The risk from any breach is that personally identifiable information (PII) is exposed, enabling an attacker to cause damage to victims. In many cases, the potential damage of a PII breach is financial, but in the case of the newly disclosed breach of infidelity Website Ashley Madison, the damage is likely more social, as 37 million married people could now be exposed as having cheated on their spouses.
The Ashley Madison Website, which is owned and operated by Toronto-based Avid Life Media, has the tag line, “Life is short, have an affair.” The site bills itself as the world’s leading married dating service for discreet encounters.
“The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies,” the company wrote in a statement.
Avid Life Media added that confidentiality and security have always been core to the company’s operations, yet they were not enough to prevent the attack. Avid Life Media’s statement does not provide any hard details on how the breach occurred, though it does indicate that the company is taking measures to secure the site.
“At this time, we have been able to secure our sites, and close the unauthorized access points,” Avid Life Media stated.
Avid Media Life Media has secured the services of security vendor Cycura to help secure the Ashley Madison site.
“I have worked with leading companies around the world to secure their businesses. I have no doubt, based on the work I and my company are doing, Avid Life Media will continue to be a strong, secure business,” Joel Eriksson, CTO of Cycura, said in a statement.
The Ashley Madison site breach is just one of several breaches that have been publicly reported in recent days. Those include breaches of a number of online photo service sites, including CVS, Walmart Canada, Rite Aid and Sam’s Club.
“We were recently informed of a potential compromise of customer credit card data involving Walmart Canada’s Photocentre website, www.walmartphotocentre.ca, which is operated by a third-party,” Walmart Canada stated.
CVS’ photo site posted a similar statement, noting that an “independent vendor who manages and hosts CVSPhoto.com may have been compromised.”
RiteAid’s statement issued on July 17 is the only one among the online photo services that names the vendor that it uses for online photos. “We recently were advised by PNI Digital Media, the third party that manages and hosts mywayphotos.riteaid.com, that it is investigating a possible compromise of certain online and mobile photo account customer data,” RiteAid stated. “The data that may have been affected is name, address, phone number, email address, photo account password and credit card information.”
In addition, attackers breached medical records of 4.5 million patients from UCLA Health. The UCLA Health breach was publicly disclosed on July 17, though UCLA Health admits that it first determined that it had been breached on May 5.
“On May 5, 2015, we determined that the attacker had accessed parts of the UCLA Health network that contain personal information, like name, address, date of birth, social security number, medical record number, Medicare or health plan ID number, and some medical information (e.g., medical condition, medications, procedures, and test results),” UCLA Health stated. “We have notified and are working with the Federal Bureau of Investigation regarding this cyber attack.”
Even before the Ashley Madison, online photo service and UCLA Health breaches, it has been a disastrous year for breaches. The U.S. government’s Office of Personnel Management (OPM) has admitted that a breach of its systems impacted 25.7 million Americans. An Anthem Blue Cross data breach, meanwhile, exposed 80 million Americans personal information.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.