Data Breach News, Articles and Updates

Corporation Service Company breach exposes PII on 5,678 customers

During routine security monitoring, the company, whose clients include Fortune 500 firms, discovered that an unauthorized third party had infiltrated its systems and stolen PII.

Jay-Z's TIDAL streaming service discloses breach while denying number-fudging accusations

In denying accusations that it manipulated its subscriber statistics, Jay-Z-owned music streaming platform TIDAL instead has disclosed a potential data breach, according to various industry reports.

2,500 students, alumni and staffers affected by University at Buffalo data breach

The University at Buffalo reported that about 2,700 students, alumni, faculty and staff accounts were compromised when a third-party vendor was breached.

Rail Europe North America discloses breach of e-commerce IT platform

U.S. residents who purchased European train tickets through Rail Europe North America (RENA) may be affected by a nearly three-month data breach/compromise of its e-commerce websites' IT platform that started late last year.

The Oregon Clinic patient PHI exposed via email breach

The Oregon Clinic discovered on March 9 that an unauthorized third party had accessed an email account possibly exposing the personal health information for some of its patients.

Goodyear, Ariz., utility POS system breached

The City of Goodyear, Ariz., is reporting a possible data breach associated with its online utility bill payment system causing the municipality to disable the system while it investigates.

UnityPoint data breach victims file class action lawsuit

The victims of a phishing attack targeting UnityPoint Health filed a class action lawsuit against the firm claiming victims were falsely told their social security numbers hadn't been compromised

Equifax details breach information in SEC filing, hundreds of millions of records exposed

Equifax revealed to the government a full breakdown of how many files in each category of personal information was possibly compromised in the massive data breach the financial firm revealed last fall.

FLEETCOR Technologies gift card systems breached

FLEETCOR Technologies, a $2.25 billion company specializing in fuel cards and workforce payment products and services, publicly disclosed this past Thursday that its gift card systems were accessed last month by an unauthorized party.

Delaware data breach resource site goes live

The state of Delaware launched a website to assist in the compliance of the state's updated data breach laws.

Massachusetts Senate passes data breach bill regulating consumer reporting agencies

By a 38-0 margin, the Massachusetts Senate last week unanimously passed S.2455, a bill that affords consumers enhanced protections in the event of a breach affecting a consumer reporting agency such as Equifax.

Zippy's Restaurants suffers POS data breach

The Hawaii-based Zippy's Restaurants reported that for four months its point-of-sale system at 25 of its locations had been compromised exposing customer data.

Cyberattack map shows impacted U.S. school districts

A group called the K-12 Cybersecurity Resource Center has created an interactive incident map that shows all of the school districts in the U.S. that have been affected by a cyberattack since 2016.

Ransomware exposes records of 85,000 Center for Orthopaedic Specialists patients

California's Center for Orthopaedic Specialists (COS) last week disclosed that its three facilities were affected by a ransomware attack on a third-party system that allowed adversaries to access patient data and encrypt it for the purposes of extortion.

Equifax data breach cost hits $242 million

The massive data breach that compromised the data of 147.9 million Equifax customers last year has cost the company more than $242 million in related expenses, much of which has been covered by its cybersecurity insurance.

Study finds children hit worst by data breaches

While data breaches put millions at risk each year, it's easy to forget about some of the most vulnerable victims who often don't have the knowledge or resources to protect their identities.

Ex-Sun Trust employee helps compromise 1.5 million bank clients

Sun Trust Bank today confirmed it was hit with an insider attack when a former employee, working with a third party, stole company contact lists possibly exposing the personal information of up to 1.5 million customers.

Social media aggregator LocalBlox leaves 48M records exposed

Social media data aggregation firm LocalBlox left an AWS bucket misconfigured revealing 48 million records gleaned from Facebook and other sites.

Ikea's TaskRabbit investigating cybersecurity incident

Ikea's freelance labor marketplace task rabbit temporarily shut down its app and website amid the investigation of a "cyber-security incident"

Texas Health Resources' patient information exposed in October 2017 email compromise

Texas Health Resources, a nonprofit health care delivery system in north Central Texas, has disclosed that an unauthorized party may have gained access to patient information back in October 2017 by compromising some of the organization's email accounts.

Medical supplier Inogen hit with breach, 30,000 possibly affected

A California-based medical device manufacturer reported that 30,000 former and current customers may have had their personal information exposed when a company employee's email account was compromised.

Uber, FTC agree to expanded settlement after second breach

The Federal Trade Commission had already announced a settlement with Uber last August over a previous incident in 2014 when it discovered that the car-sharing service had been less than forthcoming about a second breach.

Verizon report: Ransomware runs rampant, responsible for 39% of malware-caused breaches

Ransomware was the most commonly detected malware in data breaches and related security incidents last year, climbing from fourth overall in 2016 and all the way from the 22nd spot five years ago, according to Verizon's just released 2018 Data Breach Investigations Report.

U.S. Department of Interior CIO office fails IG cybersecurity inspection

The U.S. Department of the Interior Office of the Chief Information Officer (OCIO) essentially received a failing grade from its own Office of the Inspector General (IG) when it comes to following NIST for incident detection and response.

Best Buy payment info compromised in [24]7.ai breach; malware reportedly suspected

Consumer electronics retailer Best Buy on Thursday became the third major company to acknowledge that a portion of its customer payment information was exposed in a data breach of third-party chat and customer engagement services provider [24]7.ai.

Should LinkedIn follow Facebook's lead in data restriction controls?

Facebook's recent announcement to update its data restriction policies has prompted some researchers to turn other social media platforms to review their data practices as well.