At a glance.
- What your digital wallet says about you.
- Ransomware attackers gobble up Mom’s Meals data.
What your digital wallet says about you.
Since the creation of virtual wallet app Venmo, the phrase “I’ll Venmo you” has become commonplace. But as is the case with any technological advancement, the ease of using a digital wallet comes with a certain amount of risk. As the New York Times explains, although the main focus of Venmo is mobile payments, there’s also has a social component. Initially the app allowed users to post their transactions on a timeline that’s not unlike what one might see on social media platforms like Facebook or Instagram. Two years ago Venmo disabled its global feed, a stream that allowed strangers to view other users’ transactions, however, it’s still possible to view strangers’ payment histories by visiting their profiles. Although there are options in the app’s privacy settings that can hide this data, not everyone takes advantage of them or is even aware they exist.
And while details about splitting the check at a restaurant might seem harmless, security experts say they're anything but. A user’s Venmo activity can reveal details about what they do, where they go, when they go there, and who they interact with. Gennie Gebhart, a managing director at the Electronic Frontier Foundation, a digital rights nonprofit, explains, “It’s not just that I went out to pizza with this person. It’s a pattern of who you live with, interact with, and do business with, and how it changes over time.” Recently Venmo histories have been used to ferret out information about celebrities and high-level officials like US Supreme Justice Clarence Thomas and even President Joe Biden. Experts recommend that all users check their settings to make sure they’re not revealing more they’d like. And when in doubt, the writer advises you might want to follow in the President’s footsteps and just delete your account.
Ransomware attackers gobble up Mom’s Meals data.
Medical meal delivery service PurFoods, which conducts business in the US as “Mom's Meals,” has disclosed it suffered a ransomware attack that compromised the personal data of 1.2 million customers and employees. The notice reads, "Upon identifying suspicious account behavior on February 22, 2023, we launched an investigation with the help of third-party specialists. The investigation determined that we experienced a cyberattack between January 16, 2023, and February 22, 2023, that included the encryption of certain files in our network."
Bleeping Computer reports that the hackers accessed a wealth of details including dates of birth, ID card info, payment cards, medical record numbers, Medicare and Medicaid identification data, and treatment info. For fewer than 1% of those impacted, Social Security Numbers were also exposed. Mom's Meals says they’ve “taken a number of steps to further strengthen our network security” and are also ”reviewing our existing policies and procedures to identify additional measures and safeguards.” In the meantime, the company is warning impacted individuals to be wary of any suspicious incoming communications, and they’ve offered victims access to a call center to answer questions about the incident.
Stuart Wells, CTO at Jumio, sees the incident as evidence that all kinds and sizes of companies that hold data will be targets for criminals. “The nature of this attack is a reminder that in their quest for personally identifiable information (PII), cybercriminals will continue to be ruthless and target all companies, regardless of size or industry. In this case, fraudsters were able to steal personal, medical, and financial information including health insurance, payment card information, date of birth, and Social Security numbers. With all of this information and more, cybercriminals have victims in the palm of their hands and can bombard them with various attacks. From account takeovers to phishing scams, victims will have to be extremely vigilant of all of their accounts, emails, messages, and phone calls."
Liat Hayun, CEO of Eureka Security, also sees the incident as evidence of the value personal data has for cybercriminals. "Data's value is evident once more – a precious asset traded to the highest bidder. As businesses amass vast data, security tools often lag, evident in breaches like this where customer notification took several months, underscoring the urgent need for robust protection."
Erfan Shadabi, cybersecurity expert with comforte AG, commented on the steadily increasing tempo of ransomware attacks, and what that means for the defenses. "Ransomware attacks have been steadily increasing, posing a significant challenge to businesses across sectors. To effectively counter this threat, organizations must shift towards a data-centric approach, such as tokenization. Tokenization offers a proactive defense by substituting sensitive data with tokens, rendering the original information meaningless to hackers. This strategy can mitigate the impact of breaches like the one faced by Mom's Meals. By embracing tokenization and safeguarding data at its core, companies can deter cybercriminals and minimize the fallout of breaches. As the threat landscape evolves, it's imperative for businesses, especially those handling sensitive personal data, to prioritize data-centric security measures to ensure the privacy and trust of their customers and stakeholders."