data breach
Latest
Data breach compromises info for 20,000 LAPD officers and applicants
Los Angeles police officers are the victims of what appears to be a serious data breach. The city's Personnel Department has warned the LAPD that intruders stole personal information for roughly 2,500 officers and 17,500 officer applicants, including names, dates of birth, partial employee serial numbers and login details for the applicants. More info may have been taken, an official told NBC Los Angeles.
Capital One data breach affected 100 million in the US
Just as Equifax announced a settlement for its massive data breach, Capital One has revealed that someone hacked into its systems earlier this year. According to the company, someone exploited a "configuration vulnerability" that allowed them to access and decrypt customer data affecting over 100 million people in the US, and about 6 million in Canada.
Equifax settlement for data breach will only cost it $4 per person
The reports of an impending Equifax settlement were true. The company has agreed to settle with the Federal Trade Commission, the Consumer Financial Protection Bureau, attorneys general and New York's Department of Financial Services over its massive 2017 data breach. It will pay between $575 million to $700 million to victims, states and regulators, including a restitution fund that will pay up to $425 million to provide credit monitoring for up to 10 years. About $300 million is guaranteed for the monitoring payout, with $125 million more waiting if that initial amount runs low.
Hackers broke into a contractor for Russia's spy agency
The Russian government has been linked to a number of high-profile hacks, but it just became a target -- and the data that was stolen says a lot about its apparent goals. A hacking group nicknaming itself 0v1ru$ infiltrated the servers of SyTech, a contractor for the FSB intelligence agency on July 13th. They compromised the firm's Active Directory server and stole 7.5TB of data. The intruders revealed a number of projects that SyTech had been working on for the FSB (and fellow contractor Quantum) since 2009, some of which were pure research while others came to fruition.
Slack resets tens of thousands of passwords following 2015 data breach
Tens of thousands of Slack users will have to change their passwords after the company learned new details about a 2015 data breach. If you created your account before March of that year, haven't changed your password since and don't log in via a single-sign-on provider (i.e. an organization's Slack network), you'll need to update your credentials.
Hackers broke into Sprint accounts through Samsung's website
Sprint's security team is having a very, very lousy 2019. On top of the earlier Boost Mobile breach, the carrier has revealed that hackers obtained "unauthorized access" to an unspecified number of Sprint accounts through Samsung's "add a line" website. The provider said that the data didn't pose a "substantial risk" for fraud or identity theft and didn't include credit card or social security numbers, but there's still good reason for concern. Intruders may have seen names, billing addresses, phone numbers, device IDs and account numbers, among other sensitive details.
Marriott faces $123 million UK fine over data breach
Marriott might soon face a stiff penalty for the massive November 2018 data breach. The UK's Information Commissioner's Office plans to fine the hotel chain £99,200,396 (about $123.7 million) for allegedly violating the EU's General Data Protection Regulation through the incident. Marriott didn't conduct "sufficient due diligence" when it bought Starwood, according to the regulator, and "should also have done more" to improve security.
How a trivial cell phone hack is ruining lives
On a Tuesday night in May, Sean Coonce was reading the news in bed when his phone dropped service. He chalked it up to tech being tech and went to sleep. When he woke up, his Gmail account had been stolen and by Wednesday evening he was out $100,000.
Hackers steal traveler photos and license plates from US Customs
If you were wondering why it can be risky for governments to collect traveler images en masse on connected systems... well, here's why. US Customs and Border Protection has confirmed that hackers stole traveler images from a subcontractor, including photos of people entering or leaving the country as well as copies of their license plates. In a statement, CBP said that the subcontractor had "violated mandatory security and privacy protocols" by transferring the data to its own network.
19 million patient records were stolen from Quest Diagnostics and LabCorp
A security breach at a billing company has resulted in nearly 20 million patients of LabCorp and Quest Diagnostics getting their information stolen from them. The breach was first disclosed Monday by Quest Diagnostics, which reported in a Securities and Exchange Commission filing that a breach at third-party collections vendor American Medical Collection Agency (AMCA) compromised 11.9 million customers. Today, LabCorp indicated that 7.7 million of its patients were also affected by the AMCA breach. The attack targeted at AMCA's website is just the latest in a series of breaches that have managed to skim personal information from major companies. Similar attacks hit British Airways, Ticketmaster and Newegg late last year.
