personal information on about 80,000 employees , volunteers and vendors from a CPS database . The former worker , Kristi Sims , was arrested Thursday ; officers recovered the stolen files after executing search warrants , according to CPS and Chicago police officials . Sims , 28 , is a former contractor who handled administrative tasks for the Office of Safety and Security . Sims was ordered released on her own recognizance at a bond hearing Friday at the Leighton Criminal Court Building by Judge Sophia Atcherson ; Sims also was ordered not to access to the internet while the case continues . In a letter to employees Thursday evening , CPS Chief Operating Officer Arnie Rivera said the district learned of the massive data breachAttack.DatabreachWednesday , the day after the information was stolenAttack.Databreach. Among the data stolenAttack.Databreachwere names , employee ID numbers , phone numbers , addresses , dates of birth , criminal arrest histories and DCFS findings . Social Security numbers were not takenAttack.Databreach, Rivera said . “ There was no indication that the information , which was in the individual ’ s possession for approximately 24 hours , was used or disseminated to anyone in any way , ” Rivera added . A CPS spokesman referred questions about the criminal charges to Chicago police , but Rivera said “ CPS will work to ensure the individual is prosecuted to the fullest extent of the law. ” CPD spokesman Anthony Guglielmi said Sims is also suspected of deleting the targeted files from the CPS database after they were stolenAttack.Databreach. The digital equipment seized in the warrant is being analyzed , and a search warrant is underway for Sims ’ s email account , Guglielmi said . Though police say they don ’ t believe anyone other than Sims was in possession of the data , they hope to learn more about what might have been done with the information . This latest CPS data breachAttack.Databreachcomes only a few months after the school district mistakenly sent a mass email that linked to the private information of thousands of students and families . The email invited families to submit supplemental applications to selective enrollment schools . Attached at the bottom of the email was a link to a spreadsheet with the personal data of more than 3,700 students and families . In that incident , CPS apologized for the “ unacceptable breachAttack.Databreachof both student information and your trust ” and asked recipients of the email to delete the sensitive information . The data included children ’ s names , home and cellphone numbers , email addresses and ID numbers .
The results of an annual school survey administered by Western Albemarle High School ( WAHS ) were inadvertently exposedAttack.Databreachto the public in a serious breachAttack.Databreachof security and student privacy protocol . In a post-breach letter to parents , WAHS principal , Darah Bonham , explained that the school ’ s Peer Nomination Survey “ asks students to identify peers who either have been victims of bullying or have been responsible for bullying others. ” Bonham continued by revealing that a change to the survey exposedAttack.Databreachpresumed confidential names of students listed on the survey : The survey is administered electronically and this morning , a change was made to add questions having to do with student needs around technology . Regrettably , this change inadvertently altered the security settings , making publically accessible , some survey information reported by students . It did not make public the names of students who provided that information . While WAHS has given assurances that the names of those submitting data to the survey were not exposedAttack.Databreach, concerned parents , students , and teachers were not assuaged .
HONG KONG ( REUTERS ) - Cathay Pacific Airways said on Wednesday ( Oct 24 ) that data of about 9.4 million passengers of Cathay and its unit Hong Kong Dragon Airlines had been accessedAttack.Databreachwithout authorisation . Cathay said 860,000 passport numbers , about 245,000 Hong Kong identity card numbers , 403 expired credit card numbers and 27 credit card numbers with no card verification value ( CVV ) were accessedAttack.Databreachin the breachAttack.Databreach. `` We are very sorry for any concern this data security event may cause our passengers , '' Cathay Pacific chief executive Rupert Hogg said in a statement . `` We acted immediately to contain the event , commence a thorough investigation with the assistance of a leading cyber-security firm , and to further strengthen our IT security measures . '' Mr Hogg said no passwords were compromisedAttack.Databreachin the breachAttack.Databreachand the company was contacting affected passengers to give them information on how to protect themselves . Cathay Pacific was not immediately available for additional comment outside normal business hours . The company said it initially discovered suspicious activity on its network in March this year , and investigations in early May confirmed that certain personal data had been accessedAttack.Databreach. News of Cathay 's passenger data breachAttack.Databreachcomes weeks after British Airways revealed that credit card details of hundreds of thousands of its customers were stolenAttack.Databreachover a two-week period . Cathay said in a statement that accessedAttack.Databreachdata includes names of passengers , their nationalities , dates of birth , telephone numbers , e-mail and physical addresses , passport numbers , identity card numbers and historical travel information . It added that the Hong Kong Police had been notified about the breachAttack.Databreachand that there is no evidence any personal information has been misused .
Austal , which is based in Henderson , Western Australia , is one of the country 's largest shipbuilders ; it has built vessels for the U.S. Navy . The company , which is listed on Australia 's ASX stock exchange , announced the breach late Thursday . The announcement came just a day after a security researcher in France postedAttack.Databreachscreenshots on Twitter of the purported stolen data . Austal says the material is neither sensitive nor classified and that it has taken steps to secure its data systems. `` The data breachAttack.Databreachhas had no impact on Austal 's ongoing operations , '' the company says . Austal 's business in the United States is unaffected by this issue , as the computer systems are not linked . A spokesman for Austal contacted on Friday says he could n't offer further information on the incident . The breachAttack.DatabreachexposedAttack.Databreachship design drawings that are distributed to customers , fabrication subcontractors and suppliers , Austal says . It also exposedAttack.Databreach`` some staff email addresses and mobile phone numbers . '' Those individuals have been informed as well as a `` small number '' of other stakeholders directly impacted by the breach , the company reports . Austal has contacted the Australian Cyber Security Center and the Australian Federal Police . The Office of the Australian Information Commissioner , which enforces the country 's data protection regulations `` will be involved as required , '' Austal says . Companies are increasingly being subjected to ransomsAttack.Ransomby hackers after their networks have been breachedAttack.Databreach. RansomsAttack.Ransomput companies in tough positions : risk public exposure of potentially embarrassing data , or risk paying a ransomAttack.Ransomand still face a chance the data could be released anyway . Security experts and law enforcement generally advise against paying ransomsAttack.Ransom, even after incidents of file-encrypting malware . But some companies have viewed the situation as either a cost of doing business or a shorter route to recovery . Late last month in the U.S , the city of West Haven , Connecticut , paidAttack.Ransom$ 2,000 to unlock 23 servers that had been infected with ransomware ( see : Connecticut City Pays RansomAttack.RansomAfter Crypto-Locking Attack ) . The city 's attorney , Lee Tiernan , was quoted by the Associated Press as saying `` research showed it was the best course of action . '' If the city did n't have a backup file , it may have had little choice .
Today , federal officials announced new charges relating to the 2014 hack of Yahoo , alleging a conspiracy between criminal hackers and the Russian Federal Security Agency ( or FSB ) . The indictment names two FSB agents — Igor Suschin and Dmitry Dokuchaev — who allegedly contracted two criminal hackers — Aleksey Belan and Karim Baratov — to compromiseAttack.DatabreachYahoo ’ s database , which included both US military officers and Russian journalists believed to be of interest to the FSB . Baratov was arrested yesterday in Canada , Department of Justice officials say . “ There are no free passes for foreign , state-sponsored criminal behavior , ” Assistant Attorney General McCord told reporters at a press conference . When Yahoo first disclosed the breach in September , the company attributed the attack to “ a state-sponsored actor , ” a claim that some security experts found questionable at the time . Subsequent reports found that the Yahoo database was soldAttack.Databreacha number of times , suggesting a criminal profit motive rather than intelligence gathering . According to the Department of Justice , that was a result of the FSB ’ s collaboration with its criminal contractors , who sold much of the stolen information after it had been handed over . One of the contractors also allegedly searched the accounts for gift cards and other financial info . Yahoo ’ s database was breachedAttack.Databreachtwo separate times during the period — once in August 2013 and again in late 2014 , revealing account details for hundreds of millions of users each time . Today ’ s charges deal only with the 2014 breachAttack.Databreach, which compromisedAttack.Databreach500 million accounts . Many blamed Yahoo CEO Marissa Mayer for refusing to invest in more robust security measures . Mayer later acknowledged the error , and gave up her annual salary , bonus and equity grant for 2016 as a result . Details of the breaches became public only after Yahoo had struck a deal to be acquired by Verizon . News of the security issues caused significant friction in the deal , ultimately causing Verizon to lower its purchase price by $ 350 million , to $ 4.4 billion dollars .
New statements from Apple make it clear that they do not believe a hacker , or group of hackers , breached any of their systems . This comes after a recent report from Motherboard that a hacker gang called the `` Turkish Crime Family '' is threatening to remotely wipe up to 559 million iPhones by April 7 . The hackers claim they hold an alleged cache of stolen accounts , and their goal is to shake downAttack.Ransomthe big Apple for $ 75,000 in Bitcoin or Ethereum cryptocurrency . Alternatively , in lieu of those options , they will even acceptAttack.Ransom$ 100,000 in iTunes gift cards ( a potentially risky option for them ) . Apple responded to the allegation that the hackers breachedAttack.Databreachits systems , assuring their systems were not compromisedAttack.Databreach, but did not confirm if the hackers do in fact holdAttack.Databreachan entire collection of Apple IDs and passwords . Whatever information they do have , probably came from previously comprised third-parties . `` If the list is legitimate , it was not obtainedAttack.Databreachthrough any hackAttack.Databreachof Apple , '' an Apple spokesperson told Fortune in an email . `` There have not been any breachesAttack.Databreachin any of Apple 's systems including iCloud and Apple ID . '' Even if the data did n't come from an Apple breachAttack.Databreach, it could still mean your iCloud login details are out there . Fortune suggested that the logins could be from the LinkedIn hackAttack.Databreach, in which login info from 117 million accounts was sold on the black market site `` The Real Deal . '' Though , if the Turkish Crime Family really has 559 million accounts , well , a mere fraction of the 117 million from LinkedIn does n't really cut it . The hackers have been sending login information to media companies in an effort to gather attention to their scam . For example , The Next Web received a small fraction of the alleged data from the hackers , and cross-referenced the info with the site Have I Been Pwned , which checks to see if your email or username has been compromisedAttack.Databreachin a hack . Most of the samples provided to TNW do n't appear to have been involved in the LinkedIn hack or other hacks in the Pwned database , but TNW was able to accessAttack.Databreachthe accounts with the login information provided by the hackers , so the info looks legitimate . They ca n't test every login , so the small sample may not be indicative of the whole . The Turkish Crime Family also noted to TNW that all conversations with Apple were actually kept private and never reported to Motherboard . Instead , the conversation between the Turkish Crime Family and Motherboard were led by a member that has now been removed for his `` inaccuracy '' and `` lack of professionalism , '' an the group denies the authenticity of Motherboard 's report . Overall , the hacking team seems to have a hard time sticking to one story . Now , the hacker group is confirming Apple 's statement that its systems have not been breachedAttack.Databreach, and that the stolen data was obtainedAttack.Databreachthrough previously compromised systems over the last five years . The Turkish Crime Family is , in fact , not contradicting Apple . They did not breachAttack.Databreachthe company , nor did they ever state to Motherboard that they stoleAttack.Databreachthe info directly from Apple . Rather , after Motherboard 's breaking March 21 report , a breach was assumed by some news outlets such as BGR , though most media sites never directly stated that the hackers breached Apple . The Turkish Crime Family 's initial response to Motherboard , and the group 's only statement , was to extortAttack.RansomApple over an alleged cache of iCloud and other Apple email accounts . The group never stated where their cache of data came from until today when they contacted TNW in response to Apple .
