Credit Union Breach Leads RoundupAG Warns Members to Monitor Accounts
In this week's breach roundup, information on members of the Missouri Credit Union was briefly exposed on the financial institution's website. Also, the online game League of Legends is notifying users that their personal information was compromised during a security incident.
See Also: The Global State of Online Digital Trust
AG Warns of Credit Union Breach
Missouri Attorney General Chris Koster is warning members of the Missouri Credit Union to monitor their accounts because member information was accessible for a brief period of time during the summer on the credit union's website.
Koster urged consumers to contact the credit union immediately if they notice unusual activity.
A credit union member brought the incident to Koster's attention. The credit union informed the attorney general that information was only briefly accessible on the website and that the issue has been addressed.
The credit union notified its approximately 39,000 current members as well as former members whose personal information was available online.
The financial institution did not respond to a request for more information.
Game Site Reports Breach
Online game League of Legends is notifying its users that their personal information was compromised during a security incident.
A portion of the game's North American account information was affected, the company said in a statement, which offered few details about the breach.
Usernames, e-mail addresses, salted password hashes and some first and last names were accessed, according to the statement. While the password files are unreadable, players with easily guessable passwords are vulnerable to account theft, the statement noted.
It's unclear how many users were impacted, but the game site is asking all North American users to change their passwords.
Additionally, 120,000 transaction records from 2011 that contained hashed and salted credit card numbers were also potentially compromised. "The payment system involved with these records hasn't been used since July of 2011, and this type of payment card information hasn't been collected ... since then," the statement said.
The game site is notifying affected players and is taking "appropriate action" to safeguard them, the statement said.
As a result of this incident, League of Legends is implementing new security features, including e-mail verification and two-factor authentication.
E-Mail Error Exposes Student Info
The University of Mississippi Medical Center is notifying about 2,300 medical students that their personal information, including Social Security numbers, was inadvertently sent through e-mail to 190 students.
The student information was in a spreadsheet attachment to the e-mail, according to a statement sent to Information Security Media Group. The information was on students enrolled as of Aug. 21. In addition to Social Security numbers, exposed information included names, dates of birth, ethnic origin, addresses, insurance information, grade point average, credit hours earned and tuition and account balances.
A total of 115 out of the 190 students who received the e-mail opened it, and an undetermined number opened the attachment, the statement said.
The original purpose of the e-mail was to inform the 190 students of healthcare facilities that accept their student health insurance plan, the statement said.
The 115 students who opened the e-mail received a follow-up message. Individuals whose information was exposed will receive letters outlining the options they have through the university to further protect their personal information, the statement said.