by the Medusa ransomware gang.

The European branch of the Japanese automaker’s vehicle financing and leasing subsidiary sent a notice, to affected individuals informing them of the exposure.

On December 5th, TFS has also announced the breach on its website and that “unauthorized persons had gained access to personal data.”

“As announced on November 16th, Toyota Financial Services Europe & Africa has detected unauthorized activity on systems at a limited number of locations, including Toyota Kreditbank GmbH in Germany,” the post stated, translated from German.


TFS handles auto loans, leases, and other financial services to Toyota customers in every continent.

Toyota Deutschland GmbH is an affiliated company held by Toyota Motor Europe (TME) in Brussels, Belgium and located in Köln (Cologne).

The breach notification letter, also sent in German,
 explains that certain TKG files were accessed during the attack.

Toyota Financial Services breach notice

At this time, TFS can confirm the compromised information of those affected includes first and last names, as well as their residential postal code.

Other contract information that may have been exposed includes “contract amount, possible dunning status, and your IBAN (International Bank Account Number),” the letter stated.

“We regret any inconvenience this may have caused to customers and business partners,” TFS wrote.

“It’s not clear how the attackers initially gained access to Toyota’s systems, but with unauthorized access being detected, this could indicate stolen credentials were involved,” said CEO of My1Login Mike Newman.

Data frequently reveals that phishing and credential theft are two of the most common attack vectors used to deploy ransomware, Newman explained.

Newman said the incident is yet another example of “how criminals hold all the power when it comes to ransomware,” adding that for groups like Medusa, the money-making opportunities are endless.

“It doesn’t matter if the organization pays the ransom demand, attackers always have the upper hand as they can still…

Source…

Rivers Casino says computer system was hacked and customer data accessed

/in


Computer files containing personal information of gamblers and employees at Rivers Casino in Des Plaines as well as online sportsbook customers may have been accessed by hackers, the casino announced Thursday.

The data breach occurred in August and was discovered Nov. 2, according to a news release from Rivers.

The accessed information included names, phone numbers, email addresses, mailing addresses, birth dates and driver’s license and ID numbers, Rivers said.

Some customers’ and employees’ Social Security numbers, tax ID numbers, bank account numbers and passport numbers also were accessed, according to the release.

Casino officials don’t believe customer passwords or payment card information were affected.

“Upon learning of the incident, Rivers promptly took steps to contain the threat and secure our systems, avoiding any interruption to our operations or in the services we provide to our customers,” Rivers said in the release.

A Rivers spokesman declined to say how many accounts might have been accessed.

No evidence of financial fraud or identity theft resulting from the breach has been discovered, Rivers said. Casino operations weren’t affected by the computer attack.


        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        

 

Rivers has created a response center to provide more information about the breach and customer options. To get help, call (866) 983-3108 on weekdays between 8 a.m. and 5:30 p.m.

People concerned about the hack also can sign up for fraud alerts or security freezes by contacting the major credit bureaus…

Source…

Caesars Entertainment says hackers stole customer data as MGM recovers from cyberattack

/in


ATLANTIC CITY, N.J. (CBS/CNN) — Hackers stole Social Security numbers and driver’s license numbers from a “significant number” of loyalty program customers of Caesars Entertainment, the hospitality and casino giant said Thursday.

The disclosure comes as another big casino brand, MGM Resorts, is recovering from its own apparent cyberattack in which guests on Monday reported being unable to make room charges and access their rooms with their digital keys.

MGM Resorts International owns and operates The Borgata in Atlantic City, and Caesars has a location on Pacific Avenue in the Jersey Shore gambling hub. The gaming floor at the Borgata is back open, but some events including a $1.4 million prize drawing are postponed, according to a notice sent to MGM Rewards members.

The MGM Rewards app as of Friday, Sept. 15, included a notice it was “undergoing maintenance” making digital hotel room keys unavailable.

The pair of hacks has put a spotlight on the computer defenses of the multibillion-dollar casino and hospitality business in Las Vegas, which are ripe targets for cybercriminals to extort.

Caesars Entertainment, which owns famous hotel-casinos such as Caesars Palace, confirmed on Sept. 7 that the hackers had stolen a copy of the customer loyalty program database, in a filing with the Securities and Exchange Commission. The hackers broke into computer systems via “a social engineering attack” on an IT support contractor, according to the filing.

“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars Entertainment said. The company did not immediately respond to CNN’s questions as to what steps were taken and whether they included paying a ransom.

For its part, MGM Resorts has repeatedly referred to a “cybersecurity issue” in describing the disruption to some of its computer systems, but the incident has the hallmarks of a cyberattack.

“We continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly,” MGM Resorts said in a statement on Thursday morning. The company said on Monday, when news of the incident broke, that it had shut down certain…

Source…

Another Biloxi casino suffers cyberattack as hackers access customer loyalty database

/in


Beau Rivage Resort & Casino and Harrah’s Gulf Coast Biloxi are open and working around computer issues as their parent companies continue to deal with cyberattacks.

Caesars Entertainment said Thursday in a filing with the Security and Exchange Commission that it recently discovered suspicious activity following an attack on an outsourced support vendor used by the company.

The parent company of Harrah’s Gulf Coast on Sept.7 said it determined the attacker got a copy of the company’s loyalty program database. Caesars Entertainment has one of the largest customer databases of any casino company.

Caesars said its casinos and online gambling program were not impacted, but the attack may have exposed customers’ driver’s license numbers and social security numbers.

“We have no evidence to date that any member passwords/PINs, bank account information or payment card information were acquired by the unauthorized actor,” Caesars said, and has seen no evidence the data was shared.

The company is offering credit monitoring and identity theft protection to all loyalty club members who call 888-652-1580 from 8 a.m.-8 p.m. weekdays. Customers will be notified affected by the hack.

Harrah’s Gulf Coast in Biloxi is one of the Caesars Entertainment casinos that may have been seen customer information revealed in a cyberattack.

Harrah’s Gulf Coast in Biloxi is one of the Caesars Entertainment casinos that may have been seen customer information revealed in a cyberattack.

Caesars said it doesn’t know the costs of the attack.

The Las Vegas Review-Journal cited sources who said the company already paid tens of millions of dollars to the hackers.

MGM update

MGM Resorts International, parent company of the Beau Rivage in Biloxi, said Friday its website is back online and operating in a limited capacity.

The company posted answers to frequently asked questions and said it would post updates to the MGM Resorts Twitter handle.

Beau Rivage Resort & Casino in Biloxi is working around technology issues as its parent company deals with a cyberattack.

Beau Rivage Resort & Casino in Biloxi is working around technology issues as its parent company deals with a cyberattack.

Reservations for restaurants, entertainment and the spa can be booked on the company website and mobile app.

MGM announced the cyberattack on Monday and said its Website, email and electronic key entry to hotel rooms were among the systems taken down.

Systems were put in place to work around these…

Source…