Data Breaches news & analysis | SC Media

Data Breach

Report: Hacking group wipes content from over 12,000 open MongoDB databases

In less than a month’s time, the “Unistellar” hacking group has reportedly accessed over 12,000 unsecured MongoDB databases and stolen their contents, apparently holding them for ransom. Security researcher Sanyam Jain initially discovered the wiped databases late last month using the BinaryEdge scanning service, according to a BleepingComputer report last Friday. The 12,564 sabotaged databases…

Breach of Stack Overflow’s production systems exposes data on roughly 250 users

An unauthorized party accessed Stack Overflow’s production systems earlier this month and executed privileged web requests that exposed information on roughly 250 public network users, the Q&A website for programmers announced last Friday. Stack Overflow Vice President of Engineering Mary Ferguson said in a May 17 blog post that the intruder exploited a bug in…

Donald Trump

Hackers add bogus scores to Trump’s U.S. Golf Association account

Hackers accessed President Trump’s U.S. Golf Association account and added four fake golf scores for games allegedly played at two courses. After being alerted to media reports, “as we dug into the data it appears someone has erroneously posted a number of scores on behalf of the GHIN user,” Golfweek cited Craig Annis, the managing…

New Jersey amends data breach law, expanding definition of personal info

New Jersey last week officially passed Bill S-52, which amends its previous data breach notification law. Governor Phil Murphy signed the bipartisan legislation into law on May 10, after the bill sailed through the state’s General Assembly and Senate last February. The new law expands the definition of what constitutes personal information that, if exposed in…

Boost Mobile breached

Boost Mobile was hit with a breach which affected an unknown number of customer accounts. “Boost.com experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code,” the company said in a notification. “The Boost Mobile fraud team discovered the incident and was able…

Hackers access, steal info from 460K Uniqlo Japan online accounts

Hackers stole data, including partial credit card numbers, on 460,000 Uniqlo Japan online customers in an incident that took place between April 23 and May 10. “We deeply apologize to our customers and pledge to prevent this from happening again,” according to a statement from Fast Retailing Co., the parent of Uniqlo and GU Japan, which…

Anti-virus vendors named in Fxmsp’s alleged source code breach respond

McAfee, Symantec and Trend Micro are reportedly the anti-virus companies whose source code the cybercriminal group Fxmsp claims to have stolen. Comments issued by the vendors minimized the threat, although Trend Micro did confirm that a breach had occurred. Last week cybersecurity firm Advanced Intelligence (AdvIntel) reported in a company blog post that Fxmsp was…

Equifax data breach recovery costs pass $1 billion

In Equifax’s latest Security and Exchange Commission filing the company is estimating it has spent about $1.4 billion recovering from its 2017 data breach that exposed the PII of 148 million customers, according to a published report. This includes a $690 million charge made during the first quarter of 2019 related to outstanding litigation and…

antivirus

Report: Hackers claim compromise of four AV firms, offer source code for sale

A high-profile hacking collective claims it compromised the networks of four premiere U.S. anti-virus vendors, and is offering to sell their stolen source code for $300,000, according to researchers. The cybercriminal group, called Fxmsp, is known for breaching corporate and government networks, then selling their digital assets via a network of proxy resellers, according to…

Next post in Data Breach