This blog has been updated as of 4/4.
Practically everything has become digitized in 2018. We’ve developed thousands of health apps and gadgets to help monitor our fitness, implemented online ordering services for restaurants, the list goes on. And just this past week – two of these very innovations have been breached for customer data, as well as two traditional brick-and-mortar sites. MyFitnessPal, Panera Bread, and Saks Fifth Avenue and Lord & Taylor have all been faced with data breaches, which have compromised millions of customers.
Let’s start with MyFitnessPal. Just last week, it was revealed that 150 million accounts for the health app and site were breached. As of now, few details have emerged about how the attack happened or what the intention was behind it. While the breach did not compromise financial data, large troves of other personal information were affected. The impacted information included usernames, email addresses, and hashed passwords.
MyFitnessPal, which is a subsidiary of Under Armour, has notified affected customers of the breach (see below), and Under Armour has released an official statement making the public aware of the attack as well.
Then there’s Panera Bread. The popular food chain actually leaked customer data on their website in plain text. This data includes names, email addresses, home addresses, birth dates and final four credit card digits. It’s not clear whether anyone malicious actually accessed any of this data yet, which was supplied by customers who had made online accounts for food delivery and other services. What’s more – a security researcher first flagged this error to Panera Bread eight months ago, which did not acknowledge it until just now. And though the initial number of impacted users was said to be fewer than 10,000 customers, security reporter Brian Krebs estimates that as many as 37 million Panera members may have been caught up in the breach.
Finally there’s Saks Fifth Avenue and Lord & Taylor. A group of cybercriminals has obtained more than five million credit and debit card numbers from customers of the two high-end clothing stores. It appears this data was stolen using software that was implanted into the cash register systems at brick-and-mortar stores and siphoned card numbers.
So, for the millions of affected MyFitnessPal, Panera Bread, and Saks and Lord & Taylor customers, the question is – what next? There are a few security steps these users should take immediately. Start by following these pointers below:
- Change your password immediately. If you are a MyFitnessPal or Panera Bread customer, you should first and foremost change the password to your account. Then, you should also change your password for any other account on which you used the same or similar information used for your MyFitnessPal or Panera Bread account.
- Stay vigilant. Another way cybercriminals can leverage stolen emails is by using the list for phishing email distribution. If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email entirely.
- Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
- Consider an identity theft protection solution. With these breaches, consumers are faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.