1. News
  2. Privacy

The Weekly Hack: Banks, hospitals, casinos, and handyman apps make ripe targets

The site TaskRabbit is telling customers to change their passwords but won’t say why

Photo (c) Sitthiphong - Getty Images
Cybersecurity firms speaking at a tech conference this week shared some of the more memorable data breaches they were hired to solve. Nicole Eagan, CEO of the security firm Darktrace, recounted a case she solved for an unnamed casino, in which a hacker used the thermometer in the aquarium lobby to find the casino’s “high-roller” database.

Because the thermometer was “smart,” or connected to the internet, hackers were able to use it to access the casino’s network.

Executives at security firms, speaking at the WSJ CEO Council event, said that the “internet of things,” or the everyday objects that connect to the internet, have become prime targets to hackers.

Handyman app

Handyman-for-hire apps like TaskRabbit, which is owned by Ikea, are heavily marketed to single women who are seeking “safe and reliable help,” as the app puts it.  Much like the rest of the gig economy, handyman apps work by connecting freelance laborers with customers, both of whom supposedly are screened for any safety concerns.

But the safety of how customer data is stored is another question. TaskRabbit went offline on Monday to investigate a hack, the company announced this week.

In a statement on its website, TaskRabbit only confirmed that an attack occurred but did not elaborate on what type of data had been accessed. All users were advised to change their passwords and monitor their accounts.

"While our investigation is ongoing, preliminary evidence shows that an unauthorized user gained access to our systems," says the vague announcement on the company’s website. "As a result, certain personally-identifiable information may have been compromised."

Banking chain

Suntrust Banks, an Atlanta-based banking chain with 1400 branches, said in a press release today that the accounts of more than 1.5 million people were accessed in a data breach. The bank pinned the hack on a former employee and is offering free credit monitoring to affected customers.

Hospital chain

UnityPoint Health, a hospital and homecare provider in the Midwest, said that 16,000 customers have had their social security numbers and other personal information accessed. The breach reportedly came from a phishing attack on employee emails accounts.

The chain, in a letter to patients, said that  the attack occurred sometime between November 1 and February 7, but it also claimed that there were no cases of identity theft or fraud linked to the attack.

Then again, if there were identity theft cases linked to the hack, UnityPoint Health wouldn’t necessarily know of them -- victims of identity theft are typically advised to contact their bank, the local police, and the Federal Trade Commission, not their local hospital.

Take an Identity Theft Quiz. Get matched with an Authorized Partner.