Data Breaches news & analysis | SC Media

Data Breach

Security in 2015: Biometrics

BioStar 2 database leaked one million fingerprints, facial recognition data

A breach in a database of biometric security smart lock platform Suprema BioStar 2 exposed more than one million fingerprint records as well as facial recognition information and other sensitive data. The web-based system is used by the likes of the U.K. Metropolitan Police to control access to physical facilities and manage users permissions. Researchers…

leakingData social

Report: SEC looking into First American Financial Corp.’s leaky website

First American Financial Corp. is reportedly the subject of a U.S. Securities and Exchange Commission investigation, following the discovery of a website defect that left 885 million documents exposed to the public. Earlier this year, the financial services company’s website was found to have allowed anyone with a web browser and a URL for a…

Desjardins breach cost $53 million in Q2

A breach that exposed personally identifiable information (PII) on 2.9 million Desjardins customers cost the Canadian credit union $53 million in Q2. To accommodate users whose information was breached when an employee insider used internal data without authorization, the lender accrued the cost of offering credit monitoring as well as identity theft insurance for five…

700,000 Choice Hotels customer records compromised

Cybercriminals took advantage of an open MongoDB database containing data from Choice Hotels and stole 700,000 customer records and then demanded a $3,800 ransom payment for their return. The unsecured third-party database was first uncovered by Comparitech and security researcher Bob Diachenko, but despite quick action on their part informing Choice of the problem, malicious…

‘Know thyself:’ To combat external ATP threats, first look inward

To most effectively combat sophisticated and stealthy cyberattacks by advanced nation-state actors, today’s modern-day security operations center must first truly understand their own businesses, according to Monzy Merza, vice president of security research at Splunk. “They have to understand where the risks are, where the threats are based on the environment that they’re living. So…

"Aaron's Law," to amend the CFAA, introduced in Congress

House Republicans ask Capitol One and Amazon for briefing on data breach

Republican members of the House of Representatives’ Committee on Oversight and Reform this week sent open letters to both Capital One and Amazon, requesting that both companies arrange a briefing with Congressional staff members regarding Capital One’s recently announced data breach. Last Monday, McLean, Va.-based Capital One Financial Corporation publicly acknowledged that an unauthorized individual…

Pearson data breach impacts thousands of university accounts

London-based educational software maker Pearson reported on Wednesday a data breach involving about 13,000 school and university AIMSweb 1.0 accounts. Exposed data included first and last names, dates of birth, and emails, Pearson said in a blog post. While the company didn’t give any details surrounding what caused the incident, it did say strict data…

HondaWannacry

Honda Motors Company databases leaked 40GB of employee data

Independent researcher xxdesmus discovered a Honda Motor Company database leaking the data of 134 million rows, roughly 40GB,  of employee information.  The researcher discovered the database July 4, 2019 and then began trying to contact Honda, which was accomplished early on July 6, 2019. By that evening the database had been secured, according to a…

Sephora reports data breach, but few details

High-end beauty product supply retailer Sephora is reporting a data breach affecting its customers in the South Pacific and Southeast Asia. The chain sent an email to its online customers on July 29 detailing the incident. At this time the company does not believe any credit card information was involved nor that any of the…

Capital One breach exposes not just data, but dangers of cloud misconfigurations

The massive Capital One data breach that compromised the personal information of 100 million credit card customers and applicants serves as a stark reminder that misconfigurations and malicious insiders can defeat the most well-intentioned cyber defenses, even when companies rely on a third-party cloud service to securely manage their data. In the case of Capital…

Next post in Security News