Theater company The Shubert Organization has reportedly disclosed a data breach that compromised the personal information of its theater customers. A May 16 notification letter sent to impacted individuals says that an authorized party had accessed certain Shubert employees’ email accounts, which contained customer information including names and credit card numbers and expiration dates. The…
The digital solutions firm HCL left accessible information belonging to some of its employees and customers. The breach was first noticed by UpGuard when it came across personal information and plaintext passwords for new hires, reports on installations of customer infrastructure, and web applications for managing personnel. Using a keyword search technique that trolls for…
Credit ratings agency Moody’s this week revised its rating outlook for Equifax, downgrading it from stable to negative as a result of financial losses stemming from a 2017 data breach. The move marks the very first time Moody’s has taken any kind of rating action as the result of financial fallout from a cyberattack. A…
In less than a month’s time, the “Unistellar” hacking group has reportedly accessed over 12,000 unsecured MongoDB databases and stolen their contents, apparently holding them for ransom. Security researcher Sanyam Jain initially discovered the wiped databases late last month using the BinaryEdge scanning service, according to a BleepingComputer report last Friday. The 12,564 sabotaged databases…
An unauthorized party accessed Stack Overflow’s production systems earlier this month and executed privileged web requests that exposed information on roughly 250 public network users, the Q&A website for programmers announced last Friday. Stack Overflow Vice President of Engineering Mary Ferguson said in a May 17 blog post that the intruder exploited a bug in…
Hackers accessed President Trump’s U.S. Golf Association account and added four fake golf scores for games allegedly played at two courses. After being alerted to media reports, “as we dug into the data it appears someone has erroneously posted a number of scores on behalf of the GHIN user,” Golfweek cited Craig Annis, the managing…
The recent mistaken exposure of the information of 8 million people due to an open Elasticsearch database exposed the danger not only of cloud storage security, but the importance of individuals keeping their personal information close to the vest. Security researcher Sanyam Jain came across a database belonging to Ifficient, a company that gathered leads…
New Jersey last week officially passed Bill S-52, which amends its previous data breach notification law. Governor Phil Murphy signed the bipartisan legislation into law on May 10, after the bill sailed through the state’s General Assembly and Senate last February. The new law expands the definition of what constitutes personal information that, if exposed in…
Boost Mobile was hit with a breach which affected an unknown number of customer accounts. “Boost.com experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code,” the company said in a notification. “The Boost Mobile fraud team discovered the incident and was able…
Hackers stole data, including partial credit card numbers, on 460,000 Uniqlo Japan online customers in an incident that took place between April 23 and May 10. “We deeply apologize to our customers and pledge to prevent this from happening again,” according to a statement from Fast Retailing Co., the parent of Uniqlo and GU Japan, which…
