Data Breaches news & analysis | SC Media

Data Breach

Vision Direct breach exposes customers’ personal, financial data

By

Personal and financial data entered by customers who ordered or updated information on the VisionDirect.co.uk website was compromised and stolen between November 3 to November 8, the London-based company warned in an updated online alert. The data compromised included “full name, billing address, email address, password, telephone number and payment card information, including card number,…

Amarillo City workers PII compromised

By

The employees of the city of Amarillo, Texas, had their personal information compromised when an outside contractor conducting an audit lost a USB drive containing their data. The contractor was conducting a required external audit of the city’s payroll when one of its workers lost an encrypted USB drive that contained the PII which included…

Report reveals struggles of SMBs navigating cyber threat landscape

By

A recent survey of just over 1,000 small- and medium-sized businesses found that 58 percent of respondents experienced a data breach in the previous 12 months, according to a new SMB cybersecurity research report from Keeper Security and the Ponemon Institute. An even larger number, 67 percent, said they experienced at least one form of cyberattack,…

22,000 Kars4Kids donor data records exposed

By

Thousands of donors who were able to look past the Kars4Kids ad jingle and went ahead had their information exposed when a misconfigured MongoDB made it publicly accessible. Bob Diachenko, HackenProof’s director of cyber risk research, found the 21,612 customer/donor and charity’s records containing emails and personal data open to the public. The corporate records…

InfoWars online store hit by Magecart

By

Dutch researcher Willem De Groot uncovered payment card malware operating embedded in the InfoWars online store. InfoWars, which is operated by the radio show host and conspiracy theorist Alex Jones, told ZDNet that about 1,600 of his customers were affected and those people are being informed their payment card data may have been compromised. De…

The many faces of Magecart: Report profiles groups behind card-skimming threat

By

Magecart, the e-commerce payment card-skimming threat that has recently victimized Ticketmaster, British Airways, Newegg and other notable companies, is primarily comprised of six major active cybercriminal groups, according to a new joint research report. All of these groups use a version the same skimmer toolset, but they rely on different strategies and in some cases have…

Nordstrom data breach exposes employee information

By

High-end retailer Nordstrom is in the process of notifying its employees their data may have been compromised in a breach. The Seattle Times reported worker names, Social Security numbers, dates of birth, checking account and routing numbers, salaries and additional information is included in the breach notification, which is being sent by email or being…

Companies, customers will avoid you after a breach, survey says

By

A recent study found customers would cease engaging with a brand after it experienced a breach and that overall, most respondents were unwilling to pay extra for the protection of their personal data. Ping Identity 2018 Consumer Survey: Attitudes and Behavior in a Post-Breach Era report found that following a breach, 78 percent of people…

Huntsville Hospital in Alabama notifies job applicants of data breach

By

Huntsville Hospital in Alabama is reporting the information of job applicants who applied to the facility may be at risk after a breach at a recruiting firm it uses. The hospital’s online application vendor Jobscience, a cloud computing firm that helps staffing and recruiting organizations, experienced a breach which could affect thousands across the country.…

Drone vulnerability could compromise enterprise data

By

Check Point Researchers developed an attack to hijack DJI drone user accounts that may contain the user’s sensitive information as well as access to the device itself. Researchers developed an XSS attack that could be posted on a DJI forum that is used by hundreds of thousands of DJI customers, to intercept the identifying token…

Next post in Data Breach