Data Breaches News and Analysis
First half 2019 sees 4,000 data breaches exposing 4B records
The number of data breaches reported and records exposed both increased by more than 50 percent during the first half of 2019 compared to the same period in 2018. The 2019 MidYear QuickView Data Breach Report by Risk Based Security found that there were 3,816 data breaches during the first six months of the year,…
Delta sues AI vendor over 2017 breach exposing info on 825K
After information on 825,000 Delta Airlines customers was exposed and potentially stolen by at least one hacker in 2017, the airline has filed suit against chatbot vendor [24]7.ai, claiming poor security led to the breach. Delta also took aim at the vendor for waiting nearly six months to disclose the breach, according to the suit…
European Central Bank confirms BIRD site hacked, contact info stolen
Unauthorized third parties hacked European Central Bank (ECB) Banks’ Integrated Reporting Dictionary (BIRD) website, nicking email and other contact information on 481 subscribers and prompting the bank to shut down the website indefinitely. “The breach succeeded in injecting malware onto the external server to aid phishing activities,” the ECB said in a release, adding that…
Hy-Vee supermarkets report POS cyber incident
The Mid-Western supermarket chain Hy-Vee has issued a warning that the payment card system was breached at several of its locations and services. The 245-store chain said in an August 14 statement that there was an undefined security incident with the payment processing systems that handled transactions at some Hy-Vee fuel pumps, drive-thru coffee shops,…
Cyberattacks hit NCH Healthcare System and Grays Harbor Community Hospital
Two hospital systems began notifying patients and employees of cyber incidents, one ransomware and another a data breach, that took place in June. Grays Harbor Community Hospital (GHCH) and Harbor Medical Group, in Aberdeen, Wash., just began informing patients of a ransomware attack that took place on June 15. At that time hospital databases containing…
Cracked.to hacking forum user data breached and leaked by rivals
Hacking online forum Cracked.to last July suffered a data breach at the hands of one of its rival communities, resulting in the compromise of roughly 321,000 members, breach reference website site “Have I Been Pwned?” reported this week. The breach resulted in a public doxxing that exposed a database containing 749,161 email accounts, as well…
BioStar 2 database leaked one million fingerprints, facial recognition data
A breach in a database of biometric security smart lock platform Suprema BioStar 2 exposed more than one million fingerprint records as well as facial recognition information and other sensitive data. The web-based system is used by the likes of the U.K. Metropolitan Police to control access to physical facilities and manage users permissions. Researchers…
Report: SEC looking into First American Financial Corp.’s leaky website
First American Financial Corp. is reportedly the subject of a U.S. Securities and Exchange Commission investigation, following the discovery of a website defect that left 885 million documents exposed to the public. Earlier this year, the financial services company’s website was found to have allowed anyone with a web browser and a URL for a…
Desjardins breach cost $53 million in Q2
A breach that exposed personally identifiable information (PII) on 2.9 million Desjardins customers cost the Canadian credit union $53 million in Q2. To accommodate users whose information was breached when an employee insider used internal data without authorization, the lender accrued the cost of offering credit monitoring as well as identity theft insurance for five…
700,000 Choice Hotels customer records compromised
Cybercriminals took advantage of an open MongoDB database containing data from Choice Hotels and stole 700,000 customer records and then demanded a $3,800 ransom payment for their return. The unsecured third-party database was first uncovered by Comparitech and security researcher Bob Diachenko, but despite quick action on their part informing Choice of the problem, malicious…
State Farm hit with credential stuffing attack, data not compromised
The good hands at State Farm managed to let slip through a credential stuffing attack, but the company does not believe any information was leaked or viewed by the malicious actor. In a letter to the customers affected, State Farm said the attacker used login credentials most likely procured on the dark web and then…
‘Know thyself:’ To combat external ATP threats, first look inward
To most effectively combat sophisticated and stealthy cyberattacks by advanced nation-state actors, today’s modern-day security operations center must first truly understand their own businesses, according to Monzy Merza, vice president of security research at Splunk. “They have to understand where the risks are, where the threats are based on the environment that they’re living. So…
House Republicans ask Capitol One and Amazon for briefing on data breach
Republican members of the House of Representatives’ Committee on Oversight and Reform this week sent open letters to both Capital One and Amazon, requesting that both companies arrange a briefing with Congressional staff members regarding Capital One’s recently announced data breach. Last Monday, McLean, Va.-based Capital One Financial Corporation publicly acknowledged that an unauthorized individual…
Pearson data breach impacts thousands of university accounts
London-based educational software maker Pearson reported on Wednesday a data breach involving about 13,000 school and university AIMSweb 1.0 accounts. Exposed data included first and last names, dates of birth, and emails, Pearson said in a blog post. While the company didn’t give any details surrounding what caused the incident, it did say strict data…
Two Deer Valley Resort restaurants hit with POS data breach
The Mariposa and the Royal Street Café in Deer Valley, Colo., are informing customers that their payment card information may have been compromised after an unauthorized party hacked the point-of-sale system of a resort operator that runs both restaurants. The two Deer Valley Resort restaurants discovered on May 17 that an unauthorized person had gained…
Honda Motors Company databases leaked 40GB of employee data
Independent researcher xxdesmus discovered a Honda Motor Company database leaking the data of 134 million rows, roughly 40GB, of employee information. The researcher discovered the database July 4, 2019 and then began trying to contact Honda, which was accomplished early on July 6, 2019. By that evening the database had been secured, according to a…
Sephora reports data breach, but few details
High-end beauty product supply retailer Sephora is reporting a data breach affecting its customers in the South Pacific and Southeast Asia. The chain sent an email to its online customers on July 29 detailing the incident. At this time the company does not believe any credit card information was involved nor that any of the…
Capital One breach exposes not just data, but dangers of cloud misconfigurations
The massive Capital One data breach that compromised the personal information of 100 million credit card customers and applicants serves as a stark reminder that misconfigurations and malicious insiders can defeat the most well-intentioned cyber defenses, even when companies rely on a third-party cloud service to securely manage their data. In the case of Capital…
Personal info on 2,500 LAPD members, 17.5K applicants stolen
A hacker contacted the Los Angeles Information Technology Agency last week and claiming to have stolen personal information of 2,500 members of the LAPD and 17,500 applicants to the police force. “Out of an abundance of caution we’re applying extra layers of security around our personnel system and enhancing defenses,” L.A. General Manager Ted Ross…
Capital One hacker who stole personal info on 100M arrested
The FBI arrested a former software engineer from Seattle on charges of computer fraud and abuse after she accessed Capital One Financial Corp. data through a misconfigured web application firewall and stole Social Security numbers, names, birth dates, bank account numbers and other personal information on more than 100 million people. Paige A. Thompson, 33,…
