Data Breach news and analysis | SC Media

Data Breaches News and Analysis

FTC lodges new set of complaints against alleged cell phone spammers

Sprint customer data breached via Samsung website flaw

Threat actors gained unauthorized access to an undisclosed number of Sprint customer accounts via a compromised Samsung website.   “On June 22, Sprint was informed of unauthorized access to your Sprint account using your account credentials via the Samsung.com ‘add a line’ website,” the wireless provider said in a letter to impacted customers posted on Scribd. “The…

Data dump suggests that Evite data breach affected 100M accounts

A new addition to the data breach reference website “Have I Been Pwned?” seemingly reveals that more than 100 million accounts were compromised in this year’s data breach of the event-planning service Evite. “Have I Been Pwned?” founder Troy Hunt added a database of 100,985,047 affected accounts to his site on July 14, and in…

Premera Blue Cross to cough up $10 million to 30 states over data breach

Premera Blue Cross has consented to pay $10 million as compensation for a nearly year-long data breach that impacted more than 10.4 million health patients, the Washington state’s Attorney General Bob Ferguson announced yesterday. More than half of those funds, roughly $5.4 million, will be allocated to Washington, and will be applied toward the enforcement…

Marriott hit with $124 million fine for 2018 data breach

The U.K. Information Commissioners Office (ICO) intends to levy a £99,200,396, or $124 million, fine against Marriott International in response to the data breach suffered by that company’s Starwood reservation data base in November 2018. Marriott reported the ICO’s intention to impart the fine, but said in a statement the company will use its right…

Real estate group ALTA warns members of possible data breach

The American Land Title Association (ALTA) on July 3 informed its members, comprised of title insurance agents, abstracters and underwriters, their usernames and passwords may have been acquired by an unauthorized person. The 102-year-old ALTA, which claims 6,000 active members, posted a security alert stating it was contacted by a person claiming to be an…

Florida state worker steals resident’s PII

About 2,000 Florida residents were potentially victimized by an employee of that state’s Department of Children and Family Services (DFCS) who accessed and used their PII to fraudulently make $260,000 in purchases. Allegedly, state staffer Bertanicy Garcia, an interviewing clerk at the Miami DFCS, worked in conjunction with six accomplices to whom she distributed personal…

Data management firm exposed client info on open Amazon S3 buckets: researchers

Data from Netflix, TD Bank, Ford and other companies was left exposed for an unknown period of time on publicly configured cloud storage buckets operated by data integration and management company Attunity, according to the research team that discovered the error. A researcher from UpGuard’s Data Breach Research team found the three publicly accessible Amazon…

5M records exposed by misconfigured MedicareSupplement.com MongoDB

A MedicareSupplment.com MongoDB containing more than five million records was found open to the public containing a wide range of PII. The records were found by the security firm Comparitech and researcher Bob Diachenko on May 13 containing first and last name, full address, IP address, email address, date of birth, gender and marketing-related information.…

Sun Prairie, Wis. warns of data breach after intruder accesses employee email accounts

For nearly two months this year, an unauthorized party had illegitimate access to the email accounts of certain employees working for the city of Sun Prairie, Wisconsin. These accounts contained sensitive data such as Social Security numbers, account logins and passwords, drivers’ licenses, state identification numbers, bank and financial account numbers, medical information and payment…
Some of the biggest tech and internet corporations began releasing updated transparency reports.

Dominion National announces nearly decade long breach

Dominion National announced the discovery of a nearly decade long breach involving unauthorized access to its servers.  On April 24, the investigation of an internal alert revealed that the unauthorized party may have accessed some of the firm’s computer servers as early as August 25, 2010, according to a notice of data security incident posted…
Analyst says insider threat mainly down to lack of understanding

Insider exposes PII of 2.9 million Desjardins customers

The Canadian financial institution Desjardins was the victim of an insider threat resulting in the data of 2.9 million customers being exposed, including crucial personal and business information. The Montreal-based credit union was told by the Laval Police Department the information of 2.7 million individual customers, along with 173,000 business clients had been leaked. An…

Ransomware attack on software company ResiDex may have exposed data on assisted-living residents, workers

Personal information belonging to residents and employees of multiple assisted living facilities were potentially exposed in an April 2019 cyberattack that infected third-party software company Tenx Systems, LLC with ransomware. The Minneapolis-based company, which operates under the name ResiDex Software and provides software to assisted-living homes, group facilities and care-giving organizations for seniors and the…

Facebook’s xSocialMedia ad agency exposes 150K medical histories

Multiple databases belonging to the Facebook ad agency xSocialMedia have been found open exposing almost 150,000 records containing a wide variety of medical information derived from marketing campaigns run for medical malpractice lawsuits. The files were found by vpnMentor on June 2, and which have since been secured. The exposed information was gathered through Facebook…

EatStreet data breach affecting diners, restaurants and delivery firms

The online food ordering and delivery service EatStreet informed its customers and partners that it suffered a data breach exposing a variety of personal data including payment card information. According to the California State Attorney General’s office, EatStreet sent letters to its diners, delivery and restaurant partners. In each letter the company noted that it…

Data breach forces AMCA’s parent firm to file Chapter 11 bankruptcy

The medical bill collection firm Retrieval-Masters Creditors Bureau Inc. has filed for Chapter 11 bankruptcy protection citing the fallout from a massive data breach that exposed the information of millions of patients. Retrieval-Masters Creditors Bureau Inc., which collects debts from medical labs under the name American Medical Collection Agency (AMCA) filed in the Southern District…