DocuSign , with over 100 million users , is one of the world ’ s largest providers of electronic signature technology and digital transaction management . Recently , DocuSign acknowledged that they have been the victim of a malware phishing attackAttack.Phishing. The data breachAttack.Databreachhappened at one DocuSign computer system location and has since been contained . While short-lived , the malware was able to obtainAttack.Databreachmany customer and user emails from the DocuSign database . Fortunately , the breachAttack.Databreachwas limited to email addresses ; no documents or further customer information was accessedAttack.Databreachin the attackAttack.Databreach. The attackers have begun sending outAttack.Phishingmalicious emails with the company ’ s branding to DocuSign customers and users . In an alert on the DocuSign website , the company shared that it is tracking these emails which carry a downloadable Microsoft Word document harboring malware to attack the user ’ s system . The email subject line has been known to read : “ Completed : docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature. ” How to protect yourself If you are not expecting an email via DocuSign , do not click on the link . If you are expecting a document , but are unsure of the source , you can access your document directly by visiting docusign.com . Every legitimate DocuSign email has a code which the user can enter on the website to access their document . DocuSign has asked that people forward suspicious emails to spam @ docusign.com then delete the email from their inboxes . It is important to remember that DocuSign will never request a customer or user to open a PDF , Microsoft Office document or ZIP file in an email .
East Ohio Regional Hospital in Harper 's Ferry , Ohio , and Ohio Valley Medical Center in Wheeling , West Virginia , both got affected by ransomware on the last weekend of November . [ 1 ] Due to this incident , ambulance patients were transported to other hospitals nearby and emergency room admissions were limited to walk-up patients only . Due to attack , employees needed to switch to paper charting and various systems were taken offline immediately . This fairly quick response limited the ransomware damage and prevented the possible data breachAttack.Databreach. [ 2 ] According to Karin Janiszewski , director of marketing and public relations for EORH and OVMC , hospitals reacted as soon as possible and , at the moment of writing , they are already using the computer network . On the following Saturday , Karin Janiszewski stated : There has been no patient information breachAttack.Databreach. The hospitals are switching to paper charting to ensure patient data protection . We have redundant security , so the attack was able to get through the first layer but not the second layer . IT staff dealt with the outbreak to avoid a data breachAttack.DatabreachWhen it comes to malware attacks on large companies , the lossAttack.Databreachof personal customer data is the worst thing that can happen . It seems that this time the situation was handled quick enough to prevent having the sensitive data being compromisedAttack.Databreach. IT team took several computers offline , and , because of this , most of the clinical operations transferred to other units , and emergency patients were automatically taken to different locations . On Saturday , when the incidents occurred , hospital officials stated that the staff is ready to take everything on paper until the downtime is over . Also , since this is a ransomware-type malware attackAttack.Ransom, hackers demand a ransomAttack.Ransom. However , officials did not select the scenario involving making the paymentAttack.Ransom. No matter how big or how little the ransom demandAttack.Ransomis , officials should n't even consider making the paymentAttack.Ransombecause it may lead to system damage or permanent data loss . [ 3 ] In the United States , data breachesAttack.Databreachand malware attacks on huge organizations have become a common thing , especially in the healthcare industry . In 2016 Hollywood Presbyterian Hospital paid the demanded ransomAttack.Ransomin Bitcoin after having its data encrypted . [ 4 ] The infection was widespread and the attackAttack.Ransomcost around $ 17 000 . Another incident that resulted in ransom paymentAttack.Ransomwas spotted in Kansas Heart Hospital in 2016 also . Unfortunately , after the payment was madeAttack.Ransom, attackers disappeared ignoring the promise to decrypt locked files . They send yet another ransom demandAttack.Ransominstead and asked forAttack.Ransoma bigger amount of money . Previously this year , the Indiana-based hospital got infected with SamSam which is an infamous ransomware virus which has been relying on specific infection tactics which is highly personalized . After considering different scenarios , the hospital decided to payAttack.Ransom4 BTC ( equal to $ 45 000 at that time ) for ransomware developers to get private keys needed for files ' recovery . Ransomware developers gave what they promised .
Family genealogy and DNA testing site MyHeritage announced on Monday a security breachAttack.Databreachduring which an attacker made off with account details for over 92 million MyHeritage users . In a statement on its website , MyHeritage said it became aware of the incident on Monday , the same day of the announcement . The incident came to light after a security researcher found an archive on a third-party server containing the personal details of 92,283,889 MyHeritage users . Only emails and hashed password were exposedAttack.Databreach. The archive contained only emails and hashed passwords , but not payment card details or DNA test result . MyHeritage says it uses third-party payment processors for financial operations , meaning payment data was never stored on its systems , while DNA test results were saved on separate servers from the one that managed user accounts . Based on the creation dates of some accounts , the breach appears to have taken place on October 26 , 2017 . It is unclear if the breach is the result of a hacker attack or because of a malicious employee selling the company 's data . MyHeritage says that user accounts are safe , as the passwords were hashed using a per-user unique cryptographic key . `` MyHeritage does not store user passwords , but rather a one-way hash of each password , in which the hash key differs for each customer , '' the company said . `` Since Oct 26 , 2017 ( the date of the breach ) and the present we have not seen any activity indicating that any MyHeritage accounts had been compromisedAttack.Databreach. '' The company announced the breach in the same day it found out about it because of the EU 's GDPR legislation that forces companies activating in the EU to disclose any security incident within three days of finding out . MyHeritage says it has now reached out to a cyber-security firm to help it investigate the breach severity and what other systems the hacker might have accessed . MyHeritage to roll out 2FA The company also promised to roll out a two-factor authentication ( 2FA ) feature for user accounts , so even if the hacker manages to decrypt the hashed passwords , these would be useless without the second-step verification code . It goes without saying that MyHeritage users should change their passwords as soon as possible . The MyHeritage incident marks the biggest data breachAttack.Databreachof the year , and the biggest leakAttack.Databreachsince last year 's Equifax hackAttack.Databreach.
An unsecured Kubernetes container management console allowed cyber-attackers to breachAttack.Databreacha Tesla cloud account that contained sensitive data , including telemetry data from the company ’ s electric cars , according to a report by security company RedLock . Details about Tesla cloud account breachAttack.Databreachwhere included in RedLock report as an example of the cyber-security threats face enterprises that store sensitive data and run important business applications on cloud services . RedLock ’ s Cloud Security Intelligence team found that the Tesla breachAttack.Databreachresulted from the exposureAttack.Databreachof Amazon Web Services security credentials after hackers penetratedAttack.DatabreachTesla ’ s Kubernetes console , which was not password protected This led to the exposureAttack.Databreachof the company ’ s Amazon S3 cloud account , which contained sensitive data including the Tesla vehicle telemetry . What was most remarkable about the CSI report was that the problems that affect on premises infrastructure are the same ones that affect cloud infrastructure . The difference is that most organizations have learned over the years to provide at least some level of protection for their on premises infrastructure and assets . Unfortunately , it appears that the same isn ’ t true of their cloud resources . Part of the problem , it appears , comes from a lack of familiarity with managing cloud services . But security for those services does exist is readily available . Amazon , for example regularly sends out emails to AWS users explaining what security measures , products and services are available for its cloud environments . Unlike private , on-premises environments , the public cloud is just that—public . That means it can be accessed by anyone , including an attacker that possesses the credentials that can enable access from anywhere . What that means is that access security is even more important , because you have no means of preventing a criminal from trying to gain access . But it also means that monitoring your cloud environment is just as important as your on premises physical environment . Monitoring at least provides a way to find an attacker that ’ s gotten past your access controls . The CSI team also recommends a “ deny all ” setting on your firewall for outbound cloud traffic , and setting your cloud so that configuration changes are automatically reported . The key here is to remember that while the cloud provider can play a role in helping ensure your cloud is secure , they can ’ t do it alone . It ’ s your part of the cloud , your data , and you ’ re paying for those computing assets . It ’ s your job to make sure they ’ re secure .
An unsecured Kubernetes container management console allowed cyber-attackers to breachAttack.Databreacha Tesla cloud account that contained sensitive data , including telemetry data from the company ’ s electric cars , according to a report by security company RedLock . Details about Tesla cloud account breachAttack.Databreachwhere included in RedLock report as an example of the cyber-security threats face enterprises that store sensitive data and run important business applications on cloud services . RedLock ’ s Cloud Security Intelligence team found that the Tesla breachAttack.Databreachresulted from the exposureAttack.Databreachof Amazon Web Services security credentials after hackers penetratedAttack.DatabreachTesla ’ s Kubernetes console , which was not password protected This led to the exposureAttack.Databreachof the company ’ s Amazon S3 cloud account , which contained sensitive data including the Tesla vehicle telemetry . What was most remarkable about the CSI report was that the problems that affect on premises infrastructure are the same ones that affect cloud infrastructure . The difference is that most organizations have learned over the years to provide at least some level of protection for their on premises infrastructure and assets . Unfortunately , it appears that the same isn ’ t true of their cloud resources . Part of the problem , it appears , comes from a lack of familiarity with managing cloud services . But security for those services does exist is readily available . Amazon , for example regularly sends out emails to AWS users explaining what security measures , products and services are available for its cloud environments . Unlike private , on-premises environments , the public cloud is just that—public . That means it can be accessed by anyone , including an attacker that possesses the credentials that can enable access from anywhere . What that means is that access security is even more important , because you have no means of preventing a criminal from trying to gain access . But it also means that monitoring your cloud environment is just as important as your on premises physical environment . Monitoring at least provides a way to find an attacker that ’ s gotten past your access controls . The CSI team also recommends a “ deny all ” setting on your firewall for outbound cloud traffic , and setting your cloud so that configuration changes are automatically reported . The key here is to remember that while the cloud provider can play a role in helping ensure your cloud is secure , they can ’ t do it alone . It ’ s your part of the cloud , your data , and you ’ re paying for those computing assets . It ’ s your job to make sure they ’ re secure .
