2017, Accountability, Data breaches and Information Security

Fashion retailer Forever 21 data breach impacted +500,000 individuals

Security Affairs

AUGUST 31, 2023

Fashion retailer Forever 21 disclosed a data breach that exposed the personal information of more than 500,000 individuals. We have no evidence to suggest your information has been misused for purposes of fraud or identity theft as a result of this incident – and no reason to believe that it will be.”

Retail

Retail Data breaches Identity Theft Banking

Nissan Oceania data breach impacted roughly 100,000 people

Security Affairs

MARCH 14, 2024

Stolen data included corporate files and personal information Nissan refused to pay the ransom and the cybercrime group published the alleged stolen files. The company added that the data breach impacted some Nissan customers, dealers, and current and former employees.

Data breaches

Data breaches Identity Theft Financial Services Cybercrime

Telstra Telecom discloses data breach impacting former and current employees

Security Affairs

OCTOBER 5, 2022

Bad news for the Australian telecommunications industry, the largest company in the country Telstra suffered a data breach. Australia’s largest telecommunications company Telstra disclosed a data breach through a third-party supplier. It seems that the security breach also impacted other companies.

Data breaches

Data breaches Telecommunications Accountability Information Security

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

IBM Cost of a Data Breach study: average Cost of Data Breach exceeds $4.2M

Security Affairs

JULY 28, 2021

The ‘Cost of a Data Breach’ report commissioned by IBM Security states that the cost of a data breach exceeded $4.2 The study highlights the significant impact of the ongoing pandemic on the cost of data breaches and the effort to contain them. since the 2017). million to $4.24

Data breaches

Data breaches Healthcare Ransomware Hacking

Hyundai suffered a data breach that impacted customers in France and Italy

Security Affairs

APRIL 12, 2023

Hyundai disclosed a data breach that impacted Italian and French car owners and clients who booked a test drive. Hyundai has suffered a data breach that impacted Italian and French car owners and customers who booked a test drive. According to the letter, financial data were not exposed.

Data breaches

Data breaches Media Manufacturing Education

Data from Sephora and StreetEasy data breaches added to HIBP

Security Affairs

OCTOBER 7, 2019

The popular data breach notification service Have I Been Pwned? HIBP) has added the stolen data from the StreetEasy and Sephora data incidents. Users can check if their data have been exposed in the StreetEasy and Sephora data breaches. SecurityAffairs – StreetEasy, data breach).

Data breaches

Data breaches Passwords Advertising Cybercrime

Mitsubishi Electric discloses data breach, media blame China-linked APT

Security Affairs

JANUARY 20, 2020

. “On June 28, last year, a suspicious behavior was detected and investigated on a terminal in our company, and as a result of unauthorized access by a third party, data was transmitted to the outside,” reads a data breach notification published by the company. SecurityAffairs – data breach, hacking).

Data breaches

Data breaches Media Computers and Electronics Cyber Attacks

Hackers behind Uber and Lynda hacks plead guilty in data breaches

Security Affairs

OCTOBER 31, 2019

The defendants have also attempted to extort money from the companies requesting them to pay ‘bug bounties’ to avoid publicly disclose the data breaches. In 2017 the FTC charged the company for deceiving customers with its privacy and data security practices. In 2016, the company warned its 9.5

Data breaches

Data breaches Hacking Advertising Accountability

Uber hacked, internal systems and confidential documents were allegedly compromised

Security Affairs

SEPTEMBER 16, 2022

According to the New York Times , the threat actors hacked an employee’s Slack account and used it to inform internal personnel that the company had “suffered a data breach” and provided a list of allegedly hacked internal databases. “I I announce I am a hacker and Uber has suffered a data breach.”

Hacking

Hacking Data breaches Engineering Information Security

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

NOVEMBER 22, 2019

I've become more familiar with this sector over recent years due to the frequency with which it's been suffering data breaches that have ultimately landed in my inbox. i speak at conferences around the world and run workshops on how to build more secure software within organisations. Well, almost nothing.

Data breaches

Data breaches Technology Software Accountability

Capital One data breach: hacker accessed details of 106M customers before its arrest

Security Affairs

JULY 30, 2019

– card issuer and financial corporation suffered a data breach that exposed personal information from more than 100 million credit applications. Thompson (33) is suspected to be responsible for the data breach. SecurityAffairs – Capital One, Data breach). Capital One, one of the largest U.S.

