Limo breach impacts hundreds of thousands of high-profile clients

Share this article:

The CorporateCarOnline website states in bold letters: “TRUST US; YOUR DATA IS SECURE.” Hundreds of thousands of clients beg to differ.

On Monday, information security services company Hold Security revealed that the limousine management software and services provider has become the latest victim of a group of cyber crooks responsible for breaching several other organizations, including Adobe, LexisNexis, PR Newswire, Kroll and National White Collar Crime Center.

A CorporateCarOnline spokesperson has not issued a statement, but Alex Holden, CISO at Hold Security, the organization that uncovered details of the former incidents and – along with technology journalist Brian Krebs – alerted those affected companies, told SCMagazine.com on Monday that he had a “one-sided” correspondence with the limo company.

“We reached out and said we might have discovered a breach,” Holden said. “We provided a sample of the data and in conversations a person did confirm it was the company's data. That was as far as it went.”

The incident led to the compromise of roughly 850,000 names, addresses, credit card numbers and expiration dates, according to Krebs, who added that nearly 250,000 of those cards were high-limit or no-limit American Express cards.

Along with American Express, Holden said he alerted Visa, MasterCard and Discover of the incident and explained that those companies are taking appropriate steps to protect victims. “I'm hoping the major credit card companies come out publicly with what they're doing about the breach,” Holden added.

The reason such a great deal of the credit cards were high-limit is because many of them are related to high-profile clientele, such as Miami Heat superstar LeBron James, Green Bay Packers starting quarterback Aaron Rodgers, A-list actor Tom Hanks and real estate mogul and television personality Donald Trump, Krebs wrote.

The same attackers are believed to be at work because, in late September, Hold's company identified a database of nearly 10 million CorporateCarOnline records on the same server that housed data belonging to Adobe and PR Newswire.

“There was some evidence that the attackers used the ColdFusion exploit,” Holden said, explaining he believes the attack occurred on or around Sept. 10. ColdFusion vulnerabilities were exploited in the former breaches.

Holden said he believes the attackers are from Eastern Europe because they are Russian speakers.

Share this article:

Sign up to our newsletters

More in News

Apple's iOS 7.1.1 fixes Webkit bugs, encryption bypass issue

Released Tuesday, the update prevents exploit via "triple handshake" attacks, which could allow a bypass of encryption safeguards.

'Unauthorized' media contact a fireable offense for U.S. intel employees

The new media policy states that U.S. intelligence employees who have "unauthorized" contact with the media could lose their jobs.

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.