Data Breach news and analysis | SC Media

Data Breaches News and Analysis

First half 2019 sees 4,000 data breaches exposing 4B records

The number of data breaches reported and records exposed both increased by more than 50 percent during the first half of 2019 compared to the same period in 2018. The 2019 MidYear QuickView Data Breach Report by Risk Based Security found that there were 3,816 data breaches during the first six months of the year,…

Delta sues AI vendor over 2017 breach exposing info on 825K

After information on 825,000 Delta Airlines customers was exposed and potentially stolen by at least one hacker in 2017, the airline has filed suit against chatbot vendor [24]7.ai, claiming poor security led to the breach. Delta also took aim at the vendor for waiting nearly six months to disclose the breach, according to the suit…

European Central Bank confirms BIRD site hacked, contact info stolen

Unauthorized third parties hacked European Central Bank (ECB) Banks’ Integrated Reporting Dictionary (BIRD) website, nicking email and other contact information on 481 subscribers and prompting the bank to shut down the website indefinitely. “The breach succeeded in injecting malware onto the external server to aid phishing activities,” the ECB said in a release, adding that…

Hy-Vee supermarkets report POS cyber incident

The Mid-Western supermarket chain Hy-Vee has issued a warning that the payment card system was breached at several of its locations and services. The 245-store chain said in an August 14 statement that there was an undefined security incident with the payment processing systems that handled transactions at some Hy-Vee fuel pumps, drive-thru coffee shops,…

Cracked.to hacking forum user data breached and leaked by rivals

Hacking online forum Cracked.to last July suffered a data breach at the hands of one of its rival communities, resulting in the compromise of roughly 321,000 members, breach reference website site “Have I Been Pwned?” reported this week. The breach resulted in a public doxxing that exposed a database containing 749,161 email accounts, as well…

Desjardins breach cost $53 million in Q2

A breach that exposed personally identifiable information (PII) on 2.9 million Desjardins customers cost the Canadian credit union $53 million in Q2. To accommodate users whose information was breached when an employee insider used internal data without authorization, the lender accrued the cost of offering credit monitoring as well as identity theft insurance for five…

700,000 Choice Hotels customer records compromised

Cybercriminals took advantage of an open MongoDB database containing data from Choice Hotels and stole 700,000 customer records and then demanded a $3,800 ransom payment for their return. The unsecured third-party database was first uncovered by Comparitech and security researcher Bob Diachenko, but despite quick action on their part informing Choice of the problem, malicious…

‘Know thyself:’ To combat external ATP threats, first look inward

To most effectively combat sophisticated and stealthy cyberattacks by advanced nation-state actors, today’s modern-day security operations center must first truly understand their own businesses, according to Monzy Merza, vice president of security research at Splunk. “They have to understand where the risks are, where the threats are based on the environment that they’re living. So…
"Aaron's Law," to amend the CFAA, introduced in Congress

House Republicans ask Capitol One and Amazon for briefing on data breach

Republican members of the House of Representatives’ Committee on Oversight and Reform this week sent open letters to both Capital One and Amazon, requesting that both companies arrange a briefing with Congressional staff members regarding Capital One’s recently announced data breach. Last Monday, McLean, Va.-based Capital One Financial Corporation publicly acknowledged that an unauthorized individual…

Pearson data breach impacts thousands of university accounts

London-based educational software maker Pearson reported on Wednesday a data breach involving about 13,000 school and university AIMSweb 1.0 accounts. Exposed data included first and last names, dates of birth, and emails, Pearson said in a blog post. While the company didn’t give any details surrounding what caused the incident, it did say strict data…
Software automates fake purchases on compromised credit cards

Two Deer Valley Resort restaurants hit with POS data breach

The Mariposa and the Royal Street Café in Deer Valley, Colo., are informing customers that their payment card information may have been compromised after an unauthorized party hacked the point-of-sale system of a resort operator that runs both restaurants. The two Deer Valley Resort restaurants discovered on May 17 that an unauthorized person had gained…
HondaWannacry

Honda Motors Company databases leaked 40GB of employee data

Independent researcher xxdesmus discovered a Honda Motor Company database leaking the data of 134 million rows, roughly 40GB,  of employee information.  The researcher discovered the database July 4, 2019 and then began trying to contact Honda, which was accomplished early on July 6, 2019. By that evening the database had been secured, according to a…

Sephora reports data breach, but few details

High-end beauty product supply retailer Sephora is reporting a data breach affecting its customers in the South Pacific and Southeast Asia. The chain sent an email to its online customers on July 29 detailing the incident. At this time the company does not believe any credit card information was involved nor that any of the…

Capital One breach exposes not just data, but dangers of cloud misconfigurations

The massive Capital One data breach that compromised the personal information of 100 million credit card customers and applicants serves as a stark reminder that misconfigurations and malicious insiders can defeat the most well-intentioned cyber defenses, even when companies rely on a third-party cloud service to securely manage their data. In the case of Capital…
Los Angeles

Personal info on 2,500 LAPD members, 17.5K applicants stolen

A hacker contacted the Los Angeles Information Technology Agency last week and claiming to have stolen personal information of 2,500 members of the LAPD and 17,500 applicants to the police force. “Out of an abundance of caution we’re applying extra layers of security around our personnel system and enhancing defenses,” L.A. General Manager Ted Ross…
FBI logo

Capital One hacker who stole personal info on 100M arrested

The FBI arrested a former software engineer from Seattle on charges of computer fraud and abuse after she accessed Capital One Financial Corp. data through a misconfigured web application firewall and stole Social Security numbers, names, birth dates, bank account numbers and other personal information on more than 100 million people. Paige A. Thompson, 33,…