Data Breaches news & analysis | SC Media Data Breach

Data Breach

1.6 billion LightInTheBox customer records left exposed

An unsecured database operated by the online retailer LightInTheBox left 1.3TB of data containing 1.6 billion shopper records exposed for a three-month period this year. In what the breach discovers VPNMentor described as a major lapse in LighInTheBox’s data security and potentially devastating to the victims exposing them to not only a cyberattack but potentially…

Real-time phishing alerts and stolen password warnings added to Chrome

Google yesterday announced that its latest Chrome release adds real-time phishing alerts and password breach warning capabilities to the browser. The real-time anti-phishing capabilities represents an upgrade to Google’s Safe Browsing service, which compiles an ever-changing blacklist of dangerous websites that browsers can check against. Typically, when a Chrome user visits a website, the browser…

Unsecured storage bucket exposes applications for birth certificate copies

A leaky Amazon Web Services storage bucket has exposed more than 752,000 applications requesting copies of birth certificates. A report yesterday by TechCrunch said the unsecured data set dates back to late 2017, but was just recently discovered by U.K.-based penetration testing company Fidus Information Security. The data is managed by a company that helps…

leaking faucet

3,000 affected by Fort Worth water utility data breach

The Fort Worth, Texas Water Department is notifying about 3,000 customers that their payment information may have been exposed during a data breach. The utility reported that payments made between August 27, 2019 and October 23, 2019 were included in the breach and the content exposed included cardholder’s name, credit card billing address, credit card…

talkingonaphone

Sprint contractor reportedly stored non-Sprint customers’ phone bills on open server

Hundreds of thousands of cell phone bills and other documents belonging to AT&T, Verizon and T-Mobile customers were reportedly exposed after a Sprint contractor left them sitting on an open public server. The documents had been collected and stored in the first place as part a marketing effort to persuade subscribers of rival carrier services…

Data breach more than 4X worse than first thought for Montgomery County schools

What at first looked like a single data breach affecting Montgomery County Public Schools (MCPS) in Maryland turned out to be a series of breaches that impacted thousands of more students than was originally reported. On Oct. 4, 2019, MCPS disclosed that a district student had one day earlier allegedly executed a brute-force credentials-stealing attack…

Church’s hit by cyber chicken thieves

Church’s Chicken suffered a cyberattack that penetrated the payment processing system at some of the chain’s corporate locations compromising payment card information. The company operates 941 locations across the United States, but in a statement noted only 165 of those, all owned and operated by the corporation, were impacted. Payment card numbers, names and expiration…

Data breach reportedly affects over 20M users of Mixcloud streaming service

An unauthorized party illegally accessed systems belonging to British online audio streaming service Mixcloud and is now reportedly selling the company’s user data on the dark web. Roughly 20 million to 22 million accounts were compromised in the November incident, according to multiple media organizations that were contacted by the malicious hacker late last week.…

Next post in Data Breach