About 33 million records belonging to Dun & Bradstreet have been leakedAttack.Databreach, placing a large portion of the US corporate population at risk . According to independent researcher Troy Hunt , the database is about 52 gigabytes in size and contains just under 33.7 million unique email addresses and other contact information from employees of thousands of large enterprises and government entities . While details are unfolding , the leakAttack.Databreachis thought to be from a database D & B acquired from NetProspex in 2015 . The file is a “ list rental ” file that D & B offers marketers for use for their own email campaigns . It ’ s believed that one of these marketing firms is the source of the leakAttack.Databreachitself having been compromisedAttack.Databreachin some way . `` We 've carefully evaluated the information that was shared with us and it is of a type and in a format that we deliver to customers every day , ” D & B said in a media statement . “ Dun & Bradstreet maintains that neither they or NetProspex suffered a breachAttack.Databreachor caused the leakAttack.Databreach, ” said Stephen Boyer , co-founder and CTO of third-party risk management and security ratings firm BitSight . “ If true and the leakAttack.Databreachstemmed from one of their customers , which represents a new dimension of third-party risk . While customers do n't have ongoing relationships in the way that vendors and suppliers do , they still can pose risk when licensing and buying data in bulk. ” As originally reported by ZDNet , Hunt said in a blog post that he was able to determine that the most records in the database come from the US Department of Defense , with other government and large enterprises following . The worrisome part is the deep bench of information that the records contain . For Wells Fargo , for example , the information is for the C-suite and 45 vice presidents , senior vice presidents , assistant vice presidents and executive vice presidents , all with names and email addresses alongside job titles . `` The market for stolen personal identifiable information continues to be lucrative for attackers to steal and sellAttack.Databreachdata , ” said Lee Weiner , chief product officer at Rapid7 , via email . “ Individuals affected by this breachAttack.Databreachshould continue to be vigilant for piggy-back attacks that can ensue from attackers using this information to engage in phishing tactics with this information to stealAttack.Databreachpasswords and gain accessAttack.Databreachto accounts . '' Those follow-on threats can include business email compromise ( BEC ) . “ This leakAttack.Databreachallows cyber-criminals to carry out whaling attacksAttack.Phishingfor large enterprises , ” said Boyer . “ Some organizations have over 100,000 employee records compromisedAttack.Databreachin this breachAttack.Databreachand may witness an uptake in targeted phishing attacksAttack.Phishingand fraud schemes. ” Hunt noted that the leak is an example of an endemic problem in data management and society . “ We 've lost control of our personal data and…we often do not have any way of feeding back to companies what data we ’ d rather not share , ” he noted . “ Particularly when D & B believe they 're operating legally by selling this information , what chance do we have—either as individuals or corporations—of regaining control of data like this ? Next to zero and about the only thing you can do right now is assess whether you 've been exposed . ”
The databases were stolenAttack.Databreachbetween 2011 to 2017 from widely visited forums providing information about Bitcoin mining and trading . The combined number of data stolenAttack.Databreachfrom these forums is more than 12,000,000 including 536,727accounts from MerlinsMagicBitcoin.com which suffered a data breachAttack.Databreachin January 2017 , 514,409 accounts from BitcoinTalk.org forum which was hackedAttack.Databreachin May 2015 , 568,357 stolenAttack.Databreachfrom BTC-E.com back in October 2014 , 21,439 accounts from BTC4Free.com which was hackedAttack.Databreachin January 2014 , 21,439 accounts from BTC4Free.com which was also hackedAttack.Databreachin January 2014 . 3,153 Bitcoin.Lixter.com which was breachedAttack.Databreachin September 2014 , 1,780 BitLeak.net accounts stolenAttack.Databreachback in March 2014 , 28,298 DogeWallet.com accounts stolenAttack.Databreachin January 2014 , 61,011 MtGox.com stolenAttack.Databreachin June 2011 , 34,513 BitsCircle.com ( breachAttack.Databreachdate unknown ) 10,855,376 BitcoinSec from 2014 breachAttack.Databreachand 3,149 accounts from TheBitcoinShop.pixub.com ( breachAttack.Databreachdate unknown ) . In some cases , the passwords have been decrypted while some are using SHA1 hash which is easy to decrypt since Google security researchers have already broken the SHA-1 web security tool last month . The price set for this data is USD 400 ( BTC 0.3817 ) It must be noted that BitcoinTalk.org and BTC-E.com are two of the most important bitcoin related platforms having their data sold on the dark web since 2016 by several other vendors . However , we are not sure about rest of the platforms . Either way , if you have an account on any of the forums mentioned above change your password asap . Also , some of the forums discussed aren ’ t active anymore ; therefore , the relevance of their data is out of the question .
The databases were stolenAttack.Databreachbetween 2011 to 2017 from widely visited forums providing information about Bitcoin mining and trading . The combined number of data stolenAttack.Databreachfrom these forums is more than 12,000,000 including 536,727accounts from MerlinsMagicBitcoin.com which suffered a data breachAttack.Databreachin January 2017 , 514,409 accounts from BitcoinTalk.org forum which was hackedAttack.Databreachin May 2015 , 568,357 stolenAttack.Databreachfrom BTC-E.com back in October 2014 , 21,439 accounts from BTC4Free.com which was hackedAttack.Databreachin January 2014 , 21,439 accounts from BTC4Free.com which was also hackedAttack.Databreachin January 2014 . 3,153 Bitcoin.Lixter.com which was breachedAttack.Databreachin September 2014 , 1,780 BitLeak.net accounts stolenAttack.Databreachback in March 2014 , 28,298 DogeWallet.com accounts stolenAttack.Databreachin January 2014 , 61,011 MtGox.com stolenAttack.Databreachin June 2011 , 34,513 BitsCircle.com ( breachAttack.Databreachdate unknown ) 10,855,376 BitcoinSec from 2014 breachAttack.Databreachand 3,149 accounts from TheBitcoinShop.pixub.com ( breachAttack.Databreachdate unknown ) . In some cases , the passwords have been decrypted while some are using SHA1 hash which is easy to decrypt since Google security researchers have already broken the SHA-1 web security tool last month . The price set for this data is USD 400 ( BTC 0.3817 ) It must be noted that BitcoinTalk.org and BTC-E.com are two of the most important bitcoin related platforms having their data sold on the dark web since 2016 by several other vendors . However , we are not sure about rest of the platforms . Either way , if you have an account on any of the forums mentioned above change your password asap . Also , some of the forums discussed aren ’ t active anymore ; therefore , the relevance of their data is out of the question .
The databases were stolenAttack.Databreachbetween 2011 to 2017 from widely visited forums providing information about Bitcoin mining and trading . The combined number of data stolenAttack.Databreachfrom these forums is more than 12,000,000 including 536,727accounts from MerlinsMagicBitcoin.com which suffered a data breachAttack.Databreachin January 2017 , 514,409 accounts from BitcoinTalk.org forum which was hackedAttack.Databreachin May 2015 , 568,357 stolenAttack.Databreachfrom BTC-E.com back in October 2014 , 21,439 accounts from BTC4Free.com which was hackedAttack.Databreachin January 2014 , 21,439 accounts from BTC4Free.com which was also hackedAttack.Databreachin January 2014 . 3,153 Bitcoin.Lixter.com which was breachedAttack.Databreachin September 2014 , 1,780 BitLeak.net accounts stolenAttack.Databreachback in March 2014 , 28,298 DogeWallet.com accounts stolenAttack.Databreachin January 2014 , 61,011 MtGox.com stolenAttack.Databreachin June 2011 , 34,513 BitsCircle.com ( breachAttack.Databreachdate unknown ) 10,855,376 BitcoinSec from 2014 breachAttack.Databreachand 3,149 accounts from TheBitcoinShop.pixub.com ( breachAttack.Databreachdate unknown ) . In some cases , the passwords have been decrypted while some are using SHA1 hash which is easy to decrypt since Google security researchers have already broken the SHA-1 web security tool last month . The price set for this data is USD 400 ( BTC 0.3817 ) It must be noted that BitcoinTalk.org and BTC-E.com are two of the most important bitcoin related platforms having their data sold on the dark web since 2016 by several other vendors . However , we are not sure about rest of the platforms . Either way , if you have an account on any of the forums mentioned above change your password asap . Also , some of the forums discussed aren ’ t active anymore ; therefore , the relevance of their data is out of the question .
Every year , cybercriminals cash in on tax season by targeting individuals , but this year it 's a little different . It 's businesses that must be extra careful when filing , because businesses are experiencing a rise in tax-related scams , specifically W-2 fraud . Researchers at IBM X-Force , the tech giant 's security research division , discovered more than 1400 % growth in general tax-themed spam between December 2016 and March 2017 . `` On top of all the usual activity -- consumer tax fraud , filing on others ' behalf -- we began to see that businesses are being targeted a lot more , '' says Limor Kessem , executive security advisor for IBM Security . In the past , she says , tax fraud on businesses were the purview of only advanced attackers . This year , they saw a rise in social engineering attacks on smaller organizations like schools , non-profits , and restaurants as fraudsters start to aim for the `` low-hanging fruit '' of the corporate world . Cybercriminals often collectAttack.DatabreachW-2 data by pretending to beAttack.Phishinga company exec and emailing HR or payroll for employee information , which is used to file fraudulent returns and collect refunds . In addition , they may also request a wire transfer to a specific bank account . Attackers who are more technically inclined may bypass the fake emails and breachAttack.Databreachan organization 's servers to stealAttack.Databreachdata directly , says Kessem . In addition to using W-2 data for their own scams , fraudsters will sell it on the dark web , the report states . The most valuable bundles of information are called `` Fullz '' and contain the victim 's address , contact info , Social Security and driver 's license numbers , plus all W-2 and W-9 information . Each record runs for $ 40- $ 50 in Bitcoin on the Dark Web . With all this data for $ 50 per record , harmful activity does n't have to stop at tax fraud , Kessem notes . Cybercriminals can buy and use this data for other scams like identity theft or online loan applications . Tax-related risks increase as the filing deadline approaches . One-third of Americans ( 54 million people ) filed their taxes after April 1 in 2016 , giving fraudsters a larger window of opportunity to strike . Tax-related cybercrime wo n't stop after April 18 , 2017 . `` There are a number of people filing after the deadline , '' says Kessem , noting the popularity of extensions . There are millions who will still be interested in tax-themed emails . '' However , their tax scam strategies will shift after the deadline as cybercriminals move from stealing data to infecting machines with malware . Because victims may expect messages indicating problems with their returns , they are more likely to open potentially malicious attachments , Kessem explains . Researchers believe data sets sold on the Dark Web are a sign that fraudsters are stealingAttack.Databreachtax info from employer databases -- meaning they get it before the taxpayers
The company acknowledged the investigation after being contacted by Brian Krebs , confirming that it received a “ notification from a third party ” saying that info from cards used at GameStop.com were being offered for saleAttack.Databreachon the Dark Web . Krebs had been tipped off to the situation by financial industry sources , who said the compromise was likely active between mid-September 2016 and the first week of February 2017 . GameStop however didn ’ t confirm these data points . “ If Brian Krebs ’ report is correct , the GameStop breachAttack.Databreachhas the potential to be a huge payday for hackers , ” said Vishal Gupta , CEO of Seclore , via email . “ Compromised credit-card numbers aren ’ t always easy to monetize , but in this case hackers were able to interceptAttack.DatabreachCVV2 numbers…There is a reason companies aren ’ t allowed to store this CVV2 data in their own databases , so the fact that the hackers were able to interceptAttack.Databreachthese security codes elevates the severity of the incident significantly ” . The timing could also be a key factor in the payoff for the crooks . “ If the reports about the Gamestop.com breachAttack.Databreachare right , then it shows how business-minded the bad guys can be . Hitting them during the Christmas season—when tons of distant relatives buying kids they hardly know gift cards for the one thing they know every kid wants—is pretty savvy timing , ” said Jonathan Sander , CTO , STEALTHbits Technologies . “ It also means these are purchases that many will barely recall making , and consumers were exercising the least caution they ever do as they rushed to get all their online shopping done ” . For now , details are skimpy as to what was stolenAttack.Databreach, when and how—no attack vector has yet been public . However , the company is large and hugely popular in the United States , with a global presence , so the potential for consumer exposure at scale , if the timeframe given is correct , could be significant . `` You can imagine a future where attacks such as this become so sophisticated and frequent that no one but the largest retailers can afford to defend against them , ” said John Gunn , CMO , VASCO Data Security . “ This would give the Amazons and Walmarts of the world a real competitive advantage in winning consumers ’ business . '' GameStop shoppers are advised to comb their purchase histories
