on affecting “ a small percentage of our Radisson Rewards members ” . Business Traveller was alerted to the incident by one of our readers , who had received an email from Radisson confirming that his details had been compromisedAttack.Databreach. Radisson says that it identified the breach on October 1 , although it ’ s not clear exactly when the incident occured . A statement on the group ’ s website states : “ This data security incident did not compromiseAttack.Databreachany credit card or password information . Our ongoing investigation has determined that the information accessedAttack.Databreachwas restricted to member name , address ( including country of residence ) , email address , and in some cases , company name , phone number , Radisson Rewards member number and any frequent flyer numbers on file . “ Upon identifying this issue Radisson Rewards immediately revoked access to the unauthorized person ( s ) . All impacted member accounts have been secured and flagged to monitor for any potential unauthorized behavior . “ While the ongoing risk to your Radisson Rewards account is low , please monitor your account for any suspicious activity . You should also be aware that third parties may claim to beAttack.PhishingRadisson Rewards and attempt to gather personal information by deception ( known as “ phishingAttack.Phishing” ) , including through the use of links to fake websites . Radisson Rewards will not ask for your password or user information to be provided in an e-mail . “ Radisson Rewards takes this incident very seriously and is conducting an ongoing extensive investigation into the incident to help prevent data privacy incidents from happening again in the future. ” Radisson says that affected members will have receives an email notification from Radisson Rewards either yesterday ( October 30 ) or today ( October 31 ) . In the FAQs Radisson stresses that credit card data was not exposed by the breachAttack.Databreach, nor were members ’ passwords or travel histories / future stays . The hotel group is the latest in a line of travel companies to suffer data breachesAttack.Databreach, with British Airways and Cathay Pacific both admitting to compromisedAttack.Databreachdata in the last couple of months .
Today , federal officials announced new charges relating to the 2014 hack of Yahoo , alleging a conspiracy between criminal hackers and the Russian Federal Security Agency ( or FSB ) . The indictment names two FSB agents — Igor Suschin and Dmitry Dokuchaev — who allegedly contracted two criminal hackers — Aleksey Belan and Karim Baratov — to compromiseAttack.DatabreachYahoo ’ s database , which included both US military officers and Russian journalists believed to be of interest to the FSB . Baratov was arrested yesterday in Canada , Department of Justice officials say . “ There are no free passes for foreign , state-sponsored criminal behavior , ” Assistant Attorney General McCord told reporters at a press conference . When Yahoo first disclosed the breach in September , the company attributed the attack to “ a state-sponsored actor , ” a claim that some security experts found questionable at the time . Subsequent reports found that the Yahoo database was soldAttack.Databreacha number of times , suggesting a criminal profit motive rather than intelligence gathering . According to the Department of Justice , that was a result of the FSB ’ s collaboration with its criminal contractors , who sold much of the stolen information after it had been handed over . One of the contractors also allegedly searched the accounts for gift cards and other financial info . Yahoo ’ s database was breachedAttack.Databreachtwo separate times during the period — once in August 2013 and again in late 2014 , revealing account details for hundreds of millions of users each time . Today ’ s charges deal only with the 2014 breachAttack.Databreach, which compromisedAttack.Databreach500 million accounts . Many blamed Yahoo CEO Marissa Mayer for refusing to invest in more robust security measures . Mayer later acknowledged the error , and gave up her annual salary , bonus and equity grant for 2016 as a result . Details of the breaches became public only after Yahoo had struck a deal to be acquired by Verizon . News of the security issues caused significant friction in the deal , ultimately causing Verizon to lower its purchase price by $ 350 million , to $ 4.4 billion dollars .
Cyber criminals took a second swing at Mecklenburg County government on Thursday after officials rejected a demand for moneyAttack.Ransomfollowing a ransomware attackAttack.Ransom. The follow-up attempts to hold the county hostage over illegally encrypted data came just hours after County Manager Dena Diorio announced she ’ d decided against payingAttack.Ransoma hacker ransomAttack.Ransom. Instead of agreeing to payAttack.Ransomcriminals , she said Wednesday , the county will rebuild its system applications and restore files and data from backups . But by Thursday afternoon , hackers tried to strike again . Diorio sent staff members an email saying , “ I have a new warning for employees. ” As the county ’ s IT staff worked to recover from the first cyberattack , Diorio said , they discovered more attempts to compromiseAttack.Databreachcomputers and data on Thursday . “ To limit the possibility of a new infection , ITS is disabling employees ’ ability to open attachments generated by DropBox and Google Documents , ” she wrote in an email . “ The best advice for now is to limit your use of emails containing attachments , and try to conduct as much business as possible by phone or in person. ” She described the aftermath of the ransomware attackAttack.Ransomas a “ crisis ” and reassured employees they should not feel personally responsible for the incident . The county first learned of the problem earlier this week after an employee openedAttack.Phishinga malicious “ phishing ” email and accessed an attached file that unleashed a widespread problem inside the county ’ s network of computers and information technology . The intent of that ransomware attackAttack.Ransomwas to essentially access as many county government files and data servers as possible . Then , the information was encrypted or locked , keeping employees at the county from accessing operating systems and files . The person or people responsible for the infiltration then demandedAttack.Ransomthe county payAttack.Ransomtwo bitcoins , or about $ 23,000 , in exchange for a release of the locked data . The county refused to payAttack.Ransom. County officials say they anticipate the recovery time for Mecklenburg County government operations will take days . “ We are open for business , and we are slow , but there ’ s no indication of any data lossAttack.Databreachor that personal information was compromisedAttack.Databreach, ” Diorio said . Diorio said third-party security experts believe the attackAttack.Ransomearlier this week by a new strain of ransomware called LockCrypt originated from Iran or Ukraine . Forty-eight of about 500 county computer servers were affected .