D.C. case against Facebook over Cambridge Analytica will proceed
Early Friday, a judge sided with Facebook shareholders who demanded the company hand over emails and records related to its handling of the Cambridge Analytica scandal. Later in the day, the company was denied again in court, as Reuters reports that Judge Fern Flanagan Saddler denied its motion to dismiss or stay a lawsuit filed by the Washington D.C. attorney general over the same incident. D.C. AG Karl Racine is suing Facebook over many failures, including a claim that it knew Cambridge Analytica had obtained user data over two years before the leak was revealed. According to the district's lawsuit, the CA cache contained info on 340,000 of its residents. A court filing in this case revealed there's an email between senior managers indicating they knew about the company's "improper data-gathering practices" as early as September 2015, years before it blew up in 2018. Whatever happens in this case, a deal with the EU means Facebook is on hook for future scandals, and a settlement with the FTC could include changes to make CEO Mark Zuckerberg personally liable.
Hackers turn tables on account hijackers by stealing forum data
Online account hijackers received a taste of ironic punishment this week. KrebsOnSecurity has learned that hackers stole the database from the popular hijacker forum OGusers on May 12th, obtaining email addresses, hashed passwords, IP addresses and private forum messages for 112,988 accounts. The administrator initially told users that a hard drive failure had wiped out the information and forced the use of a backup, but that tall tale fell apart when the administrator of a rival forum made the data public.
Boost Mobile informs customers about a data breach -- two months ago
Sprint-owned virtual mobile network operator Boost Mobile quietly informed customers that it suffered a data breach that allowed hackers to access some user accounts. In a notice posted on the Boost Mobile website, the company said a previously undisclosed breach occurred on March 14th, 2019 and resulted in a number of customer phone numbers and PIN codes being exposed.
US charges China-based hacking group for massive 2015 Anthem breach
Four years after hackers committed one of the worst data breaches in history, the US Justice Department has charged a "sophisticated China-based hacking group" with the attacks. An indictment released yesterday charges two members of the group, Fuji Wang and another listed as John Doe, with four counts of conspiracy and intentional damage. According to the indictment, Wang and Doe allegedly broke into and stole data from computer networks in four distinct business sectors. The most high-profile hit was the 2015 Anthem breach, in which prosecutors say the hackers stole personal information from nearly 80 million people.
Hackers stole cash from 100 Amazon sellers in 'serious' fraud
Amazon and its sellers are now believed to be the victim of a substantial fraud campaign. A newly public legal filing obtained by Bloomberg has revealed that Amazon reported a "serious" campaign that compromised the accounts of roughly 100 sellers between May and October 2018, draining them of cash earned through loans and sales. While most details of the heist weren't specified, the internet giant understood that the intruders changed account details at Barclays and Prepay Technologies.
Card skimming hack targets 201 campus stores in North America
The infamous Magecart card skimming hack has been used to make life miserable for college students. Trend Micro has discovered that a hacking group, currently nicknamed Mirrorthief, relied on the scripting technique to steal card data from 201 online campus stores across the US and Canada on April 14th. The team slipped its scripts into the checkout pages of the sites (all created by a common developer, PrismRBS) to harvest full card details, names, addresses and phone numbers. The number of people affected by the heist isn't yet clear.
A public database exposed medical records of 150,000 rehab patients
Nearly 150,000 patients who sought treatment at an addiction recovery facility in Pennsylvania had their medical records exposed online. Through the public search engine Shodan, independent researcher Justin Paine found an ElasticSearch database with nearly five million rows of data. It appeared to include personally identifiable information (PII) of patients who were treated at Steps to Recovery between mid 2016 and late 2018.
Hackers in Microsoft's webmail breach could read some users' messages
For some users, that Microsoft webmail breach was worse than first thought. Microsoft has confirmed a Motherboard source's claims that the hackers had access to a portion of the email content, not just email addresses and subject lines. About 6 of the affected users had their messages exposed, according to a spokesperson. It's not clear if the intruders read the email before Microsoft blocked access, but the company told the The Verge in a statement that the subset received "additional guidance and support."
Yahoo could pay $117.5 million to settle data breach
Yahoo is back in the courtroom with a revised settlement proposal meant to make amends for its massive data breaches. If this proposal is approved, the company will pay $117.5 million.
Indian health agency exposes details on millions of pregnant women
A health department in India exposed more than 12.5 million medical records for pregnant women after it failed to secure a database. The records span five years for a state in the north of the country, and include sensitive data such as family medical history, the mother's age, details of other children, doctor information and court case details.
