Data Breaches news & analysis | SC Media

Data Breach

Bed Bath & Beyond declares data incident

Home goods retailer Bed Bath & Beyond yesterday disclosed in a Securities & Exchange Commission 8-K filing that an unauthorized third party illegally accessed one percent of its online customers’ accounts. The online intruder acquired the account emails and passwords from a “source outside the company’s systems,” the Union Township, N.J. retailer reported. Based on…

UniCredit data breach impacts 3 million Italians

Italian global banking and financial services company UniCredit S.p.A. yesterday disclosed a data breach incident involving a file containing roughly 3 million records. The file was generated in 2015, which suggests that customers who created accounts in 2016 and beyond are likely safe. Affected information consisted of customers’ names, cities, telephone numbers and emails. UniCredit…

Adobe leaves Creative Cloud database open, 7.5 million users exposed

An unsecured Elasticsearch database left exposed the account information of about 7.5 million Adobe Creative Cloud users. Comparitech, in association with security researcher Bob Diachenko, found the Adobe database, which could be accessed without a password or any login credentials. The company was notified on October 19 and the database was locked down that day.…

Phishing scam behind Kalispell Regional Healthcare data breach

Kalispell Regional Healthcare (KRH) just reported a cyberattack that took place in late August and exposed patients’ health information. The Kalispell, Mont. facility had several employees fall for a phishing email scam, resulting in the attackers gaining the login credentials to KRH’s system, the hospital said in a statement. “This summer we discovered that several…

NordVPN confirms 2018 breach

VPN provider NordVPN revealed yesterday that a third-party server located in Finland it had been leasing was accessed in March 2018. The company said the intruder was able to acquire an expired TLS key from the server, but otherwise no other data was endangered. The access was accomplished through an insecure remote management system account…

Court doc: Equifax allegedly used insecure password ‘admin’ to protect portal

Failing to patch a critical vulnerability in its Apache Struts software was not the only major security oversight committed by Equifax in the lead-up to a highly damaging data breach in 2017, according to a document filed as part of a securities fraud class-action lawsuit filed earlier this year. An order and opinion filed last…

2.8 million CenturyLink customer records exposed by unprotected database

A third-party MongoDB database containing 2.8 million CenturyLink customer records and information was left unprotected exposing the data of several hundred thousand of the tech company’s customers. The database was found by the security firm Comparitech working with security researcher Bob Diachenko. The initial finding took place on September 15, but it is believed the…

Hacker behind Montgomery County school data breach identified

A Montgomery County, Md., high school student earlier this month hacked into the Naviance college prep system and downloaded and shared the PII from about 1,400 fellow students. The initial investigation using information provided by Naviance led the school district to initially suspect two students. On October 7 the Montgomery County Police Department was brought…

Baltimore belatedly buys cyberinsurance

In what could be the poster child case for closing the barn door after the horse has left, the Baltimore City Council has approved the purchase of cyber insurance, six months after the municipality suffered a damaging ransomware attack. The Baltimore Sun reported the city conducted a bidding process and selected two plans. “The first…

Next post in Data Breach