Data breaches

Data breaches Computers and Electronics Small Business Banking

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

com , a service that sold access to billions of passwords and other data exposed in countless data breaches. LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts. An administrator account Xerx3s on Abusewithus.

Hacking

Hacking Accountability Data breaches Marketing

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Accountability

Accountability Hacking Financial Services Cybersecurity

UniCredit bank discloses a data breach that impacted 3 million of Italian clients

Security Affairs

OCTOBER 28, 2019

Italian bank UniCredit announced today that around three million of its customers in Italy have been affected by a data breach in 2015. The Italian bank UniCredit announced today that around three million of its Italian clients have been affected by a data breach that took place in 2015, . ” reported the Reuters.

Data breaches

Data breaches Banking Advertising Accountability

T-Mobile customers were hit with SIM swapping attacks

Security Affairs

FEBRUARY 27, 2021

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks.

Mobile

Mobile Telecommunications Data breaches Identity Theft

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Security Affairs

FEBRUARY 2, 2024

“SCHULTE’s theft is the largest data breach in the history of the CIA, and his transmission of that stolen information to WikiLeaks is one of the largest unauthorized disclosures of classified information in the history of the U.S.” ” reads the press release published by DoJ.

Computers and Electronics

Computers and Electronics Engineering Hacking Data breaches

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

Security experts from Cyble reported that a threat actor is attempting to sell twenty-nine databases on a hacker forum since May 7. Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020. million January 2017 CafeMom.com 2.6 million N/A EatStreet.com 6.4

Data breaches

Data breaches Advertising Passwords Hacking

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

Accessing an online account, users could make several actions, such as manage insurance claims and pay bills. Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing attacks and data breaches. In response to the attacks, State Farm reset the passwords for impacted accounts.

Insurance

Insurance Data breaches Financial Services Passwords

US OCC imposed an $80 Million fine to Capital One for 2019 hack

Security Affairs

AUGUST 9, 2020

US Office of the Comptroller of the Currency (OCC) regulator has fined the credit card provider Capital One Financial Corp with $80 million over 2019 data breach. The US Office of the Comptroller of the Currency (OCC) has imposed an $80 million fine to the credit card provider Capital One Financial Corp over 2019 data breach.

Hacking

Hacking Banking Data breaches Advertising

Capital One discovered more customers’ SSNs exposed in 2019 hack

Security Affairs

APRIL 3, 2021

More clients of Capital One have been impacted in the 2019 data breach, the US bank is notifying them of their SSNs exposure. US bank Capital One notified a number of additional customers that their Social Security numbers were exposed in the data breach that took place in July 2019. District Court in Seattle.

Hacking

Hacking Data breaches Banking Small Business

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Who is Phillip Durachinsky?

Malware

Malware Passwords Identity Theft Data collection

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means.

Cybercrime

Cybercrime Education Accountability Phishing

PoC exploit code for two Apache Struts 2 flaws available online

Security Affairs

AUGUST 15, 2020

In 2017, the credit reporting agency Equifax suffered a massive data breach, attackers exploited the CVE-2017-5638 Apache Struts vulnerability. . Apache Struts 2 is an open-source, extensible framework for creating enterprise-ready Java web applications.

Advertising

Advertising Data breaches Hacking Accountability

The Essential Guide to Radio Frequency Penetration Testing

Pen Test

OCTOBER 12, 2023

It endeavors to elucidate the underlying methodology, a comprehensive array of tools employed, and the typical vulnerabilities that security experts strategically target (Anderson & White, 2017). It encompasses a range of electromagnetic radio waves utilized for wireless information transmission. IEEE Access, 6, 12725-12738.

Penetration Testing

Penetration Testing Wireless IoT Technology

How do Companies Process Sensitive Data and Why is That Important?

CyberSecurity Insiders

APRIL 17, 2022

Keeping information secure from any theft activities in the digital world is necessary. But unfortunately, with everything going online, the digital world seems to be just as dangerous as the real world, especially when storing your personal information. . Case study: The prosecution of AA Ireland Limited .

Data breaches

Data breaches Insurance Marketing Data privacy

Remember GDPR? Expect another set of cyber regulations around vulnerabilities

SC Magazine

APRIL 14, 2021

Every organization should have a responsible and accountable program for reducing risk through vulnerability management. There’s no way to eliminate security vulnerabilities completely, so it’s our shared responsibility as a global information security industry to implement approaches to hunt and fix them swiftly.

