Jump to content

Rand McNally


Recommended Posts

Received an email from Rand McNally that some of their computers have been “compromised “ (I assume that means hacked).  I know they are a big company, but just wondering if anyone else received it and if so would any of you gurus be worried about someone trying to screw with GPS data and accuracy?  I have their RV GPS.

Edited by SuiteSuccess
Link to post
Share on other sites
32 minutes ago, SuiteSuccess said:

Received an email from Rand McNally that some of their computers have been “compromised “

I don't have any Rand McNally devices.  

The phrase "some of our computers have been compromised" almost always means their internal business computers have been hacked or an employee has stolen information.  But it's also unusual to be that vague about what the potential impact is on you (the person they sent the letter to).

Was the anything else beyond boilerplate in the letter email?

Edited by DanZemke
clarity
Link to post
Share on other sites
6 minutes ago, bockofma said:

Good day.

If you still have the email, hover over the sender's email address to see if it's actually from Rand-McNally.  If it is not, then it is a phishing email. DON'T respond to it in any way whatsoever.

Regards

Michael

I did that and it is from Rand McNally.  I suspected phishing initially.

Link to post
Share on other sites
3 minutes ago, DanZemke said:

I don't have any Rand McNally devices.  

But the phrase "some of our computers have been compromised" almost always means their internal business computers have been hacked or an employee has stolen information.  But it's also unusual to be that vague about what the potential impact is on you (the person they sent the letter to).

Was there substantively more to the letter?

Here is the mailing.

Dear Valued Customer, 

As you may be aware, Rand McNally recently discovered a disruption to certain portions of our computer and phone network. We commenced an immediate investigation that included taking certain systems offline and are working with specialists to determine the nature and scope of the event. We are working diligently to restore the functionality of our systems to minimize downtime, particularly for regulated and essential industry sectors. We apologize for any delay or inconvenience this has caused. 
 
The investigation is ongoing, but to date we have no indication that Rand McNally customer data is affected. We will continue to update you when we have meaningful updates on the restoration of services. 
 
We appreciate your patience and understanding and assure you we are working around the clock to restore our services. In the meantime, if you have a critical issue, we’ve established a temporary Customer Support phone number: 224-601-4847


Thank you, 
Rand McNally”

Link to post
Share on other sites
3 minutes ago, SuiteSuccess said:

As you may be aware, Rand McNally recently discovered a disruption to certain portions of our computer and phone network.

They're describing a problem with their internal (back-end) systems, so your device is extremely unlikely to have been hacked.  From their note, they've detected a break-in, but aren't clear on the full scope of its impact yet.

I wouldn't worry about.  If it they find out more, that could damage you, they're required by law to notify you.

Back to worrying about Covid-19 🙂

Link to post
Share on other sites
6 minutes ago, DanZemke said:

They're describing a problem with their internal (back-end) systems, so your device is extremely unlikely to have been hacked.  From their note, they've detected a break-in, but aren't clear on the full scope of its impact yet.

I wouldn't worry about.  If it they find out more, that could damage you, they're required by law to notify you.

Back to worrying about Covid-19 🙂

Thank you Dan.  Didn’t want to be driving down dead end streets with faulty GPS input data, lol.

Link to post
Share on other sites
50 minutes ago, DanZemke said:

SuiteSuccess,

Out of curiosity, I tried to access Rand McNally's website.  Going to https://www.randmcnally.com/ yields a blank page for me.

I suspect hackers have disabled several of their internal computers and are demanding Rand McNally to pay them for a code that will restore their system(s).  So called, ransomware.

Just out of curiosity and my ignorance, would it be possible for sophisticated hackers to cause GPS data to be skewed?  My gut tells me they could only mess in some way with map updates and not the units receiving GPS data,

Link to post
Share on other sites
1 hour ago, SuiteSuccess said:

Just out of curiosity and my ignorance, would it be possible for sophisticated hackers to cause GPS data to be skewed?  My gut tells me they could only mess in some way with map updates and not the units receiving GPS data,

Your gut has betrayed you on this one. :-).

Rand McNally GPS devices are capable of "software" updates.  If you choose to update your device to a new version, that new software could have been hacked to skew the GPS data on your device. 

