Highly sensitive details have been exposed

Dec 4, 2014 15:59 GMT  ·  By

A cyber-intrusion has been recorded on the computer systems of American Residuals and Talent (ART), a payroll service that processes residual checks for members of the Screen Actors Guild – American Federation of Television and Radio Artists (SAG-AFTRA).

Discovered on October 18, the intrusion occurred through the web application of the organization, which was accessed without authorization by an unknown party.

Intrusion lasted for about two hours

The attacker(s) managed to gain access to a database with sensitive information about clients. Immediately after the detection of the illegal access, measures were taken to close the door and prevent similar incidents in the future.

According to the disclosure letter to the affected individuals, the breach did not last more than two hours, but this was sufficient time for the attacker(s) to browse the sensitive database and extract valuable information.

SAG-AFTRA has also published a notification regarding the unfortunate event and said that collaboration has been initiated in order to mitigate the data breach.

The association has more than 160,000 members from the showbiz industry, from actors, broadcasters, and dancers to DJs, stunt performers, news editors, and voiceover artists.

The anonymity of all affected people has been kept, but considering that they are part of the showbiz, one can assume that details relating to some famous names may have been exposed.

Plenty of sensitive data has been exposed

The results of the investigation revealed that the data exposed included names, social security numbers, addresses, bank account information, dates of birth, email addresses, phone numbers and ART account number, user ID and password.

At the moment, there is no evidence that the data has been used inappropriately or whether it has been copied from the ART systems.

As a result of the incident, ART has taken steps to increase the security of its network and maintain customer details protected from unauthorized third parties.

All people impacted have received complimentary membership for one year for an identity protection service, which helps track potential misuse of the stolen personal information and remedies the issues arising from this.

Moreover, ART sent notifications about the breach to major credit reporting agencies in order to limit the risk of fraud.

It is unclear how the perp(s) managed to access the sensitive server, since it must have benefited from more security than the main page of the website. Access to the site appears to be limited to visitors outside the US.

This is done through automatic geo localization of the IP address. All addresses outside the United States are banned. However, this can be easily bypassed using a proxy service.

ART payrol service (5 Images)

ART log-in page is protected through geo-IP identification service
SAG-AFTRA members affected by the ART incidentProminent actors are part of SAG
+2more