The company acknowledged the investigation after being contacted by Brian Krebs , confirming that it received a “ notification from a third party ” saying that info from cards used at GameStop.com were being offered for saleAttack.Databreachon the Dark Web . Krebs had been tipped off to the situation by financial industry sources , who said the compromise was likely active between mid-September 2016 and the first week of February 2017 . GameStop however didn ’ t confirm these data points . “ If Brian Krebs ’ report is correct , the GameStop breachAttack.Databreachhas the potential to be a huge payday for hackers , ” said Vishal Gupta , CEO of Seclore , via email . “ Compromised credit-card numbers aren ’ t always easy to monetize , but in this case hackers were able to interceptAttack.DatabreachCVV2 numbers…There is a reason companies aren ’ t allowed to store this CVV2 data in their own databases , so the fact that the hackers were able to interceptAttack.Databreachthese security codes elevates the severity of the incident significantly ” . The timing could also be a key factor in the payoff for the crooks . “ If the reports about the Gamestop.com breachAttack.Databreachare right , then it shows how business-minded the bad guys can be . Hitting them during the Christmas season—when tons of distant relatives buying kids they hardly know gift cards for the one thing they know every kid wants—is pretty savvy timing , ” said Jonathan Sander , CTO , STEALTHbits Technologies . “ It also means these are purchases that many will barely recall making , and consumers were exercising the least caution they ever do as they rushed to get all their online shopping done ” . For now , details are skimpy as to what was stolenAttack.Databreach, when and how—no attack vector has yet been public . However , the company is large and hugely popular in the United States , with a global presence , so the potential for consumer exposure at scale , if the timeframe given is correct , could be significant . `` You can imagine a future where attacks such as this become so sophisticated and frequent that no one but the largest retailers can afford to defend against them , ” said John Gunn , CMO , VASCO Data Security . “ This would give the Amazons and Walmarts of the world a real competitive advantage in winning consumers ’ business . '' GameStop shoppers are advised to comb their purchase histories
On April 14 , the company disclosed to the California attorney general that a December 2015 breachAttack.DatabreachcompromisedAttack.Databreachmore sensitive information than first thought . It also disclosed new attacksAttack.Databreachfrom earlier this year that exposedAttack.Databreachnames , contact information , email addresses and purchase histories , although the retailer says it repelled most of the attacks . The dual notifications mark the latest problems for the company , which disclosed in early 2014 that its payment systems were infected with malware that stoleAttack.Databreach350,000 payment card details . Over the past few years , retailers such as Target , Home Depot and others have battled to keep their card payments systems malware-free ( see Neiman Marcus Downsizes Breach Estimate ) . The 2015 incident started around Dec 26 . In a notification to California about a month later , the retailer said it was believed attackers cycled through login credentials that were likely obtainedAttack.Databreachthrough other data breachesAttack.Databreach. A total of 5,200 accounts were accessedAttack.Databreach, and 70 of those accounts were used to make fraudulent purchases . Although email addresses and passwords were not exposedAttack.Databreach, the original notification noted , accessAttack.Databreachto the accounts would have revealed names , saved contact information , purchase histories and the last four digits of payment card numbers . The affected websites included other brands run by Neiman Marcus , including Bergdorf Goodman , Last Call , CUSP and Horchow . According to its latest notification , however , Neiman Marcus Group now says full payment card numbers and expiration dates were exposedAttack.Databreachin the 2015 incidentAttack.Databreach. The latest attack disclosed by Neiman Marcus Group , which occurred around Jan 17 , mirrors the one from December 2015 . It affects the websites of Neiman Marcus , Bergdorf Goodman , Last Call , CUSP , Horchow and a loyalty program called InCircle . Again , the company believes that attackers recycled other stolen credentials in an attempt to see which ones still worked on its sites . It appears that some of the credentials did unlock accounts . The breachAttack.DatabreachexposedAttack.Databreachnames , contact information , email addresses , purchase histories and the last four digits of payment card numbers . It did n't specify the number of accounts affected . The attackers were also able to accessAttack.Databreachsome InCircle gift card numbers , the company says . Web services can slow down hackers when suspicious activity is noticed , such as rapid login attempts from a small range of IP addresses . Those defensive systems can be fooled , however , by slowing down login attempts and trying to plausibly geographically vary where those attempts originate . For those affected by the January incident , Neimen Marcus Group is enforcing a mandatory password reset . It 's an action that 's not undertaken lightly for fear of alienating users , but it 's a sign of how serious a service feels the risk is to users or customers . The company also is offering those affected a one-year subscription to an identity theft service .
TORONTO , April 19 ( Reuters ) - Global hotel chain InterContinental Hotels Group Plc said 1,200 of its franchised hotels in the United States , including Holiday Inn and Crowne Plaza , were victims of a three-month cyber attackAttack.Databreachthat sought to stealAttack.Databreachcustomer payment card data . The company declined to say how many payment cards were stolenAttack.Databreachin the attackAttack.Databreach, the latest in a hacking spreeAttack.Databreachon prominent hospitality companies including Hyatt Hotels Corp , Hilton , and Starwood Hotels , now owned by Marriott International Inc . The breachAttack.Databreachlasted from September 29 to December 29 , InterContinental spokesman Neil Hirsch said on Wednesday . He declined to say if losses were covered by insurance or what financial impact the hackingAttack.Databreachmight have on the hotels that were compromisedAttack.Databreach, which also included Hotel Indigo , Candlewood Suites and Staybridge Suites properties . The malware searched for track dataAttack.Databreachstored on magnetic stripes , which includes name , card number , expiration date and internal verification code , the company said . Hotel operators have become popular targets because they are easier to breachAttack.Databreachthan other businesses that store credit card numbers as they have limited knowledge in defending themselves against hackers , said Itay Glick , chief executive of Israeli cyber-security company Votiro . `` They do n't have massive data centers like banks which have very secure systems to protect themselves , '' said Glick . InterContinental declined to say how many franchised properties it has in the United States , which is part of its business unit in the Americas with 3,633 such properties . In February , InterContinental said it had been victim of a cyber attack , but at that time said that only 12 of its 286 managed properties in the Americas were infected with malware .
This is part of an ongoing Motherboard series on the proliferation of phone cracking technology , the people behind it , and who is buying it . Motherboard has obtained 900 GB of data related to Cellebrite , one of the most popular companies in the mobile phone hacking industry . The cache includes customer information , databases , and a vast amount of technical data regarding Cellebrite 's products . The breachAttack.Databreachis the latest chapter in a growing trend of hackers taking matters into their own hands , and stealingAttack.Databreachinformation from companies that specialize in surveillance or hacking technologies . Cellebrite is an Israeli company whose main product , a typically laptop-sized device called the Universal Forensic Extraction Device ( UFED ) , can rip dataAttack.Databreachfrom thousands of different models of mobile phones . That data can include SMS messages , emails , call logs , and much more , as long as the UFED user is in physical possession of the phone . Cellebrite is popular with US federal and state law enforcement , and , according to the hacked data , possibly also with authoritarian regimes such as Russia , the United Arab Emirates , and Turkey . The cache includes alleged usernames and passwords for logging into Cellebrite databases connected to the company 's my.cellebrite domain . This section of the site is used by customers to , among other things , access new software versions . In the majority of cases , this was not possible because the email address was already in use . A customer included in the data confirmed some of their details . The dump also contains what appears to be evidence files from seized mobile phones , and logs from Cellebrite devices . According to the hacker , and judging by timestamps on some of the files , some of the data may have been pulledAttack.Databreachfrom Cellebrite servers last year . `` Cellebrite recently experienced unauthorized access to an external web server , '' the company said in a statement on Thursday after Motherboard informed it of the breach . `` The company is conducting an investigation to determine the extent of the breach . The impacted server included a legacy database backup of my.Cellebrite , the company 's end user license management system . The company had previously migrated to a new user accounts system . Presently , it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system , '' the statement continues . Cellebrite advised customers to change their passwords as a precaution , and added that it is working with relevant authorities to assist in their investigation . Access to Cellebrite 's systems has been traded among a select few in IRC chat rooms , according to the hacker . `` To be honest , had it not been for the recent stance taken by Western governments no one would have known but us , '' the hacker told Motherboard . The hacker expressed disdain for recent changes in surveillance legislation . In 2014 a hacker calling themselves `` PhineasFisher '' publicly released 40GB of data from surveillance company Gamma International . Gamma makes intrusion software that can remotely switch on a target 's webcam , siphon offAttack.Databreachtheir emails , and much more . The following year , PhineasFisher targeted Italian company Hacking Team , and publishedAttack.Databreacha trove of emails and other internal documents from the company . Although the terms of this Cellebrite breachAttack.Databreachare somewhat different—the hacker has not dumpedAttack.Databreachthe files online for anyone to download—similarities seem to remain , especially in the hacker 's vigilante motivation .
Positive Technologies has today confirmed it has detectedVulnerability-related.DiscoverVulnerabilityvulnerabilities in SAP Enterprise Portal Navigation , SAP NetWeaver Log Viewer and SAP Enterprise Portal Theme Editor , which are the components of the SAP NetWeaver platform . By exploiting these security flaws , attackers can interceptAttack.Databreachlogin credentials , register keystrokes , spoof data or perform other illegal activities that could potentially lead to a system compromise . Four Cross-Site Scripting ( XSS ) vulnerabilities were detectedVulnerability-related.DiscoverVulnerabilityin the following SAP Enterprise Portal components : SAP Enterprise Portal Navigation ( CVSSv3 score 6.1 ) and SAP Enterprise Portal Theme Editor ( three flaws with CVSSv3 scores 5.4 , 6.1 , and 6.1 ) . Exploiting these vulnerabilities , an attacker could obtain accessAttack.Databreachto a victim 's session tokens , login credentials or other sensitive information in the browser , perform arbitrary actions on the victim 's behalf , rewrite HTML page content and interceptAttack.Databreachkeystrokes . The relevant remediation guidelines are described in SAP Security notes No . 2369469 , 2372183 , 2372204 , and 2377626 . Another vulnerability—Directory Traversal ( CVSSv3 score 5.9 ) —allows arbitrary file upload in SAP NetWeaver Log Viewer . Attackers can upload a malformed archive that contains files with special characters in their names . When the web application unpacks the archive , it resolves symbols `` . '' and `` / '' as a part of the correct file path , so attackers can exploit the Directory Traversal vulnerability and upload files to an arbitrary place on the server file system . The consequences of arbitrary file upload can include total compromise of a system , overload of a file system or database , expanding attacks to back-end systems and defacement . The impact of this vulnerability is high , as arbitrary code can be executed on the server . SAP Security note No . 2370876 describes the activities required to eliminate this flaw . Dmitry Gutsko , Head of the Business System Security Unit at Positive Technologies said : `` Large companies all over the world use SAP to manage financial flows , product lifecycle , relationships with vendors and clients , company resources , procurement , and other critical business processes . It is vital to protect the information stored in SAP systems as any breachAttack.Databreachof confidential information could have a devastating impact on the business . '' In order to identify vulnerabilities in SAP products , perform inventory checks on these systems , manage updates and analyze settings , configurations , and permissions , Positive Technologies ’ MaxPatrol vulnerability and compliance management solution has been certified by SAP for integration with SAP NetWeaver . In addition , Positive Technologies Application Firewall ( PT AF ) detects attacks , including those that leverage zero-day vulnerabilities , in SAP NetWeaver , SAP ICM , SAP Management Console , and SAP SOAP RFC using special security profiles . Positive Technologies Application Inspector also supports analysis of Java applications for the SAP NetWeaver Java platform .