But this is extremely unlikely to happen.  Why? Because, there are much more lucrative targets for hackers seeking money or chaos.

Link to post
Share on other sites

Carl, IF in fact Rand McNally WAS hacked, I expect the hackers would be looking for USER ID information (credit / debit card numbers, names / addresses / emails / phone numbers etc). Personal information like that is sold on the "Dark Web" every day. As for GPS data to be "skewed", I expect that would be a real possibility. Watch your bank and credit / debit card accounts carefully for the next six months (at least). I have my cards notify me if ANY purchases are made or attempted (gas stations and Redbox kiosks often put a "hold" of about $1.00 just to ensure that a card IS active). Years ago, I put a "lock" on my accounts at Experian, Equifax and Transunion credit reporting agencies. NOBOBY (and that includes ME!) can open a line of credit under my name and personal information until I contact said agencies and give them my SUPER-SECRET information along with a scan of my pecker  😉 (you should have seen the car salesman's face when I bought my last car). A while ago, I bought a "USB Security Key" that, once I get my butt in gear to set it up properly, will allow me to open my laptop (and certain other electronics) via this Security Key. It would replace "Two Factor Authentication" as well as alternate pain in the butt hoops we have to jump through just to use our devices with a high degree of security. PEOPLE will always be the weakest link in any security system.

Link to post
Share on other sites

Carl,

I know a guy who knows a guy.......  Really, I'll see someone tomorrow who knows a lot about "hacking" and cyber security, to the point that he helps teach/write the security software for big companies and gov't agencies.  Google "Big Fix".  i'll ask them about it.

Link to post
Share on other sites
7 hours ago, jkoenig24 said:

Carl, IF in fact Rand McNally WAS hacked, I expect the hackers would be looking for USER ID information (credit / debit card numbers, names / addresses / emails / phone numbers etc). Personal information like that is sold on the "Dark Web" every day. As for GPS data to be "skewed", I expect that would be a real possibility. Watch your bank and credit / debit card accounts carefully for the next six months (at least). I have my cards notify me if ANY purchases are made or attempted (gas stations and Redbox kiosks often put a "hold" of about $1.00 just to ensure that a card IS active). Years ago, I put a "lock" on my accounts at Experian, Equifax and Transunion credit reporting agencies. NOBOBY (and that includes ME!) can open a line of credit under my name and personal information until I contact said agencies and give them my SUPER-SECRET information along with a scan of my pecker  😉 (you should have seen the car salesman's face when I bought my last car). A while ago, I bought a "USB Security Key" that, once I get my butt in gear to set it up properly, will allow me to open my laptop (and certain other electronics) via this Security Key. It would replace "Two Factor Authentication" as well as alternate pain in the butt hoops we have to jump through just to use our devices with a high degree of security. PEOPLE will always be the weakest link in any security system.

John,

Have my credit reporting locked also and notifications set up on credit cards.  Did that several years ago.  Interesting, my daughter used to work for a high level financial firm in compliance.  She carried a little device that gave a code to enter her company’s computers and website where very sensitive financial info was kept.  That code was randomly changed every few minutes.

Link to post
Share on other sites
1 hour ago, rickeieio said:

Carl,

I know a guy who knows a guy.......  Really, I'll see someone tomorrow who knows a lot about "hacking" and cyber security, to the point that he helps teach/write the security software for big companies and gov't agencies.  Google "Big Fix".  i'll ask them about it.

Thanks Rick.  As you know my imagination of “what ifs “ can run a little rampant sometimes.

Link to post
Share on other sites

Yep, I find that being pretty common among the older crowd.

Seriously, it's interesting to watch how different folks perceive, or react, to things based on their past life experiences.  Since I grew up in the country and have never lived, or worked,  in areas where crime was an issue, I tend to not lock my doors or vehicles.  Every one of my vehicles has the key in it, other than the smart, which Susan drives. (She grew up in the city.)

And it follows, that since I've never had the experience of being "hacked", I tend not to worry about it.  Perhaps that makes me an easy target.  

Link to post
Share on other sites
18 minutes ago, rickeieio said:

Yep, I find that being pretty common among the older crowd.

