Limo breach impacts hundreds of thousands of high-profile clients

Share this article:

The CorporateCarOnline website states in bold letters: “TRUST US; YOUR DATA IS SECURE.” Hundreds of thousands of clients beg to differ.

On Monday, information security services company Hold Security revealed that the limousine management software and services provider has become the latest victim of a group of cyber crooks responsible for breaching several other organizations, including Adobe, LexisNexis, PR Newswire, Kroll and National White Collar Crime Center.

A CorporateCarOnline spokesperson has not issued a statement, but Alex Holden, CISO at Hold Security, the organization that uncovered details of the former incidents and – along with technology journalist Brian Krebs – alerted those affected companies, told SCMagazine.com on Monday that he had a “one-sided” correspondence with the limo company.

“We reached out and said we might have discovered a breach,” Holden said. “We provided a sample of the data and in conversations a person did confirm it was the company's data. That was as far as it went.”

The incident led to the compromise of roughly 850,000 names, addresses, credit card numbers and expiration dates, according to Krebs, who added that nearly 250,000 of those cards were high-limit or no-limit American Express cards.

Along with American Express, Holden said he alerted Visa, MasterCard and Discover of the incident and explained that those companies are taking appropriate steps to protect victims. “I'm hoping the major credit card companies come out publicly with what they're doing about the breach,” Holden added.

The reason such a great deal of the credit cards were high-limit is because many of them are related to high-profile clientele, such as Miami Heat superstar LeBron James, Green Bay Packers starting quarterback Aaron Rodgers, A-list actor Tom Hanks and real estate mogul and television personality Donald Trump, Krebs wrote.

The same attackers are believed to be at work because, in late September, Hold's company identified a database of nearly 10 million CorporateCarOnline records on the same server that housed data belonging to Adobe and PR Newswire.

“There was some evidence that the attackers used the ColdFusion exploit,” Holden said, explaining he believes the attack occurred on or around Sept. 10. ColdFusion vulnerabilities were exploited in the former breaches.

Holden said he believes the attackers are from Eastern Europe because they are Russian speakers.

Share this article:

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.