A cyber attack has compromisedAttack.Databreachthe personal data of up to 26,000 Debenhams customers . The breachAttack.Databreach, which is understood to have been malware-based , targeted the online portal for the retailer 's florist arm , Debenhams Flowers . Debenhams has stressed that the site is operated by Ecomnova , a third-party supplier , and that customers of other services have not been affected . Ecomnova also operates Debenhams ' websites for hampers , personalised gifts and wines . While all four sites have been suspended , the retailer has not announced whether the others were also breached . Debenhams confirmed to Sky News that customer payment details , names and addresses were accessed or stolenAttack.Databreachduring the attackAttack.Databreach. In a statement the company stressed that it was only the Ecomnova-run site that had been compromisedAttack.Databreach, and that customers of its main website Debenhams.com `` can be confident they are unaffected by this attack '' . `` All affected customers have been contacted by Debenhams to inform them of the incident , '' the firm told Sky News . `` We are working with Ecomnova to ask the banks of those affected to block payment cards of those customers affected and issue customers with new cards . '' Debenhams said the incident had been reported to the Information Commissioner 's Office ( ICO ) , the UK 's independent body for upholding the Data Protection Act . Following a cyber attack in October 2015 , the ICO fined TalkTalk a record £400,000 after 15,656 individuals ' bank account details and sort codes were stolenAttack.Databreach. An ICO spokesperson said it was aware of the `` potential incident '' involving Debenhams Flowers and that enquiries were being made . `` Businesses and organisations are required under the Data Protection Act to keep people 's personal data safe and secure , '' the spokesperson said . Debenhams chief executive Sergio Bucher said : `` As soon as we were informed that there had been a cyber attack , we suspended the Debenhams Flowers website and commenced a full investigation . `` We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk . '' Ecomnova did not immediately respond to Sky News for comment .
Billions of online credentials freshly stolenAttack.Databreachin 2016 are fueling a practice of automated login hacks that are overwhelming legitimate human-login traffic on enterprise Web properties . A study out today from Shape Security shows that it 's common for credential-stuffing login attempts to account for more than 90 % of all login activity on Internet-facing systems at Fortune 100 firms . `` In working with customers in retail , finance , travel , government , and other industries , Shape has seen millions of instances of credentials from reported breaches being used in credential stuffing attacks , '' the report says . Online-credential breaches that do n't expose any other personally identifiable information may seem like no big deal on the spectrum of massive security incidents . But the study out today shows that with automation , attackers are using stolen passwords quite effectively . If attackers have a large enough pool of stolen credentials to try across various other Web systems online , even a very slim success rate can yield them hundreds of thousands - or even millions - of accounts ripe for takeover . Global organizations in 2016 reported more than 3 billion username and password combinations stolenAttack.Databreach, led first and foremost by Yahoo 's massive 1.5 billion user breachAttack.Databreach. `` Credential spills became a worldwide pandemic in 2016 . While we have been observing credential spills and credential-stuffing attacksAttack.Databreachfor many years , the scale of both in 2016 was remarkable , '' says Shuman Ghosemajumder , CTO for Shape . `` The size and frequency of credential spills appears to be increasing , with the record for all-time largest credential spill being reset three times last year . '' Shape reports that in its work with retail , finance , travel , government , and other industries in 2016 , it observed millions of credentials exposed from reported breaches being used in credential- stuffing attacksAttack.Databreach. During one 4-month observation period at a major retailer , for example , Shape Security witnessed 15.5 million account login attempts . Scarily enough , 500,000 accounts at that retailer were on breached credential lists . The difficulty with credential stuffing is that many companies do n't have visibility into the volume of automated login traffic they 're being hit with because these attacks are n't taking advantage of vulnerabilities per se . They 're using the login functionality the way it is supposed to be used , simply scaling up the rate at which the credentials are plugged into the inputs . These attacks not only put users at risk , but they also put a traffic burden on infrastructure and could add to the login latency for real human users . `` A lot of public attention is focused on any organization that experiences a data breachAttack.Databreachand loses control of their users ' passwords and personal information , '' Ghosemajumder says . `` However , the real issue other companies should focus on is protecting themselves against those passwords being used to attack them and their own users ”
OneLogin , an online service that lets users manage logins to sites and apps from a single platform , says it has suffered a security breachAttack.Databreachin which customer data was compromisedAttack.Databreach, including the ability to decrypt encrypted data . Headquartered in San Francisco , OneLogin provides single sign-on and identity management for cloud-base applications . OneLogin counts among its customers some 2,000 companies in 44 countries , over 300 app vendors and more than 70 software-as-a-service providers . A breachAttack.Databreachthat allowed intruders to decrypt customer data could be extremely damaging for affected customers . After OneLogin customers sign into their account , the service takes care of remembering and supplying the customer ’ s usernames and passwords for all of their other applications . In a brief blog post Wednesday , OneLogin chief information security officer Alvaro Hoyos wrote that the company detected unauthorized accessAttack.Databreachto OneLogin data . “ Today we detected unauthorized accessAttack.Databreachto OneLogin data in our US data region . We have since blocked this unauthorized access , reported the matter to law enforcement , and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident . We want our customers to know that the trust they have placed in us is paramount. ” “ While our investigation is still ongoing , we have already reached out to impacted customers with specific recommended remediation steps and are actively working to determine how best to prevent such an incident from occurring in the future and will update our customers as these improvements are implemented. ” OneLogin ’ s blog post includes no other details , aside from a reference to the company ’ s compliance page . The company has not yet responded to request for comment . However , Motherboard has obtained a copy of a message OneLogin reportedly sent to its customers about the incident , and that missive contains a critical piece of information : “ Customer data was compromisedAttack.Databreach, including the ability to decrypt encrypted data , ” reads the message OneLogin sent to customers . According to Motherboard , the message also directed customers to a list of required steps to minimize any damage from the breach , such as generating new API keys and OAuth tokens ( OAuth being a system for logging into accounts ) , creating new security certificates as well as credentials ; recycling any secrets stored in OneLogin ’ s Secure Notes feature ; and having end-users update their passwords . Gartner Inc. financial fraud analyst Avivah Litan said she has long discouraged companies from using cloud-based single sign-on services , arguing that they are the digital equivalent to an organization putting all of its eggs in one basket . “ It ’ s just such a massive single point of failure , ” Litan said . “ And this breach shows that other [ cloud-based single sign-on ] services are vulnerable , too . This is a big deal and it ’ s disruptive for victim customers , because they have to now change the inner guts of their authentication systems and there ’ s a lot of employee inconvenience while that ’ s going on. ” KrebsOnSecurity will likely update this story throughout the day as more details become available . “ Our review has shown that a threat actor obtained accessAttack.Databreachto a set of AWS keys and used them to access the AWS API from an intermediate host with another , smaller service provider in the US . Evidence shows the attack started on May 31 , 2017 around 2 am PST . Through the AWS API , the actor created several instances in our infrastructure to do reconnaissance . OneLogin staff was alerted of unusual database activity around 9 am PST and within minutes shut down the affected instance as well as the AWS keys that were used to create it. ” “ The threat actor was able to accessAttack.Databreachdatabase tables that contain information about users , apps , and various types of keys . While we encrypt certain sensitive data at rest , at this time we can not rule out the possibility that the threat actor also obtained the ability to decrypt data . We are thus erring on the side of caution and recommending actions our customers should take , which we have already communicated to our customers . ”
Kmart has suffered another credit card breachAttack.Databreach, its second in three years . This time though , its chip-and-PIN card readers significantly contained the fallout . Kmart is not saying how many of its 750 stores in the US were affected by the point-of-sale ( PoS ) malware , but it stressed that no personal data , including names , addresses , Social Security Numbers or email addresses , was stolenAttack.Databreach. It also talked up its EMV reader implementation . Kmart has EMV-enabled terminals in its stores , forcing customers with chip cards to insert their cards instead of swiping their stripes , which minimized the impact of the infection . Still , as independent researcher Brian Krebs reported , those consumers without chip cards could feel significant effects : “ The malware copiesAttack.Databreachaccount data stored on the card ’ s magnetic stripe , ” he explained . “ Armed with that information , thieves can effectively clone the cards and use them to buy high-priced merchandise from electronics stores and big box retailers. ” Several financial institutions flagged the breach to Krebs , indicating that fraud is indeed occurring as a result of the attack , though again , no details are available as to how widespread the impact is . The incident has no relation to previous breaches , the bargain retailer said in an FAQ , noting that it ’ s confident that it was successful in eradicating any residual traces of malware or persistence left behind by earlier attacks . Instead , its payment systems were infected with malware that Kmart says was “ undetectable ” by its antivirus protections . “ Does this mean that we may be dealing with an entirely new family of malware or methods of infecting POS terminals , or that the solution they were using was unable to detect the threat ? ” said Richard Henderson , Global Security Strategist , Absolute , via email . “ If the former , then it will be absolutely critical for Kmart to get information about this attack to other retailers , antivirus companies and network security appliance vendors so that everyone can both look for indicators of compromise inside their own networks and bolster defenses against this new threat. ” If a hole was simply found in KMart 's defenses , it brings up the need for a defense-in-depth approach , he added . The incident was a passing test for the PCI DSS standard of payment security as well , some said . `` This is another example what cybersecurity experts are saying day by day : no IT systems can stay safe if they hold something valuable , ” said Csaba Krasznay , product evangelist at Balabit , in a note . “ More than 10 years ago , T.J.Maxx suffered a very similar data breachAttack.Databreachwhen approximately 100 million cards data was stolenAttack.Databreach. That incident helped the drive for credit-card companies to introduce PCI DSS as a mandatory security standard for everyone who manages card data . If Kmart was really able to avoid large scale data leakage , then we can be sure that PCI DSS is mature and useful enough in these circumstances , at this point . ''
Cyber attacks are becoming commonplace in 2017 and the most recent one might be a credit card breachAttack.Databreachwhich hit the popular retail chain Kmart , reported first on May 16 , but only confirmed by parent company Sears Holding on Wednesday . `` Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls . Once aware of the new malicious code , we quickly removed it and contained the event . We are confident that our customers can safely use their credit and debit cards in our retail stores , '' Howard Riefs , a spokesman for Sears Holding , said in a statement to Patch . The company further explained the risk to its customers . “ Based on the forensic investigation , NO PERSONAL identifying information ( including names , addresses , social security numbers , and email addresses ) was obtainedAttack.Databreachby those criminally responsible . However , we believe certain credit card numbers have been compromisedAttack.Databreach. Nevertheless , in light of our EMV compliant point of sale systems , which rolled out last year , we believe the exposureAttack.Databreachto cardholder data that can be used to create counterfeit cards is limited , '' it said . The breach was first reported by security website Krebs on Security on May 16 . Many small banks and credit unions received complaints about batches of stolen cards , all of which had been used at Kmart locations . The company didn ’ t reveal which of its 735 locations were hit , but did say how the breach occurred . The company ’ s systems were hit with a malware designed to stealAttack.Databreachcredit card data from point-of-sale devices installed at kiosks . The malware copiesAttack.Databreachcredit card information from the card ’ s magnetic strip , when the cards are swiped at payment kiosks . Using this information , the cards can be cloned and purchases made using these clones would be debited from the credit card user ’ s account . This not the first time Kmart suffered such a breach . The retail chain had a similar breachAttack.Databreachin 2014 and had also claimed at the time the stolen data did not include customer names , emails addresses and personal information . `` We are actively enhancing our defenses in light of this new form of malware . Data security is of critical importance to our company , and we continuously review and improve the safeguards that protect our data in response to changing technology and new threats , '' it said . It was however confirmed the breachAttack.Databreachdid not target all Kmart locations , in which case credit card companies would have themselves issued warnings to customers against using their cards at retail stores . Sears Holdings has set up a helpline for customers who might be affected by the breach . If you think you are one of them , you can call 888-488-5978 to get your queries answered .