Seriously, it's interesting to watch how different folks perceive, or react, to things based on their past life experiences.  Since I grew up in the country and have never lived, or worked,  in areas where crime was an issue, I tend to not lock my doors or vehicles.  Every one of my vehicles has the key in it, other than the smart, which Susan drives. (She grew up in the city.)

And it follows, that since I've never had the experience of being "hacked", I tend not to worry about it.  Perhaps that makes me an easy target.  

Glad to know that my friend.  I might be needing a new tractor or excavator or F150 or........😋😋

Link to post
Share on other sites
ec97f7fc-2b17-45fe-bad3-c900111b56e5.jpg
 

Dear Valued Customer, 

Rand McNally hopes this message finds you and your family in good health as we approach the holiday. In an effort to be transparent regarding the recent disruption to our network, we are making you aware of a cyber incident that is affecting our hosted and network systems. We assure you that we are focusing our resources on restoring the functionality of our network to resume delivery of products and services to you. We appreciate your patience and continued partnership in this regard. 

Please note: The navigation functionality of our GPS devices is not impacted — those devices continue to work as do other consumer electronics. However, we have established a temporary Customer Support number for immediate needs: 859-353-9057. Please also note that are experiencing significant shipping delays for orders made through our online store. We apologize for the inconvenience. 

During the response and recovery process, we are mindful of the ever-increasing level of sophistication of these incidents. We engaged experienced professional consultants to guide our efforts, and we are taking deliberate care to evaluate any risks. We have taken significant steps forward toward restoration and continue to investigate for more insight into the incident and how to prevent future disruption. 

While we are unable to provide a timeline at this moment, we appreciate the trust and confidence you have in Rand McNally to move as quickly as possible to resume to normal operations. We apologize for any temporary impact this may have on you. 

Thank you, 
Rand McNally

 

Nice to know I was concerned about the GPS functionality, lol.

Edited by SuiteSuccess
Link to post
Share on other sites

Rand McNally's home page says: "We’re upgrading our systems now and will be back up soon."

IMO, this is typical (and reasonable) marketing speak for, we've been hacked, our systems aren't operational, and we're not sure how long it will take us to get out of this mess.  

Try googling "rand mcnally" and click on the "Contact Us" link.  Then the "Road Atlas" link.  And then the "Fleet Rand McNally...".  All of these links display content that is much different that they did a week ago.  The Fleet Sales link has a pretty temporary page because Fleet Sales are probably their most profitable customers.

I'm not trying to disparage Rand McNally.  They're behaving like most corporations when they've been hacked.  But what they are working on is much more than a typical system "upgrade".

The primary purpose of this kind of attack (ransomware) is not about user's information like credit card numbers.  It's about making the cost of system recovery more expensive than the cost of paying perpetrator for a simple solution.  That said, if they can get valuable customer information, they would probably sell that too.

https://en.wikipedia.org/wiki/Ransomware

Edited by DanZemke
corrected bad internet link (URL)
Link to post
Share on other sites

Bleeping computer had an article yesterday about RM being locked down due to a possible ransomware attack similar to what happened to Garmin last summer, Garmin paid $10 million ransom to get the unlock key. I posted the links on irv2.com but don't have them on my computer.

RM's  ELB system is offline, saying to use paper log books for now.https://www.bleepingcomputer.com/news/security/truck-routing-provider-rand-mcnally-hit-by-cyberattack/

Edited by Ray,IN
Link to post
Share on other sites

Latest Facts

When I try to access: https://store.randmcnally.com/contact-us/

FireFox says: Warning: Potential Security Risk Ahead
Chrome says: Your connection is not private.  Attackers might be trying to steal your information from store.randmcnally.com

When I try https://www.randmcnally.com/support/s/diagnose-and-repair, I get a not found error.

I wish Rand McNally well, but their current website problems are not due to a "system upgrade".

Link to post
Share on other sites

I just went to storerandmcnally.com and got the security risk page. When I clicked on advanced it said  if I continue  it will take me to *.hostmonster.com, hostmonster.com. Naturally I backed out.

PLEASE DO NOT TRY TO GO TO THE ABOVE!!!!

The latest email from RM said their GPS systems are unaffected but no updates possible. I totally agree Dan there is no system upgrade, recovery perhaps - IF they pay the ransom.

If you look around the internet this is happening to many entities  right now, including hospital networks.

Edited by Ray,IN
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...