Data Breaches News and Analysis
Phishing campaign leads to UPS Store data breach
In a data breach notification letter to customers, The UPS Store has disclosed that an unauthorized party successfully devised a phishing scheme to gain entry into the email accounts of numerous store locations. The breach exposed information contained within documents that customers emailed to stores for printing and related services, the San Diego-based subsidiary of…
Mitsubishi Electric discloses June 2019 breach; Tick hacking group reportedly blamed
Japanese manufacturer Mitsubishi Electric has acknowledged its discovery last June of a data breach perpetrated by an unauthorized third party that accessed both personal employee information and corporate materials. The public disclosure came amid multiple English and Japanese news sources publishing details on the incident [1, 2, 3, 4, 5], which experts believe may be…
Equifax class action suit settled
A Georgia court gave final approval for Equifax’s $380.5 settlement in response to a class action suit brought for the September 2017 data breach that exposed the PII of 148 million customers. Judge Thomas W. Thrash of the Northern District of Georgia ordered Equifax to place the money in a fund from which victims can…
Aussie P&N bank suffers data breach
The Australian P&N Bank reported a data breach that exposed detailed and sensitive financial information on an unspecified number of customers. Access was gained on December 12 to the bank’s customer relationship management system, which is operated by a third-party hosting firm, was undergoing an upgrade. Details on how it was accessed were not revealed,…
PlanetDrugsDirect breached, PHI and payment info exposed.
The Canadian online pharmacy PlanetDrugsDirect is notifying customers of a data breach that exposed both payment and personal health insurance. In an email obtained by Bleeping Computer the bargain online retailer said exposed data could include name, address, email, phone number, medical information (including prescription) along with payment card data. The company does not believe…
Nemty ransomware makers may be latest to adopt data leak strategy
Following in the footsteps of Maze and Sodinokibi, it appears the makers another malicious encryption program plans to adopt the tactic of publishing data that’s been exfiltrated from targets. According to a BleepingComputer report, Nemty ransomware developers posted on a news feed in its affiliate panel that it intends to create a website where they…
Breach of email accounts impacts 50,000 patients of Minnesota hospital
Minnesota-based hospital operator Alomere Health this month began notifying patients of a data breach affecting 49,351 individuals, after a malicious actor gained access to two employee email accounts in late October and early November. The first incident took place between Oct. 31 and Nov. 1, 2019, while the second account hijacking happened days later on…
Attackers sink their meathooks into Landry’s restaurants’ payment card data
The Houston-based steakhouse, restaurant and hospitality company Landry’s, Inc. has advised customers of a point-of-sale malware attack that stole payment card data from an order-entry system used to process kitchen and bar orders. According to a company breach notification, Landry’s food and beverage locations typically use point-of-sale terminals featuring end-to-end encryption technology that protects the…
School software vendor Active Network suffers data breach
Acitve Network’s Blue Bear Software platform reported that unauthorized activity in its network earlier this year resulted in customer PII being exposed. The company reported the issue to the California Attorney General’s office stating it recently became aware that between Oct. 1, 2019 and Nov. 13, 2019 there was illegal activity taking place on its…
Wyze Labs data breach exposes 2.4 million, includes PHI
Security camera and smart device maker Wyze Labs has confirmed a data breach that left exposed a database containing information on reportedly 2.4 million of its users. Wyze Co-founder Dongsheng Song confirmed the data breach on December 27 and said the exposed database contained a large amount of personal, product and some medical information. Username…
Names, Social Security numbers exposed in Moss Adams breach
The accounting, consulting and wealth management firm Moss Adams has posted a cybersecurity incident notice centered on an employee email account that was accessed by an unauthorized person compromising PII. In the statement, which appeared on the California Attorney General’s data breach website, Moss Adams stated that on October 10, 2019 a staffer’s email account…
123456 still a popular password
Among the banes of existence for any human living in the 21st century is the need to periodically choose, change and remember numerous passwords, which partly explains why nearly 3 percent of computer users chose 123456 in 2019. This according to , reports Teams ID. So, if you fall into this category it may just…
Wawa POS system compromised for 10 months, cybersecurity pros weigh in
Wawa convenience stores is reporting a massive data breach that impacted payment card transactions potentially at all of its 800 locations. Malicious actors managed to place malware on Wawa’s in-store and fuel pump POS systems starting on March 4, 2019 with all of its stores most likely being compromised by April 22. The company discovered…
Cybersecurity takes the stage
No longer just the concern of IT, cybersecurity is the bad boy headliner that dominates centerstage and all stages beyond. Teri Robinson reports. At the recent Lonestar Blues and Heritage Festival in, where else, Texas, fans bounced between the main stage where headliners strutted their stuff and the porch stage where more modest acts plucked their guitars – and…
2020 Predictions: Data Breaches
Experian predictionsCybercriminals will leverage text-based “smishing” identity theft techniques to target consumers participating in online communities. As more Americans continue to join like-minded groups on social media to provide financial support to social causes or political candidates, cybercriminals can solicit unsuspecting consumers with fraudulent messages via SMS text to seek bank account details or other…
Open database exposes 26,000 Honda Motors customers
A Honda Motor Company Elasticsearch cluster containing 976 million records affecting about 26,000 customers and containing information on Honda vehicle owners was found exposed. Independent security researcher Bob Diachenko posted that the database appeared to be part of the company’s North American operation did not require any passwords or other authentication to access the data,…
LifeLabs pays ransom to regain stolen data, 15 million affected
The Canadian health diagnostics firm LifeLabs reported it payed cybercriminals an undisclosed amount of money to retrieve customer data stolen in a recent cyberattack. LifeLabs president and CEO Charles Brown said the decision to pay the malicious actors was taken in in collaboration with cybersecurity experts familiar who handle cyberattacks and negotiations with cybercriminals. The…
1.6 billion LightInTheBox customer records left exposed
An unsecured database operated by the online retailer LightInTheBox left 1.3TB of data containing 1.6 billion shopper records exposed for a three-month period this year. In what the breach discovers VPNMentor described as a major lapse in LighInTheBox’s data security and potentially devastating to the victims exposing them to not only a cyberattack but potentially…
Visa warns against new POS attacks, Fin8 fingered as the culprit
Visa has identified three separate attacks that began last summer targeting gas station and hospitality merchant’s point of sale systems with the cybergang Fin8 being considered the likely perpetrator. The credit card company’s Payment Fraud Disruption department found that two unnamed “fuel dispenser merchants” and a North American company in the hospitality field were infiltrated,…
Real-time phishing alerts and stolen password warnings added to Chrome
Google yesterday announced that its latest Chrome release adds real-time phishing alerts and password breach warning capabilities to the browser. The real-time anti-phishing capabilities represents an upgrade to Google’s Safe Browsing service, which compiles an ever-changing blacklist of dangerous websites that browsers can check against. Typically, when a Chrome user visits a website, the browser…