Cyber attacks are becoming commonplace in 2017 and the most recent one might be a credit card breachAttack.Databreachwhich hit the popular retail chain Kmart , reported first on May 16 , but only confirmed by parent company Sears Holding on Wednesday . `` Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls . Once aware of the new malicious code , we quickly removed it and contained the event . We are confident that our customers can safely use their credit and debit cards in our retail stores , '' Howard Riefs , a spokesman for Sears Holding , said in a statement to Patch . The company further explained the risk to its customers . “ Based on the forensic investigation , NO PERSONAL identifying information ( including names , addresses , social security numbers , and email addresses ) was obtainedAttack.Databreachby those criminally responsible . However , we believe certain credit card numbers have been compromisedAttack.Databreach. Nevertheless , in light of our EMV compliant point of sale systems , which rolled out last year , we believe the exposureAttack.Databreachto cardholder data that can be used to create counterfeit cards is limited , '' it said . The breach was first reported by security website Krebs on Security on May 16 . Many small banks and credit unions received complaints about batches of stolen cards , all of which had been used at Kmart locations . The company didn ’ t reveal which of its 735 locations were hit , but did say how the breach occurred . The company ’ s systems were hit with a malware designed to stealAttack.Databreachcredit card data from point-of-sale devices installed at kiosks . The malware copiesAttack.Databreachcredit card information from the card ’ s magnetic strip , when the cards are swiped at payment kiosks . Using this information , the cards can be cloned and purchases made using these clones would be debited from the credit card user ’ s account . This not the first time Kmart suffered such a breach . The retail chain had a similar breachAttack.Databreachin 2014 and had also claimed at the time the stolen data did not include customer names , emails addresses and personal information . `` We are actively enhancing our defenses in light of this new form of malware . Data security is of critical importance to our company , and we continuously review and improve the safeguards that protect our data in response to changing technology and new threats , '' it said . It was however confirmed the breachAttack.Databreachdid not target all Kmart locations , in which case credit card companies would have themselves issued warnings to customers against using their cards at retail stores . Sears Holdings has set up a helpline for customers who might be affected by the breach . If you think you are one of them , you can call 888-488-5978 to get your queries answered .
Cyber attacks are becoming commonplace in 2017 and the most recent one might be a credit card breachAttack.Databreachwhich hit the popular retail chain Kmart , reported first on May 16 , but only confirmed by parent company Sears Holding on Wednesday . `` Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls . Once aware of the new malicious code , we quickly removed it and contained the event . We are confident that our customers can safely use their credit and debit cards in our retail stores , '' Howard Riefs , a spokesman for Sears Holding , said in a statement to Patch . The company further explained the risk to its customers . “ Based on the forensic investigation , NO PERSONAL identifying information ( including names , addresses , social security numbers , and email addresses ) was obtainedAttack.Databreachby those criminally responsible . However , we believe certain credit card numbers have been compromisedAttack.Databreach. Nevertheless , in light of our EMV compliant point of sale systems , which rolled out last year , we believe the exposureAttack.Databreachto cardholder data that can be used to create counterfeit cards is limited , '' it said . The breach was first reported by security website Krebs on Security on May 16 . Many small banks and credit unions received complaints about batches of stolen cards , all of which had been used at Kmart locations . The company didn ’ t reveal which of its 735 locations were hit , but did say how the breach occurred . The company ’ s systems were hit with a malware designed to stealAttack.Databreachcredit card data from point-of-sale devices installed at kiosks . The malware copiesAttack.Databreachcredit card information from the card ’ s magnetic strip , when the cards are swiped at payment kiosks . Using this information , the cards can be cloned and purchases made using these clones would be debited from the credit card user ’ s account . This not the first time Kmart suffered such a breach . The retail chain had a similar breachAttack.Databreachin 2014 and had also claimed at the time the stolen data did not include customer names , emails addresses and personal information . `` We are actively enhancing our defenses in light of this new form of malware . Data security is of critical importance to our company , and we continuously review and improve the safeguards that protect our data in response to changing technology and new threats , '' it said . It was however confirmed the breachAttack.Databreachdid not target all Kmart locations , in which case credit card companies would have themselves issued warnings to customers against using their cards at retail stores . Sears Holdings has set up a helpline for customers who might be affected by the breach . If you think you are one of them , you can call 888-488-5978 to get your queries answered .
GameStop customers received breachAttack.Databreachnotification warnings this week , cautioning them that their personal and financial information could have been compromisedAttack.Databreachnine months ago . According to postal letters sent to customers , GameStop said an undisclosed number of online customers had their credit card or bankcard data stolenAttack.Databreach, including the card numbers , expiration dates , names , addresses and the three-digit card verification values ( CVV2 ) . The breachAttack.Databreachoccurred between Aug 10 , 2016 to Feb 9 , 2017 , according to GameStop . In April , the company publicly acknowledged the breach . But , it wasn ’ t until last week that affected customers were individually notified that their cards were likely stolenAttack.Databreach. “ I ’ m pretty upset at GameStop . I should have been notified when they knew about it in April , ” said GameStop customer Ryan Duff , a former cyber operations tactician at U.S. Cyber Command . As a security professional , he said he expected better of GameStop when it came to notifying him of a possible breachAttack.Databreachof his credit card information . Subsequently , Duff said , the card used on GameStop.com back in November had been compromisedAttack.Databreach, according to his bank . “ There is no way it should have taken months to be notified , ” he said . Breach notification laws differ from state to state . But many states , such as Massachusetts , mandate victims be notified “ as soon as practicable and without unreasonable delay ” or the company may face civil penalties . The rules are there , in part , to allow for consumers to freeze accounts and avoid paying fees associated with having their card stolen . “ After receiving a report that data from payment card used on www.GameStop.com may have been obtainedAttack.Databreachby unauthorized individuals , we immediately began an investigation and hired a leading cybersecurity firm to assist us , ” wrote J. Paul Raines , chief executive officer of GameStop in a letter dated June 2 that was sent sent to impacted customers . “ Although the investigation did not identify evidence of unauthorized accessAttack.Databreachto payment card data , we determined on April 18 , 2017 that the potential for what to have occurred existed for certain transactions , ” he wrote . GameStop operates 7,500 retail stores and its consumer product network online includes GameStop.com , game site Kongregate.com and online retailer ThinkGeek . No retail customers were impacted by the breach , according to the company . “ GameStop identified and addressed a potential security incident that was related to transactions made on GameStop ’ s website during a specific period of time , ” the company said in a statement provided to Threatpost . “ GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take. ” Still unknown about the breachAttack.Databreachare how many customers may have been impacted , how was the data stolenAttack.Databreachand how was GameStop alerted to the fact the data had been stolenAttack.Databreach. In April , GameStop issued the statement : “ GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. ” Krebs on Security reported in April that GameStop had received an alert from a credit card processor stating that its website was potentially comprised . Originally , it was believed that the breachAttack.Databreachinvolved GameStop retail stores and that the company ’ s point-of-sale system may have been infected with malware . That was because the breachAttack.Databreachoccurred at the height of the holiday sales season and that stolen data included card verification values ( CVV2 ) . Online merchants are not supposed to store CVV2 codes on their e-commerce sites . However , since GameStop said no retail customers were impacted , it is now believed that GameStop.com was hacked and that the data was stolenAttack.Databreachthrough the use of malware . Over the past 12 months , there has been an unprecedented number of data breachesAttack.Databreach. Some of those impacted have been ecommerce sites running vulnerable versions of Magento and WordPress and ecommerce platforms Powerfront CMS and OpenCart . Criminals have used a number of techniques to siphonAttack.Databreachoff credit card data from these sites ranging from compromised ecommerce plugins that can perform reflected XSS ( cross-site scripting ) attacks , web-based keyloggers , and DOM-based XSS attacks . Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script .
GameStop customers received breachAttack.Databreachnotification warnings this week , cautioning them that their personal and financial information could have been compromisedAttack.Databreachnine months ago . According to postal letters sent to customers , GameStop said an undisclosed number of online customers had their credit card or bankcard data stolenAttack.Databreach, including the card numbers , expiration dates , names , addresses and the three-digit card verification values ( CVV2 ) . The breachAttack.Databreachoccurred between Aug 10 , 2016 to Feb 9 , 2017 , according to GameStop . In April , the company publicly acknowledged the breach . But , it wasn ’ t until last week that affected customers were individually notified that their cards were likely stolenAttack.Databreach. “ I ’ m pretty upset at GameStop . I should have been notified when they knew about it in April , ” said GameStop customer Ryan Duff , a former cyber operations tactician at U.S. Cyber Command . As a security professional , he said he expected better of GameStop when it came to notifying him of a possible breachAttack.Databreachof his credit card information . Subsequently , Duff said , the card used on GameStop.com back in November had been compromisedAttack.Databreach, according to his bank . “ There is no way it should have taken months to be notified , ” he said . Breach notification laws differ from state to state . But many states , such as Massachusetts , mandate victims be notified “ as soon as practicable and without unreasonable delay ” or the company may face civil penalties . The rules are there , in part , to allow for consumers to freeze accounts and avoid paying fees associated with having their card stolen . “ After receiving a report that data from payment card used on www.GameStop.com may have been obtainedAttack.Databreachby unauthorized individuals , we immediately began an investigation and hired a leading cybersecurity firm to assist us , ” wrote J. Paul Raines , chief executive officer of GameStop in a letter dated June 2 that was sent sent to impacted customers . “ Although the investigation did not identify evidence of unauthorized accessAttack.Databreachto payment card data , we determined on April 18 , 2017 that the potential for what to have occurred existed for certain transactions , ” he wrote . GameStop operates 7,500 retail stores and its consumer product network online includes GameStop.com , game site Kongregate.com and online retailer ThinkGeek . No retail customers were impacted by the breach , according to the company . “ GameStop identified and addressed a potential security incident that was related to transactions made on GameStop ’ s website during a specific period of time , ” the company said in a statement provided to Threatpost . “ GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take. ” Still unknown about the breachAttack.Databreachare how many customers may have been impacted , how was the data stolenAttack.Databreachand how was GameStop alerted to the fact the data had been stolenAttack.Databreach. In April , GameStop issued the statement : “ GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. ” Krebs on Security reported in April that GameStop had received an alert from a credit card processor stating that its website was potentially comprised . Originally , it was believed that the breachAttack.Databreachinvolved GameStop retail stores and that the company ’ s point-of-sale system may have been infected with malware . That was because the breachAttack.Databreachoccurred at the height of the holiday sales season and that stolen data included card verification values ( CVV2 ) . Online merchants are not supposed to store CVV2 codes on their e-commerce sites . However , since GameStop said no retail customers were impacted , it is now believed that GameStop.com was hacked and that the data was stolenAttack.Databreachthrough the use of malware . Over the past 12 months , there has been an unprecedented number of data breachesAttack.Databreach. Some of those impacted have been ecommerce sites running vulnerable versions of Magento and WordPress and ecommerce platforms Powerfront CMS and OpenCart . Criminals have used a number of techniques to siphonAttack.Databreachoff credit card data from these sites ranging from compromised ecommerce plugins that can perform reflected XSS ( cross-site scripting ) attacks , web-based keyloggers , and DOM-based XSS attacks . Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script .
