El Paso Electric Data Breach Affects Mobile Payment Customers

This week, the Alert Logic team highlights the El Paso Electric Data Breach and how Meltdown and Spectre Are Affecting the World’s Computers.

Data Breach

El Paso Electric Data Breach Affects Mobile Payment Customers

El Paso Electric issues a statement of a potential data breach on their mobile payment customers. Third-party payment provider, TIO Networks, recently discovered unauthorized access in their network, exposing personal information on TIO clients, including some EPE customers. Personally Identifiable Information (PII) includes customer name, address, utility account number, bank account number, and bank routing number.

TIO discovered the data breach back on November 10, 2017, and had notified EPE on November 27. TIO has notified those affected (approx. 16,300 customers in Texas and Southern New Mexico) and is offering credit monitoring services for the next 12 months.

TIO Networks was also part of the Duke Energy data breach covered in our December 11 issue.

References:  Data breach affects some El Paso Electric Customers | El Paso Electric Issues Statement Regarding Unauthorized Access To TIO Mobile Payment System

Mitigation Strategies:

Malware

Meltdown and Spectre Are Affecting the World’s Computers

Researchers discovered two major flaws that affect the world’s computers, servers, and mobile devices under the names Meltdown and Spectre. Both were identified by the Google-run security research group, Google Project Zero.

Meltdown is a particular problem that affects not only personal computers but cloud computing services including AWS, Azure, and Google Cloud. Since cloud services usually share infrastructure resources among many customers, this flaw can cause hackers who also utilize these services to grab information like passwords from other customers. Cloud service providers have quickly moved to patch this flaw. OEMs have also released relevant firmware to address the problem for personal computers, however, these patches could slow down performance by as much as 30%.

Spectre is a processor flaw that affects virtually all chips from Intel, AMD, ARM and others, and has no current patch to fix. Some researchers believe the fix for Spectre may not be available until the next generation of chips hit the market.

References: Researchers Discover Two Major Flaws in the World’s Computers | Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts

Mitigation Strategies:

Security Insights

More Security Insights and Industry News

Check out our new blog posts, plus you can follow the blog on our social media outlets.

This Week's Suspicious IP Addresses

212.83.152.146 109.75.188.147
185.107.94.10 213.32.52.13
115.238.245.6 146.0.78.20

*IP addresses provided by Recorded Future.