Data Breaches News and Analysis
Tesla suing self-driving startup Zoox and former employees for data theft
Tesla is accusing self-driving car startup Zoox and former employees of stealing trade secrets. The automaker is suing the start-up and the bunch claiming the employees gave Zoox Tesla’s logistics info to Zoox, while another gave Tesla’s autopilot code to Xiaopeng Motors. Two lawsuits were filed this week with one claiming employees stole “proprietary information…
Rutland Regional Medical Center, Zoll reveal data breaches
Two healthcare organizations suffered data breaches due to their email service resulting in more than 72,000 records being exposed. Rutland Regional Medical Center in Vermont reported several employee email accounts have been compromised, while the medical products firm Zoll had data possibly exposed when an email server migration went awry. In both cases the patient…
Meditab affiliate exposes medical records, PII on unprotected server
Once again, information was left exposed on an unprotected server – this time by an affiliate of Meditab, a California maker of medical records software sold to doctors, pharmacies and hospitals. Researchers at SpiderSilk found that anyone could read in realtime unencrypted medical records, personal information, drug prescriptions, doctors’ notes and the like from faxes…
Gnosticplayers dumps 26 million company records for sell in fourth round dump
A hacker dubbed Gnosticplayers, who is known for selling personal information, recently posted 26.42 million stolen user records for sale on the dark web in what he is calling a fourth round of leaks. The threat actor has previously offered up for sell more than 840 million records since February 2019 and sells them in…
Report: Chinese e-retailer Gearbest leaves database exposed, endangering 1.5 million records
The parent company of Chinese e-retailing giant Gearbest has been operating a completely unsecured corporate database, leaving roughly 1.5 million customer records unencrypted and exposed to the public, a new report warns. Led by white-hat hacker Noam Rotem, researchers from VPNMentor revealed the security issue after discovering they were able to access Gearbest’s customer, order,…
Password-spraying attacks abuse IMAP to break into targets’ cloud accounts
Taking advantage of recent stolen credential dumps, attackers have been exploiting legacy protocols like IMAP to engage in high-volume password-spraying campaigns for the purpose of breaking into companies’ cloud accounts, researchers at Proofpoint are reporting. Used by email clients to retrieve messages from a server, IMAP (Internet Message Access Protocol) is an ideal protocol to…
Understanding behavior is key to rebuffing malicious bots (Video)
Malicious bots account for about 30 percent of all traffic on the internet, Cequence Security CMO Franklyn Jones told SC Media Executive Editor Teri Robinson, which is why understanding underlying behavior is important.
GCA, Mastercard partner on free cybersecurity toolkit for small business (Video)
Small businesses, which make up 99 percent of businesses globally and, on average, 70 percent, grapple with some of the same major cybersecurity challenges as large enterprises, only without the same resources. The Global Cyber Alliance (GCA) and Mastercard have teamed on a free Cybersecurity Toolkit aimed at helping smaller and medium-sized businesses. GCA President…
Senators propose they too should report when breached
Senators Ron Wyden, D-Ore., and Tom Cotton, R-Ark., are calling for senators to report if they have been hacked at the end of each year. The duo pointed out that the Senate is considered a “prime target” for cyber breaches noting that several high profile cyberattacks have already been carried out against government agencies including…
Companies unable to meet stringent GDPR data breach reporting requirements
The first anniversary of GDPR going into effect is on the horizon, but one study has found that companies are rarely able to meet the reporting demands set by the legislation. A report by the cybersecurity firm Redscan, based on data received through a Freedom of Information request in the UK, found neither breach detection…
Ransomware attack pays off as Delaware Guidance Services gives in to criminals
The Delaware Guidance Services (DGS) for Children and Youth is the latest organization to pay off the cybercriminals who locked up their network with a ransomware attack. The Dover, Del., based organization said in a letter to its patients and guardians that the attack took place on December 25, 2018. Files containing personal information, such…
Dozens of high-profile Box accounts found leaking sensitive data
Adversis researchers have discovered that dozens of companies have leaked sensitive data as a result of misconfigured Box accounts. Box is a cloud based “content management platform” primarily used to share files and folders and similar to AWS S3 buckets. The files can be shared to anyone with the link, restricted to those within a…
Berners-Lee says WWW needs bolstering against malicious cyberattacks, dysfunction
At 30 years old, the World Wide Web needs a little work when it comes to cybersecurity and other issues, its creator Tim Berners-Lee said Monday. Three sources of dysfunction must be addressed, Berners-Lee wrote in an open letter: “deliberate, malicious intent, such as state-sponsored hacking and attacks, criminal behaviour, and online harassment; system design…
Navy may scrap cyber assistant secretary position
Just three weeks ago the Department of the Navy boosted its planned reorganization that would create a new assistant secretary position to manage cyber, IT and data but at the end of last week Navy Secretary Richard Spencer seemed to indicate the Navy might scrap that position for the time being. To incorporate the Senate-confirmed…
Jackson County, Georgia pays $400,000 ransom to release files
Jackson County, Ga., is the latest ransomware victim to fork over a payment to its attackers in order to regain access to its encrypted files. The county government paid out $400,000 over the weekend to the attackers that struck on March 6 effectively taking down the municipal government computer network, including 911. County officials told…
Software maker Citrix hacked, business documents removed
Acting on a tip from the FBI, Citrix has investigated and confirmed that its network has been penetrated and data had been exfiltrated by an outside force. Neither the extent of nor the specifics of what has been removed has been determined, but in a statement Citrix said business documents have been accessed and downloaded…
Columbia Surgical Specialists pay $15,000 ransom to unlock files
Columbia Surgical Specialists paid an almost $15,000 ransom to regain access to files encrypted during a ransomware attack. The Spokane, Wash.-area healthcare facility told its patients the news in a letter sent on March 7, claiming the locked files were needed to ensure the health and safety of several patients. “Yes, we paid $14,649.09. We…
Data breaches up 400 percent, 15 billion records compromised: report
The number of data breaches increased more than 400 percent in 2018 exposing almost 15 billion records, according to the identity intelligence company 4iQ. The company’s annual report confirmed 12,440 new breaches, a 424 percent increase compared to 2017, and of the 14.9 billion records compromised, 3.6 billion were confirmed real and exposed for the…
Equifax neglected cybersecurity prior to breach, Senate report finds
On the eve of executives from Equifax CEO and Marriott appearing before the Senate Permanent Subcommittee on Investigations to discuss the lessons learned from a pair of major breaches, the subcommittee released a scathing report accusing Equifax of neglect and “failing to prioritize cybersecurity,” which led to a 2017 breach that affected 145 million people.…
Sonic hit by $5 million suit over 2017 data breach
The drive-in fast food chain Sonic is being sued by the American Airlines Federal Credit Union for $5 million in an attempt to recoup money the credit union lost due to Sonic’s data breach in 2017. American Airlines Federal Credit Union said because of the attack it incurred losses by having to cancel or reissue…
