Hackers Steal 250,000 Us X Factor Entrant Records

By Author: Apple Tan
Total Articles: 68
Comment this article

For the last month, Sony has been in the headlines regarding hacking issues with their PSN, which spawned the PSN outage for 21 days and counting. It seems that, while Sony has had the unwanted limelight, Fox Broadcasting is experiencing a similar issue. Earlier this month, news of an attack on company servers belonging to music executive and former American Idol judge Simon Cowell came to light, highlighting that the details for more than 250,000 United States X Factor applicants had reportedly been stolen.
The breach was reported by Fox on May 2, according to the online data breach database, DataLossDB. Among the data compromised in the hack were the applicants’ full names, email addresses, dates of birth and phone numbers.  It is feared that these details will be used for identity theft scams. A representative of Fox confirmed that the data, which was stolen, did not include financial information, social security numbers or the user names and passwords of the applicants.
The producer of The X Factor, Simon Cowell, reportedly called in the FBI after hackers broke into his computer network. ...
... The 51-year-old producer is concerned that classified details about his plans for the US version of The X Factor have been snatched along with the personal details of the thousands of show applicants. Sources told a tabloid newspaper that Cowell is "worried" that hackers have stolen secret details about his expanding media empire.
Simon Cowell and executives at the American TV network, Fox, are said to be scared that the thieves will use the stolen data to scam those listed in the records. Additionally, The X Factor rules in the US have changed to allow individuals as young as 12 years old to enter, meaning that sensitive contact information of minors could now be in the hands of hackers. 
The television network, Fox, is the soon-to-be home for the Americanized version of The X Factor and has apologized for the security breach, stating that they are looking into the problem and trying to find the cause. In a statement apologizing for the breach, Fox Broadcast said it was “working with federal law enforcement authorities to investigate this illegal action”. The statement goes on to warn about the possible risk of phishing attacks against X Factor contestants based off information disclosed by the breach.
“We took immediate action to stop the illegal intrusion and began working with federal authorities,” said Gaude Paez of Fox. “We’ve sent emails to impacted registrants to notify them of the unauthorised access and providing them information to help them guard against spam and phishing.”
Those who have applied to go on the US version of the show have been warned not to reply to emails from Fox, Rupert Murdoch’s US TV network broadcaster, particularly if those emails request personal information.
“This week, we learned that computer hackers illegally accessed information you and others submitted to us to receive information about The X Factor auditions,” reads an email sent to those affected by the attack.
“The X Factor will never ask you to email personal information such as financial data, credit card numbers, and social security numbers or the user name or passwords you use to access other websites,” warned the email. “If you receive an email that appears to be from Fox.com or The X Factor asking for personal information, please delete it, as it did not come from us.”
How the attack occurred or how attackers gained access to the data has not been revealed, but the FBI has been called in. The resources of the Feds are likely to be stretched in the aftermath of several huge hacks which have been reported in US-based operation in recent weeks. This data breach incident is just the latest, and perhaps most obscure, in a slew of data breaches targeting everyone from online gaming platforms and security companies to restaurants and email marketing firms. Although the show promises to vault its winner to celebrity stardom, this data breach is not the kind of widespread public exposure these would-be singing stars were hoping for.
From all the recent data breach incidents, it was clearly stated that the frequency of information data breach is only going to increase if organizations fail to pay attention to the vulnerabilities of their network security. Organizations need to implement robust information security initiatives, including having a proficiently skilled IT security workforce, in order to avoid cyber attacks and security breaches. IT security professionals can increase their information security knowledge and skills by embarking on advanced and highly technical training programs. EC-Council has launched the Center of Advanced Security Training (CAST) to address the deficiency of technically proficient information security professionals.
CAST will provide advanced technical security training covering topics such as advanced penetration testing training, Digital Mobile Forensics, Cryptography, Advanced Network Defense, and advanced application security training, among others. These highly sought after and lab-intensive Information Security training courses will be offered at all EC-Council-hosted conferences and events, and through specially selected authorized training centres.

About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). 
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced security training for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing training, malware analysis, advanced social engineering, cryptography, digital forensics deep dive, and web application security training, among others.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).