GameStop customers received breachAttack.Databreachnotification warnings this week , cautioning them that their personal and financial information could have been compromisedAttack.Databreachnine months ago . According to postal letters sent to customers , GameStop said an undisclosed number of online customers had their credit card or bankcard data stolenAttack.Databreach, including the card numbers , expiration dates , names , addresses and the three-digit card verification values ( CVV2 ) . The breachAttack.Databreachoccurred between Aug 10 , 2016 to Feb 9 , 2017 , according to GameStop . In April , the company publicly acknowledged the breach . But , it wasn ’ t until last week that affected customers were individually notified that their cards were likely stolenAttack.Databreach. “ I ’ m pretty upset at GameStop . I should have been notified when they knew about it in April , ” said GameStop customer Ryan Duff , a former cyber operations tactician at U.S. Cyber Command . As a security professional , he said he expected better of GameStop when it came to notifying him of a possible breachAttack.Databreachof his credit card information . Subsequently , Duff said , the card used on GameStop.com back in November had been compromisedAttack.Databreach, according to his bank . “ There is no way it should have taken months to be notified , ” he said . Breach notification laws differ from state to state . But many states , such as Massachusetts , mandate victims be notified “ as soon as practicable and without unreasonable delay ” or the company may face civil penalties . The rules are there , in part , to allow for consumers to freeze accounts and avoid paying fees associated with having their card stolen . “ After receiving a report that data from payment card used on www.GameStop.com may have been obtainedAttack.Databreachby unauthorized individuals , we immediately began an investigation and hired a leading cybersecurity firm to assist us , ” wrote J. Paul Raines , chief executive officer of GameStop in a letter dated June 2 that was sent sent to impacted customers . “ Although the investigation did not identify evidence of unauthorized accessAttack.Databreachto payment card data , we determined on April 18 , 2017 that the potential for what to have occurred existed for certain transactions , ” he wrote . GameStop operates 7,500 retail stores and its consumer product network online includes GameStop.com , game site Kongregate.com and online retailer ThinkGeek . No retail customers were impacted by the breach , according to the company . “ GameStop identified and addressed a potential security incident that was related to transactions made on GameStop ’ s website during a specific period of time , ” the company said in a statement provided to Threatpost . “ GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take. ” Still unknown about the breachAttack.Databreachare how many customers may have been impacted , how was the data stolenAttack.Databreachand how was GameStop alerted to the fact the data had been stolenAttack.Databreach. In April , GameStop issued the statement : “ GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. ” Krebs on Security reported in April that GameStop had received an alert from a credit card processor stating that its website was potentially comprised . Originally , it was believed that the breachAttack.Databreachinvolved GameStop retail stores and that the company ’ s point-of-sale system may have been infected with malware . That was because the breachAttack.Databreachoccurred at the height of the holiday sales season and that stolen data included card verification values ( CVV2 ) . Online merchants are not supposed to store CVV2 codes on their e-commerce sites . However , since GameStop said no retail customers were impacted , it is now believed that GameStop.com was hacked and that the data was stolenAttack.Databreachthrough the use of malware . Over the past 12 months , there has been an unprecedented number of data breachesAttack.Databreach. Some of those impacted have been ecommerce sites running vulnerable versions of Magento and WordPress and ecommerce platforms Powerfront CMS and OpenCart . Criminals have used a number of techniques to siphonAttack.Databreachoff credit card data from these sites ranging from compromised ecommerce plugins that can perform reflected XSS ( cross-site scripting ) attacks , web-based keyloggers , and DOM-based XSS attacks . Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script .
GameStop customers received breachAttack.Databreachnotification warnings this week , cautioning them that their personal and financial information could have been compromisedAttack.Databreachnine months ago . According to postal letters sent to customers , GameStop said an undisclosed number of online customers had their credit card or bankcard data stolenAttack.Databreach, including the card numbers , expiration dates , names , addresses and the three-digit card verification values ( CVV2 ) . The breachAttack.Databreachoccurred between Aug 10 , 2016 to Feb 9 , 2017 , according to GameStop . In April , the company publicly acknowledged the breach . But , it wasn ’ t until last week that affected customers were individually notified that their cards were likely stolenAttack.Databreach. “ I ’ m pretty upset at GameStop . I should have been notified when they knew about it in April , ” said GameStop customer Ryan Duff , a former cyber operations tactician at U.S. Cyber Command . As a security professional , he said he expected better of GameStop when it came to notifying him of a possible breachAttack.Databreachof his credit card information . Subsequently , Duff said , the card used on GameStop.com back in November had been compromisedAttack.Databreach, according to his bank . “ There is no way it should have taken months to be notified , ” he said . Breach notification laws differ from state to state . But many states , such as Massachusetts , mandate victims be notified “ as soon as practicable and without unreasonable delay ” or the company may face civil penalties . The rules are there , in part , to allow for consumers to freeze accounts and avoid paying fees associated with having their card stolen . “ After receiving a report that data from payment card used on www.GameStop.com may have been obtainedAttack.Databreachby unauthorized individuals , we immediately began an investigation and hired a leading cybersecurity firm to assist us , ” wrote J. Paul Raines , chief executive officer of GameStop in a letter dated June 2 that was sent sent to impacted customers . “ Although the investigation did not identify evidence of unauthorized accessAttack.Databreachto payment card data , we determined on April 18 , 2017 that the potential for what to have occurred existed for certain transactions , ” he wrote . GameStop operates 7,500 retail stores and its consumer product network online includes GameStop.com , game site Kongregate.com and online retailer ThinkGeek . No retail customers were impacted by the breach , according to the company . “ GameStop identified and addressed a potential security incident that was related to transactions made on GameStop ’ s website during a specific period of time , ” the company said in a statement provided to Threatpost . “ GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take. ” Still unknown about the breachAttack.Databreachare how many customers may have been impacted , how was the data stolenAttack.Databreachand how was GameStop alerted to the fact the data had been stolenAttack.Databreach. In April , GameStop issued the statement : “ GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. ” Krebs on Security reported in April that GameStop had received an alert from a credit card processor stating that its website was potentially comprised . Originally , it was believed that the breachAttack.Databreachinvolved GameStop retail stores and that the company ’ s point-of-sale system may have been infected with malware . That was because the breachAttack.Databreachoccurred at the height of the holiday sales season and that stolen data included card verification values ( CVV2 ) . Online merchants are not supposed to store CVV2 codes on their e-commerce sites . However , since GameStop said no retail customers were impacted , it is now believed that GameStop.com was hacked and that the data was stolenAttack.Databreachthrough the use of malware . Over the past 12 months , there has been an unprecedented number of data breachesAttack.Databreach. Some of those impacted have been ecommerce sites running vulnerable versions of Magento and WordPress and ecommerce platforms Powerfront CMS and OpenCart . Criminals have used a number of techniques to siphonAttack.Databreachoff credit card data from these sites ranging from compromised ecommerce plugins that can perform reflected XSS ( cross-site scripting ) attacks , web-based keyloggers , and DOM-based XSS attacks . Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script .
GameStop customers received breachAttack.Databreachnotification warnings this week , cautioning them that their personal and financial information could have been compromisedAttack.Databreachnine months ago . According to postal letters sent to customers , GameStop said an undisclosed number of online customers had their credit card or bankcard data stolenAttack.Databreach, including the card numbers , expiration dates , names , addresses and the three-digit card verification values ( CVV2 ) . The breachAttack.Databreachoccurred between Aug 10 , 2016 to Feb 9 , 2017 , according to GameStop . In April , the company publicly acknowledged the breach . But , it wasn ’ t until last week that affected customers were individually notified that their cards were likely stolenAttack.Databreach. “ I ’ m pretty upset at GameStop . I should have been notified when they knew about it in April , ” said GameStop customer Ryan Duff , a former cyber operations tactician at U.S. Cyber Command . As a security professional , he said he expected better of GameStop when it came to notifying him of a possible breachAttack.Databreachof his credit card information . Subsequently , Duff said , the card used on GameStop.com back in November had been compromisedAttack.Databreach, according to his bank . “ There is no way it should have taken months to be notified , ” he said . Breach notification laws differ from state to state . But many states , such as Massachusetts , mandate victims be notified “ as soon as practicable and without unreasonable delay ” or the company may face civil penalties . The rules are there , in part , to allow for consumers to freeze accounts and avoid paying fees associated with having their card stolen . “ After receiving a report that data from payment card used on www.GameStop.com may have been obtainedAttack.Databreachby unauthorized individuals , we immediately began an investigation and hired a leading cybersecurity firm to assist us , ” wrote J. Paul Raines , chief executive officer of GameStop in a letter dated June 2 that was sent sent to impacted customers . “ Although the investigation did not identify evidence of unauthorized accessAttack.Databreachto payment card data , we determined on April 18 , 2017 that the potential for what to have occurred existed for certain transactions , ” he wrote . GameStop operates 7,500 retail stores and its consumer product network online includes GameStop.com , game site Kongregate.com and online retailer ThinkGeek . No retail customers were impacted by the breach , according to the company . “ GameStop identified and addressed a potential security incident that was related to transactions made on GameStop ’ s website during a specific period of time , ” the company said in a statement provided to Threatpost . “ GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take. ” Still unknown about the breachAttack.Databreachare how many customers may have been impacted , how was the data stolenAttack.Databreachand how was GameStop alerted to the fact the data had been stolenAttack.Databreach. In April , GameStop issued the statement : “ GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. ” Krebs on Security reported in April that GameStop had received an alert from a credit card processor stating that its website was potentially comprised . Originally , it was believed that the breachAttack.Databreachinvolved GameStop retail stores and that the company ’ s point-of-sale system may have been infected with malware . That was because the breachAttack.Databreachoccurred at the height of the holiday sales season and that stolen data included card verification values ( CVV2 ) . Online merchants are not supposed to store CVV2 codes on their e-commerce sites . However , since GameStop said no retail customers were impacted , it is now believed that GameStop.com was hacked and that the data was stolenAttack.Databreachthrough the use of malware . Over the past 12 months , there has been an unprecedented number of data breachesAttack.Databreach. Some of those impacted have been ecommerce sites running vulnerable versions of Magento and WordPress and ecommerce platforms Powerfront CMS and OpenCart . Criminals have used a number of techniques to siphonAttack.Databreachoff credit card data from these sites ranging from compromised ecommerce plugins that can perform reflected XSS ( cross-site scripting ) attacks , web-based keyloggers , and DOM-based XSS attacks . Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script .
