A couple new data breaches have been revealed in the last few days, as users of a student loan company and customers of a restaurant chain are now vulnerable. In both breaches, serious personal information was compromised.
Access Group Education Landing has notified 16,500 borrowers that their personal information was released to an unauthorized business — information which included borrowers’ names, driver’s license numbers and Social Security numbers. Though that business was not identified, the Associated Press reports that it was a student loan lender.
According to Access Group, the information was released by Nelnet, which processes loans for the lender. Nelnet claims the information is safe — it was sent to “a trusted business partner” through an encrypted channel. The vendor who received the files deleted them.
It appears as if borrowers may have escaped any further damage with this particular breach, though Access Group is still offering a year of free credit monitoring to those who were affected.
Hawaiian Chain Restaurant Breached
Zippy’s, a Hawaiian restaurant chain, announced that it has been affected by a data breach. Credit and debit cards used at Zippy’s Restaurants, Napoleon’s Bakery, Kahala Sushi, and Pearl City Sushi between Nov. 23, 2017 and March 29, 2018 may have been compromised as a result of the data security incident.
Data impacted by this incident “may include the cardholder’s name, the card number, expiration date, and security code,” Zippy’s said — the complete card information anyone would need to make a purchase.
Zippy’s first learned of the breach in early March and an investigation on the incident reached its conclusion on April 4, but the company announcement only happened a few days ago. The chain provides a list of affected locations — KHON2 Honolulu points out that all Zippy’s locations are affected.
The chain was likely affected by a point-of-sale system attack — a method we’ve seen at other chains, including another regional restaurant chain, Jason’s Deli.
Zippy’s claims it “has taken steps to prevent this type of event from occurring in the future. Such steps include upgrading system hardware, changing the way certain software and system processes work, and further enhancing system security and monitoring.”