Government

Government Risk Information Security InfoSec

Defiant Tech firm who operated LeakedSource pleads guilty

Security Affairs

MAY 20, 2019

The LeakedSource website was launched in late 2015, in January 2017 the popular data breach notification website has been raided by feds. It reported some of the largest data breaches, including the ones that affected Last.fm , Rambler.ru , FriendFinder Networks , LinkedIn , and MySpace.

Cybercrime

Cybercrime Data breaches Advertising Passwords

BlueBleed: Microsoft confirmed data leak exposing customers’ info

Security Affairs

OCTOBER 20, 2022

. “Upon being notified of the misconfiguration, the endpoint was quickly secured and is now only accessible with required authentication. Our investigation found no indication customer accounts or systems were compromised. The exposed data are dated from 2017 to August 2022. ” continues SOCRadar.

Authentication

Authentication Internet Internet Hacking

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

. “TAG observed a North Korean government-backed attacker group that previously targeted security researchers posing as recruiters at Samsung and sending fake job opportunities to employees at multiple South Korean information security companies that sell anti-malware solutions.”

Malware

Malware Phishing Antivirus Hacking

NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

Security Affairs

JUNE 23, 2019

The gateway was used to allow external users and its partners, including foreign space agencies, contractors, and educational institutions, to remotely access to a shared environment for specific missions and data. ” the NASA OIG said. In December the U.S. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Data breaches Advertising Firewall

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

“On June 28, last year, a suspicious behavior was detected and investigated on a terminal in our company, and as a result of unauthorized access by a third party, data was transmitted to the outside,” reads a data breach notification published by the company. An attempted attack requires user authentication.”

Antivirus

Antivirus Hacking Advertising Media

Data belonging to Instagram influencers and celebrities exposed online

Security Affairs

MAY 20, 2019

A new data leak made the headlines, a database containing the contact information of millions of Instagram influencers , celebrities and brand accounts has been found online. “A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online.”

Accountability

Accountability Advertising Media Authentication

As market for cyber insurance booms, watchdog calls for better data

SC Magazine

MAY 24, 2021

In a report released May 20, the Government Accountability Office looked at how the private cybersecurity insurance market has developed over the past five yearsRich Baich is global chief information security officer for insurance giant AIG. Photo by Spencer Platt/Getty Images).

Cyber Insurance

Cyber Insurance Insurance Marketing Cyber Risk

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

UK ICO fines British Airways £183 Million under GDPR over 2018 security breach

Security Affairs

JULY 8, 2019

of the British Airways turnover for its 2017 financial year, however, it is less than the possible maximum fine of 4% under the EU GDPR. In September 2018, personal and payment card information of British Airways customers were stolen by attackers, stolen data did not include travel or passport details. Pierluigi Paganini.

Data breaches

Data breaches Advertising Hacking Mobile

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Security Affairs

AUGUST 7, 2018

Security experts from Group-IB, an international company specializing in preventing cyberattacks and developing information security solutions, has investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. Within a year, the number of data leaks soared by 369%.

Cryptocurrency

Cryptocurrency Passwords Authentication Accountability

Vice Society ransomware also exploits PrintNightmare flaws in its attack

Security Affairs

AUGUST 13, 2021

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” reads the security advisory published by Microsoft. This week, CrowdStrike revealed to have recently observed a malicious activity associated with Magniber ransomware , a threat that has been active since 2017.

Ransomware

Ransomware Backups Education Malware

Supplier Management: The Good, the Bad, and the Solutions

SecureWorld News

NOVEMBER 15, 2020

But the cloud's "as-a-Service" model does not provide service levels with penalties; rather, services are "best effort" with at most an outage penalty that is far less than the business value of the service disruption or breach. This emphasis on compliance and breaches in Supplier Management is purposeful. 23 NYCRR 500 § 500.11 (p7).

Data breaches

Data breaches Financial Services Software Risk

Doxing in the corporate sector

SecureList

MARCH 29, 2021

The Internet can provide doxers with all kinds of helpful information, such as the names and positions of employees, including those who occupy key positions in the company. Such key positions include the CEO, HR department director, and chief accountant. Attacks using publicly accessible data: BEC.