GameStop customers received breachAttack.Databreachnotification warnings this week , cautioning them that their personal and financial information could have been compromisedAttack.Databreachnine months ago . According to postal letters sent to customers , GameStop said an undisclosed number of online customers had their credit card or bankcard data stolenAttack.Databreach, including the card numbers , expiration dates , names , addresses and the three-digit card verification values ( CVV2 ) . The breachAttack.Databreachoccurred between Aug 10 , 2016 to Feb 9 , 2017 , according to GameStop . In April , the company publicly acknowledged the breach . But , it wasn ’ t until last week that affected customers were individually notified that their cards were likely stolenAttack.Databreach. “ I ’ m pretty upset at GameStop . I should have been notified when they knew about it in April , ” said GameStop customer Ryan Duff , a former cyber operations tactician at U.S. Cyber Command . As a security professional , he said he expected better of GameStop when it came to notifying him of a possible breachAttack.Databreachof his credit card information . Subsequently , Duff said , the card used on GameStop.com back in November had been compromisedAttack.Databreach, according to his bank . “ There is no way it should have taken months to be notified , ” he said . Breach notification laws differ from state to state . But many states , such as Massachusetts , mandate victims be notified “ as soon as practicable and without unreasonable delay ” or the company may face civil penalties . The rules are there , in part , to allow for consumers to freeze accounts and avoid paying fees associated with having their card stolen . “ After receiving a report that data from payment card used on www.GameStop.com may have been obtainedAttack.Databreachby unauthorized individuals , we immediately began an investigation and hired a leading cybersecurity firm to assist us , ” wrote J. Paul Raines , chief executive officer of GameStop in a letter dated June 2 that was sent sent to impacted customers . “ Although the investigation did not identify evidence of unauthorized accessAttack.Databreachto payment card data , we determined on April 18 , 2017 that the potential for what to have occurred existed for certain transactions , ” he wrote . GameStop operates 7,500 retail stores and its consumer product network online includes GameStop.com , game site Kongregate.com and online retailer ThinkGeek . No retail customers were impacted by the breach , according to the company . “ GameStop identified and addressed a potential security incident that was related to transactions made on GameStop ’ s website during a specific period of time , ” the company said in a statement provided to Threatpost . “ GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take. ” Still unknown about the breachAttack.Databreachare how many customers may have been impacted , how was the data stolenAttack.Databreachand how was GameStop alerted to the fact the data had been stolenAttack.Databreach. In April , GameStop issued the statement : “ GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. ” Krebs on Security reported in April that GameStop had received an alert from a credit card processor stating that its website was potentially comprised . Originally , it was believed that the breachAttack.Databreachinvolved GameStop retail stores and that the company ’ s point-of-sale system may have been infected with malware . That was because the breachAttack.Databreachoccurred at the height of the holiday sales season and that stolen data included card verification values ( CVV2 ) . Online merchants are not supposed to store CVV2 codes on their e-commerce sites . However , since GameStop said no retail customers were impacted , it is now believed that GameStop.com was hacked and that the data was stolenAttack.Databreachthrough the use of malware . Over the past 12 months , there has been an unprecedented number of data breachesAttack.Databreach. Some of those impacted have been ecommerce sites running vulnerable versions of Magento and WordPress and ecommerce platforms Powerfront CMS and OpenCart . Criminals have used a number of techniques to siphonAttack.Databreachoff credit card data from these sites ranging from compromised ecommerce plugins that can perform reflected XSS ( cross-site scripting ) attacks , web-based keyloggers , and DOM-based XSS attacks . Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script .
A group of financially motivated hackers is targeting networks and systems of North American companies , threatening to leak the stolen information and cripple the company by disrupting their networks if they don ’ t pay a hefty ransomAttack.Ransom. The group , dubbed FIN10 by FireEye researchers , first gets access to the target companies ’ systems through spear-phishingAttack.Phishing( and possibly other means ) , then uses publicly available software , scripts and techniques to gain a foothold into victims ’ networks . They use Meterpreter or the SplinterRAT to establish the initial foothold within victim environments ( and later a permanent backdoor ) , then custom PowerShell-based utilities , the pen-testing tool PowerShell Empire , and scheduled tasks to achieve persistence . “ We have also observed FIN10 using PowerShell to load Metasploit Meterpreter stagers into memory , ” the researchers noted . The group leverages Windows Remote Desktop Protocol ( RDP ) and single-factor protected VPN to access various systems within the environment . Finally , they deploy destructive batch scripts intended to delete critical system files and shutdown network systems , in order to disrupt the normal operations of those systems . “ In all but one targeted intrusion we have attributed to FIN10 , the attacker ( s ) demandedAttack.Ransoma variable sum payable in Bitcoin for the non-release of sensitive data obtained during network reconnaissance stages , ” the researchers say . They requested sum varies between 100 to 500 Bitcoin . If the ransom isn’t paidAttack.Ransom, they publish the stolen data on Pastebin-type sites . The researchers do not mention if any of the companies refused to payAttack.Ransomand ended up having their systems and networks disrupted . For the time being , the group seems to have concentrated on hitting companies in North America , predominately in Canada . They ’ ve also concentrated on two types of businesses : mining companies and casinos . Still , it ’ s possible that they ’ ve targeted companies in other industries , or will do so in the future . FIN10 sends the extortion emails to staff and board members of the victim organizations , and are also known to contact bloggers and local journalists to inform them about the breach , likely in an attempt to pressure affected organizations into paying the ransomAttack.Ransom. Finally , even though they sign their emails with monikers used by Russian and Serbian hackers ( “ Angels_Of_Truth , ” “ Tesla Team , ” Anonymous Threat Agent ” ) , the quality of the group ’ s English , the low quality of their Russian , and inconsistencies in tradecraft all point away from these particular individuals or groups . “ Emphasis in regional targeting of North American-based organizations could possibly suggest the attacker ( s ) familiarity with the region , ” the researchers noted . They also point out that the “ relative degree of operational success enjoyed by FIN10 makes it highly probable the group will continue to conduct similar extortionAttack.Ransom- based campaigns at least in the near term. ” Companies that have been received a similar ransom demandAttack.Ransomare advised to move fast to confirm that the breach has actually happened , to determine the scope of the breach , to contain the attack , to boot the attackers from their networks , and make sure they can ’ t come back . Those last two steps are , perhaps , better done after the company definitely decides that they are ready to deal with the consequences of the attackers ’ anger . Calling in law enforcement and legal counsel for advice on what to do is also a good idea . “ Understand that paying the ransomAttack.Ransommay be the right option , but there are no guarantees the attacker ( s ) won ’ t come back for more money or simply leak the data anyway . Include experts in the decision-making process and understand the risks associated with all options , ” the researchers advise . Companies that have yet to be targeted by these or other hackers would do well to improve their security posture , but also to prepare for data breachesAttack.Databreachby tightening access to their backup environment , and knowing exactly who will be called in to help in case of a breachAttack.Databreach.
PhishingAttack.Phishingand other hacking incidents have led to several recently reported large health data breachesAttack.Databreach, including one that UConn Health reports affected 326,000 individuals . In describing a phishing attackAttack.Phishing, UConn Health says that on Dec 24 , 2018 , it determined that an unauthorized third party illegally accessedAttack.Databreacha limited number of employee email accounts containing patient information , including some individuals ' names , dates of birth , addresses and limited medical information , such as billing and appointment information . The accounts also contained the Social Security numbers of some individuals . Several other healthcare entities also have recently reported to federal regulators data breachesAttack.Databreachinvolving apparent phishingAttack.Phishingand other email-related attacks . `` All of these incidents speak to the rampant attacks we are seeing across healthcare , and yet organizations are still not investing enough in protection or detection , '' says Mac McMillan , CEO of security consulting firm CynergisTek . UConn Health , an academic medical center , says in a media statement that it identified approximately 326,000 potentially impacted individuals whose personal information was contained in the compromisedAttack.Databreachemail accounts . For approximately 1,500 of these individuals , this information included Social Security numbers . `` It is important to note that , at this point , UConn Health does not know for certain if any personal information was ever viewed or acquiredAttack.Databreachby the unauthorized party , and is not aware of any instances of fraud or identity theft as a result of this incident , '' the statement notes . `` The incident had no impact on UConn Health 's computer networks or electronic medical record systems . '' UConn Health is offering prepaid identity theft protection services to individuals whose Social Security numbers may be impacted . The organization says it has notified law enforcement officials and retained a forensics firm to investigate the matter . Once the U.S.Department of Health and Human Services confirms the details , the attackAttack.Databreachon UConn Health could rank as the second largest health data breachAttack.Databreachreported so far this year , based on a snapshot of its HIPAA Breach Reporting Tool website on Monday . The largest health data breachAttack.Databreachrevealed so far this year , but not yet added to the tally , affected University of Washington Medicine . UW Medicine says a misconfigured database left patient data exposedAttack.Databreachon the internet for several weeks last December , resulting in a breachAttack.Databreachaffecting 974,000 individuals . Several other phishingAttack.Phishingand hacking incidents have been added to the HHS `` wall of shame '' tally in recent weeks . Among those is a hacking incident impacting 40,000 individuals reported on Feb 1 by Minnesota-based Reproductive Medicine and Infertility Associates . In a statement , the organization notes that on Dec 5 , 2018 , it discovered it had been the target of a `` criminal malware attack . '' An RMIA practice manager tells Information Security Media Group that independent computer forensics experts removed the malware , but did not definitively determine how the malware infection was launched . The practice suspects the malware was likely embedded in an email attachment , he says . RMIA 's statement notes that while the investigation did not identify any evidence of unauthorized accessAttack.Databreachto anyone 's personal information , `` we unfortunately could not completely rule out the possibility that patients ' personal information , including name , address , date of birth , health insurance information , limited treatment information and , for donors only , Social Security number , may have been accessibleAttack.Databreach. '' In the aftermath of the incident , RMIA says it 's adding another firewall , requiring changes to user credentials/passwords , implementing dual-factor authentication and providing additional staff training regarding information security . '' Also reporting a hacking incident in recent weeks was Charleston , S.C.-based Roper St.Francis Healthcare , which operates several hospitals in the region . The attack was reported as impacting nearly 35,300 individuals . In a Jan 29 statement , the entity says that on Nov 30 , 2018 , it learned that an unauthorized actor may have gained accessAttack.Databreachto some of its employees ' email accounts between Nov 15 and Dec 1 , 2018 , `` Our investigation determined that some patient information may have been contained in the email accounts , patients ' names , medical record numbers , information about services they received from Roper St.Francis , health insurance information , and , in some cases , Social Security numbers and financial information , '' the statement says . For those patients whose Social Security number was potentially exposedAttack.Databreach, the organization is offering prepaid credit monitoring and identity protection services . `` To help prevent something like this from happening again , we are continuing education with our staff on email protection and enhancing our email security , '' Roper St. Francis says . As phishingAttack.Phishingcontinues to menace healthcare entities , covered entities and business associates need to keep up with their defenses , some experts note . `` Phishing techniques have become more sophisticated than in the past , '' note Kate Borten , president of security and privacy consulting firm The Marblehead Group . `` Workforce training should include simulated phishing attacksAttack.Phishingto make people better prepared to recognize and thwart a real attack . '' To help mitigate breach risks , organizations should be deploying next-generation firewalls and multifactor authentication , plus employing advanced malware detection solutions , McMillan says . Too many organizations are overlooking the value of multifactor authentication , Borten adds . `` Two-factor user authentication was intended to be required over the internet and public networks in the proposed HIPAA Security Rule , '' she notes . `` Unfortunately , since that requirement was dropped in the final rule , healthcare is lagging on multifactor authentication , which is easier now than ever to implement . '' But McMillan advises healthcare organizations to avoid using multifactor authentication systems that use SMS to transmit a one-time password because those messages can be interceptedAttack.Databreach. `` The software- or hardware-based solutions are preferred , '' McMillan says . So what other technologies or best practices should covered entities and business associates consider to prevent falling victim to phishingAttack.Phishingand other attacks ? `` Unfortunately we have n't seen any silver bullets here yet , but one thing we might want to begin exploring is just what an attacker has accessAttack.Databreachto when they compromiseAttack.Databreacha user 's account , '' McMillan notes . `` All too often , we hear that the accounts compromisedAttack.Databreachhad incredibly large numbers of emails immediately accessibleAttack.Databreachto the attacker . The question is , are their better ways to deal with retention that mitigate risk as well ? ''