Data Breaches news & analysis | SC Media

Data Breach

Huddle House hit with point-of-sale data breach

By

The Huddle House restaurant chain reported it has closed a point-of-sale data breach that existed one of its third-party vendors from August 2017 until now. The malware resided on a third-party system and exposed payment card information at some of the chain’s corporate and franchised locations. The company became aware of the situation when it…

We must protect this Houzz: Home improvement website discloses breach

By

Home improvement and design website Houzz has publicly disclosed a data breach after discovering late last year that an unauthorized third party had obtained a file containing user data. An FAQ page published on Houzz.com today says that the compromised information falls under three categories: Profile information such as names, addresses, countries and descriptions, but…

Airbus personal data of employees, contacts accessed in cyber incident

The French aircraft manufacturer Airbus reported it detected a cyber incident on its commercial aircraft business information systems, which resulted in unauthorized access to personal data. The company said in a statement there is no impact on Airbus’ commercial operations. “This incident is being thoroughly investigated by Airbus’ experts who have taken immediate and appropriate…

Video platform Dailymotion takes steps to contain credential stuffing attack

By

Attackers have launched an ongoing credential stuffing campaign against the online video streaming service Dailymotion, compromising the data of an unspecified number of users in the process. A property of French media and entertainment company Vivendi SA, Paris-based Dailymotion said in a Jan. 25 press alert that its technical teams “successfully contained” the attack “following…

Discover Financial Services notifies customers of data breach incident

By

Discover Financial Services has filed a data breach incident notification with the California attorney general’s office that some of its cardholders maybe have had their account information compromised. Discover supplied few details in its Jan. 25 filing and cannot even tell its customers exactly what information may have been exposed, but it did specifically state…

Hundreds of Delaware residents among the victims of BenefitMall breach

By

Delaware’s Department of Insurance announced yesterday that 650 residents and five companies located within the state were impacted by a 2018 data breach of BenefitMall, a third-party HR services administrator for health insurance companies. It was originally back on Jan. 4, 2019, that BenefitMall, aka Centerstone Insurance and Financial Services, publicly disclosed a “data security…

Amazon Logo

Double exposure: 24 million loan records also exposed on open Amazon S3 bucket

By

The original mortgage and credit documents involved in the 24 million Elasticsearch data breach that was revealed earlier this week also have been found residing in an open Amazon S3 bucket by the cyber researcher behind the original discovery. Bob Diachenko told TechCrunch, which worked with him on the original investigation, that more digging was…

U.K. home supply giant leaves offender database open

By

U.K. home supply chain B&Q exposed the information of 70,000 people allegedly involved in some type of criminal activity in one of the chain’s stores. The Elasticsearch database was uncovered by Cntrlbox Information Security’s open data monitoring system which spotted thousands of lines of information related to the chain. The information included the first and…

Data of 100,000+ Alaskan households that applied for public assistance breached

More than 100,000 households that had applied for public assistance services from the Alaskan State Department of Health and Social Services (DHSS) had their data breached last spring, the applicants just learned. The impact of a Zeus/Zbot Trojan virus attack discovered in late April was initially thought to affect only about 500 Alaskans, but further investigation…

24 million credit and mortgage records exposed on Elasticsearch database

By

An open Elasticsearch database has again been found this time exposing 24.3 million mortgage and credit reports. Independent cybersecurity researcher Bob Diachenko said he found the 51GB of optical character recognition recorded pieces data earlier this month using public search engines like Shodan and Censys. The records contained very sensitive PII including Social Security numbers,…

Next post in Data Breach