Breach, Data Security, Incident Response, TDR, Vulnerability Management

Limo breach impacts hundreds of thousands of high-profile clients

The CorporateCarOnline website states in bold letters: “TRUST US; YOUR DATA IS SECURE.” Hundreds of thousands of clients beg to differ.

On Monday, information security services company Hold Security revealed that the limousine management software and services provider has become the latest victim of a group of cyber crooks responsible for breaching several other organizations, including Adobe, LexisNexis, PR Newswire, Kroll and National White Collar Crime Center.

A CorporateCarOnline spokesperson has not issued a statement, but Alex Holden, CISO at Hold Security, the organization that uncovered details of the former incidents and – along with technology journalist Brian Krebs – alerted those affected companies, told on Monday that he had a “one-sided” correspondence with the limo company.

“We reached out and said we might have discovered a breach,” Holden said. “We provided a sample of the data and in conversations a person did confirm it was the company's data. That was as far as it went.”

The incident led to the compromise of roughly 850,000 names, addresses, credit card numbers and expiration dates, according to Krebs, who added that nearly 250,000 of those cards were high-limit or no-limit American Express cards.

Along with American Express, Holden said he alerted Visa, MasterCard and Discover of the incident and explained that those companies are taking appropriate steps to protect victims. “I'm hoping the major credit card companies come out publicly with what they're doing about the breach,” Holden added.

The reason such a great deal of the credit cards were high-limit is because many of them are related to high-profile clientele, such as Miami Heat superstar LeBron James, Green Bay Packers starting quarterback Aaron Rodgers, A-list actor Tom Hanks and real estate mogul and television personality Donald Trump, Krebs wrote.

The same attackers are believed to be at work because, in late September, Hold's company identified a database of nearly 10 million CorporateCarOnline records on the same server that housed data belonging to Adobe and PR Newswire.

“There was some evidence that the attackers used the ColdFusion exploit,” Holden said, explaining he believes the attack occurred on or around Sept. 10. ColdFusion vulnerabilities were exploited in the former breaches.

Holden said he believes the attackers are from Eastern Europe because they are Russian speakers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.