Identity Theft

Identity Theft Phishing Accountability Banking

Hackers stole card details from BriansClub carding site

Security Affairs

OCTOBER 20, 2019

Hackers have breached BriansClub ( BriansClub [. ] at ), one of the biggest black market sites, that specializes in the sale of stolen credit card data. According to the security experts Brian Krebs, who first reported the data breach, the hackers stole data of more than 26 million payment cards.

Retail

Retail Marketing Hacking Data breaches

Imperva data Breach: WAF customers’ data exposed

Security Affairs

AUGUST 27, 2019

Security firm Imperva revealed it has suffered a data breach that affecting some customers of its Cloud Web Application Firewall (WAF) product. Elements of our Incapsula customer database through September 15, 2017 were exposed. “We have informed the appropriate global regulatory agencies. .

Data breaches

Data breaches Firewall Passwords Advertising

Checkers double drive-thru restaurants chain discloses card breach

Security Affairs

MAY 30, 2019

.” The company provided a list of the affected locations and the estimated windows of exposure during which the PoS malware was used to steal the guests’ card data. The company reported the card breach to the authorities and hired third-party security experts to contain and remove the malware.

Malware

Malware Advertising Accountability Cybersecurity

COMB breach: 3.2B email and password pairs leaked online

Security Affairs

FEBRUARY 7, 2021

The database includes a script named count_total.sh, which was also included in 2017’s Breach Compilation. script for sorting the data. Experts at CyberNews added the new COMB emails to their Personal Data Leak Checker. This does not appear to be a new breach, but rather the largest compilation of multiple breaches.

Passwords

Passwords Hacking Accountability Banking

Imperva explains how hackers stole AWS API Key and accessed to customer data

Security Affairs

OCTOBER 14, 2019

Imperva shared details on the incident it has recently suffered and how hackers obtain data on Cloud Web Application Firewall (WAF) customers. In August, cybersecurity firm Imperva disclosed a data breach that exposed sensitive information for some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.

Firewall

Firewall Passwords Accountability Data breaches

Fashion retailer Forever 21 data breach impacted +500,000 individuals

Nissan Oceania data breach impacted roughly 100,000 people

Webinars

Trending Sources

Telstra Telecom discloses data breach impacting former and current employees

Webinars

IBM Cost of a Data Breach study: average Cost of Data Breach exceeds $4.2M

Hyundai suffered a data breach that impacted customers in France and Italy

Data from Sephora and StreetEasy data breaches added to HIBP

Mitsubishi Electric discloses data breach, media blame China-linked APT

Hackers behind Uber and Lynda hacks plead guilty in data breaches

Uber hacked, internal systems and confidential documents were allegedly compromised

Data Enrichment, People Data Labs and Another 622M Email Addresses

Capital One data breach: hacker accessed details of 106M customers before its arrest

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

SEC announces sanctions against entities over email account hacking

UniCredit bank discloses a data breach that impacted 3 million of Italian clients

T-Mobile customers were hit with SIM swapping attacks

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Threat actors are offering for sale 550 million stolen user records

American Insurance firm State Farm victim of credential stuffing attacks

US OCC imposed an $80 Million fine to Capital One for 2019 hack

Capital One discovered more customers’ SSNs exposed in 2019 hack

Alleged FruitFly malware creator ruled incompetent to stand trial

FBI: Compromised US academic credentials available on various cybercrime forums

PoC exploit code for two Apache Struts 2 flaws available online

The Essential Guide to Radio Frequency Penetration Testing

How do Companies Process Sensitive Data and Why is That Important?

Remember GDPR? Expect another set of cyber regulations around vulnerabilities

Defiant Tech firm who operated LeakedSource pleads guilty

BlueBleed: Microsoft confirmed data leak exposing customers’ info

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Data belonging to Instagram influencers and celebrities exposed online

As market for cyber insurance booms, watchdog calls for better data

Top Cybersecurity Accounts to Follow on Twitter

UK ICO fines British Airways £183 Million under GDPR over 2018 security breach

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Vice Society ransomware also exploits PrintNightmare flaws in its attack

Supplier Management: The Good, the Bad, and the Solutions

Doxing in the corporate sector

Hackers stole card details from BriansClub carding site

Imperva data Breach: WAF customers’ data exposed

Checkers double drive-thru restaurants chain discloses card breach

COMB breach: 3.2B email and password pairs leaked online

Imperva explains how hackers stole AWS API Key and accessed to customer data

Stay Connected