customerdata
Latest
TalkTalk fined £100,000 for long-forgotten 2014 data breach
Enough time has passed that TalkTalk has bounced back from its reputation-damaging data debacle of 2015, which saw hackers steal the personal details of over 150,000 of its customers. That earned the company a £400,000 fine from the UK's Information Commissioner's Office (ICO), and today an older data breach in 2014 has cost the company an additional £100,000. The ICO has handed TalkTalk the invoice as a slap on the wrist for failing to adequately protect customer details after third-party support staff were found to have gained "unauthorised and unlawful access to the personal data of up to 21,000 customers."
Verizon technician admits he sold customer data for years
A former Verizon Wireless network technician in Alabama has admitted to using company computers to steal and sell private customers' location and call data over a period of five years. As Ars Technica reports, Daniel Traeger of Birmingham faces up to five years in prison or a $250,000 fine for the federal hacking charge. As part of a plea deal, Traeger confessed that he sold the data to an unnamed private investigator.
TalkTalk call centre reps arrested for leaking customer data
TalkTalk just can't catch a break. Late last year, the quad-play provider suffered a "significant and sustained cyberattack" that resulted in the personal details of over 150,000 customers being stolen. It was the second serious breach in as many years, even prompting a government enquiry into the preventative measures in place at all UK telecoms and internet providers. Sensitive data can be obtained any number of ways, however, and TalkTalk believes it recently uncovered a small-scale leaking operation being carried out by a few of its third-party call centre reps.
Time Warner Cable: 320,000 customers may have been hacked
Time Warner Cable (TWC) may have a data breach on its hands. The cable outfit told Reuters that up to 320,000 customers' email passwords were potentially comprised, either through phishing or hacking of third-party companies that store TWC customer information. The FBI notified the company of the possible attack, saying that some of its customers' emails and account passwords "may have been compromised."
Wetherspoon hack exposes over 600,000 customers
Another week, another hack. JD Wetherspoon, the owner of countless cheap British pubs, has revealed that an older version of its website was hacked between June 15th and 17th, putting over 600,000 customers at risk. The company says it was informed of the attack on December 1st and immediately called in security specialists, who confirmed the breach a day later. All customers were then notified via email on December 3rd.
TalkTalk hack: exactly 156,959 customers had personal details stolen
Two weeks after TalkTalk confirmed a "significant and sustained cyberattack" on its website, the company has revealed exactly how much data was stolen. Hackers obtained personal details for 156,959 customers, including their names, email addresses and phone numbers. A week ago it placed the figure at "less than 1.2 million" -- and while that was technically accurate, today's update should feel like a radical downgrade. Of those affected customers, TalkTalk says 15,656 bank account numbers and sort codes were obtained in the attack. That's down from the "less than 21,000" it had stated previously.
FCC fines AT&T $25 million for data breach affecting 280,000 customers
After employees at its call centers swiped personal info of nearly 280,000 customers, AT&T has to pay $25 million to settle with the FCC. The fine is a result of the carrier's "consumer privacy violations" at call centers in Mexico, Colombia and the Philippines, where employees nabbed names, social security numbers and account info without proper authorization. Stolen data was used to request unlock codes, which were then provided to a third party dealing in stolen and "secondary market" handsets. "As today's action demonstrates, the Commission will exercise its full authority against companies that fail to safeguard the personal information of their customers," said FCC Chairman Tom Wheeler. In addition to the hefty fine, AT&T must notify all affected customers, in addition to providing credit monitoring services for those included in breaches in both Colombia and the Philippines. It must also appoint a senior compliance manager to keep an eye on things and file regular security reports with the FCC. [Image credit: Andrew Harrer/Bloomberg via Getty Images]
Sony BMG Greece hacked, company's security woes continue
It's the security nightmare that just won't end, and right now there's got to be plenty of Sony executives beginning to wish someone would pinch them already. After taking quite a PR and financial beating over the PSN breach, now the Greek site of Sony BMG has been hacked and the account info of thousands of users has been posted online. According to the Sophos blog Naked Security, the attack does not appear to have been particularly sophisticated and was carried out using an automated SQL injection tool that demands more patience than skill. While the data dump reveals the usernames, real names, and email addresses of registered SonyMusic.gr customers, other fields (including passwords and telephone numbers) are either empty or contain fake data -- suggesting the hack was not entirely successful. Here's hoping Sony takes this as an opportunity to seriously baton down those security hatches.
Epsilon breach exposes TiVo, Best Buy email addresses, spambots stir into action
If you're subscribed to any of TiVo's email-based communiqués, now would be a good time to make sure your spam filters are up to scratch. Epsilon, TiVo's email service provider, has reported the discovery of a security breach that has compromised the privacy of some customers' names and / or email addresses. A rigorous investigation has concluded that no other personal data was exposed, however it's not just TiVo that's affected -- other big names, such as JPMorgan Chase, Citi, US Bank, Kroger, and Walgreens have also seen their users' deets dished out to the unidentified intruder. As we say, no credit card numbers or any other truly sensitive data has escaped, so the only thing you really have to fear is fear itself... and an onslaught of spam. Update: Best Buy and the US College Board have also joined the extremely broad list of affected organizations now, judging by the warning emails they've been sending off to our readers. Valued Best Buy customers should expect an email similar to the scawl posted after the break. Update 2: You can also count Chase Bank customers among those also affected -- not their bank accounts, mind, but their e-mail addresses. [Thanks to everyone who sent this in]
