Amtrak has alerted an unknown number of Guest Rewards customers it suffered a data breach at the hands of an unknown third party that gained unauthorized access to certain accounts. A notification letter signed by Vicky Radke, Amtrak’s senior director of Guest Rewards, and posted by the offices of the California and Vermont attorneys-general, informs impacted individuals that compromised…
More details have emerged about hacker group “Shiny Hunters’” prey this past month of more than 11 website victims, including Minted, a marketplace of independent illustrators and designers offering consumers items such as custom greeting cards. BleepingCompany reported that the Shiny Hunters is flooding the dark web with a combined total of 73.1 million user…
Bank of America has disclosed that it briefly exposed certain business clients’ Paycheck Protection Program (PPP) applications to outside parties after uploading the documents onto a test platform. The incident bears similarities to the recent news of at least states mistakenly exposing application information related to the Pandemic Unemployment Assistance (PUA) program. Both the PPP…
Six years after blogging platform LiveJournal was hacked, the credentials of some 26 million users are being sold and traded on multiple hacker forums and the dark market. Complicating the breach’s fallout, the database’s old and/or unique passwords have allowed bad actors to launch targeted sextortion email campaigns. Another blogging platform, Dreamwidth, says it’s withstood…
The exposure of the PII of more than 3,500 California residents in the database of international multi-level marketing firm Arbonne following a breach on April 23 offers a glimpse into whether the state will enforce its new privacy statute that went into effect in January. Almost half of a four-page information sheet from Arbonne describing…
While the Mathway breach in which 25 million email addresses and salted passwords were reportedly stolen didn’t hit the news until late last week, a recent statement by the company says that after receiving a tip, Mathway retained a leading data security firm to investigate and by May 15 confirmed that the company had been…
A malicious cyber actor or hacking collective has reportedly been sweeping the internet for online stores’ unsecured SQL databases, copying their contents, and threatening to publish the information if the rightful owners don’t pay up. The perpetrator has stolen the copied versions of at least 31 SQL databases, which have been put up for sale…
The recent breach of Home Chef, confirmed this week, after malicious actor Shiny Hunters sold eight million of its records on the dark web underscores the looming security challenge of managing employees who access business data from outside the confines of the secure network. “With increased BYOD and remote work, acceptable usage policy enforcement is…
Phishing attacks and stolen credentials have become attackers’ most popular avenues of network compromise, and employee errors are helping pave the way according to Verizon’s newly released 2020 Data Breach Investigations Report (DBIR). Verizon researchers analyzed 157,525 known “incidents” (defined as a security event that results in the compromise of an information asset) and 3,950…
An attack against British airline easyJet by “a highly sophisticated source” accessed the email addresses and travel details of approximately nine million customers, including credit card details of 2,208 customers. The company did not reveal when it learned of the attack or what a forensic investigation revealed, nor did it specify the breach date. Although the…