Award-winning cooking tools company OXO revealed that it has suffered data breachesAttack.Databreachover the last two years that may have compromisedAttack.Databreachcustomer and credit card information . In a breach disclosure letter filed with the State of California , OXO said that the data security incident involved “ sophisticated criminal activity that may have exposedAttack.Databreachsome of your personal information. ” The attacker is believed to have accessedAttack.Databreachcredit card information , along with names and billing and shipping addresses , though the letter does not state the scope of impact . “ On December 17 , 2018 , OXO confirmed through our forensic investigators that the security of certain personal information that you entered into our e-commerce website ( https : //www.oxo.com ) may have been compromisedAttack.Databreach. We currently believe that information entered in the customer order form between June 9 , 2017 – November 28 , 2017 , June 8 , 2018 – June 9 , 2018 , July 20 , 2018 – October 16 , 2018 may have been compromisedAttack.Databreach. While we believe the attempt to compromiseAttack.Databreachyour payment information may have been ineffective , we are notifying you out of an abundance of caution. ” OXO is currently working with security consultants and forensic investigators , who are lookingVulnerability-related.DiscoverVulnerabilityat past vulnerabilities in the website as part of an ongoing investigation of the incident . Additionally , the company has taken measures to secure its site to prevent future incidents . “ This latest breach underscores the importance of 24/7 security monitoring , ” said Matan Or-El , CEO of Panorays . “ With the new year upon us , companies should perform an in-depth review of all their digital assets to ensure that they and their third parties have not been compromised . We expect that future hacks will be targeted towards entire industries so as to maximize the payout for cyber-criminals. ” OXO has also secured the services of risk mitigation and response firm Kroll in order to extend identify monitoring services to its customers .
French presidential candidate Emmanuel Macron 's campaign team confirmed on Wednesday that his party had been the target of a series of attempts to stealAttack.Databreachemail credentials since January but that they had failed to compromiseAttack.Databreachany campaign data . Macron 's party , known as `` En Marche ! '' or `` Onwards '' , said it had been hitAttack.Phishingby at least five advanced "phishing" attacksAttack.Phishingthat involved trying to trickAttack.Phishinga broad number of campaign staff members to click on professionally-looking fake web pages . The latest attacks were confirmed by security firm Trend Micro , whose researchers found links to a cyber espionage group it has dubbed Pawn Storm , the Macron team noted . Other experts link the group , also known as `` Fancy Bear '' or `` APT 28 '' , to Russian military intelligence agency GRU . Russia has denied involvement in attacks on Macron 's campaign . Macron , an independent centrist who has been critical of Russian foreign policy , faces far-right leader Marine Le Pen in France 's presidential runoff on May 7 . Le Pen has taken loans from Russian banks and has called for closer ties with Moscow . `` Emmanuel Macron is the only candidate in the French presidential campaign to be targeted ( in phishing attacksAttack.Phishing) , '' his party said in a statement , adding this was `` no coincidence '' . In mid-February , an En Marche ! official told a news conference the party was enduring `` hundreds if not thousands '' of attacks on its networks , databases and sites from locations inside Russia and asked the French government for assistance . The Macron campaign said on Wednesday it had carried out counter-offensive actions against the fake web sites , which were designed to trickAttack.Phishingcampaign workers into divulging their user credentials . As a further precaution , it also said En Marche ! does not use email to share confidential information .
Two Italian siblings have been arrested on Monday and stand accused of having spied on Italian politicians , state institutions and law enforcement agencies , businesses and businesspeople , law firms , leaders of Italian masonic lodges , and Vatican officials for years . 45-year-old Giulio Occhionero and 49-year-old Francesca Maria Occhionero , both from Rome but currently residing in London , have allegedly used specially crafted malware ( dubbed “ EyePyramid ” ) to compromiseAttack.Databreachthe targets ’ computers and exfiltrateAttack.Databreachall kinds of documents , as well as log keystrokes and stealAttack.Databreachlogin credentials for sensitive accounts . According to court documents ( in Italian ) , the investigation began a few months after a security professional employed by ENAV , an Italian company responsible for the provision of air traffic services ( ATS ) and other air navigation services in Italy , flagged and reported a malicious attachment he received via email . The spear-phishing email was purportedly sentAttack.Phishingby an Italian attorney , but the infosec pro became suspicious and sent the attachment to security company Mentat Solutions for analysis . The attachment was found to contain the EyePyramid malware . After the authorities got involved , the investigation revealed that the email was , indeed , sentAttack.Phishingfrom the attorney ’ s email account , but that it was sentAttack.Phishingby someone who had compromised the account and accessed it via TOR .
The attack was discovered when the perpetrators attempted a fraudulent wire transfer of money . A link has been posted to your Facebook feed . A phishing email attackAttack.Phishingpotentially compromised the accounts of as many as 18,000 current and former employees of media company Gannett Co. As of Tuesday there was no indication of accessAttack.Databreachto or acquisition of any sensitive personal data from employees ’ accounts , said the company . Gannett Co. ( GCI ) is the owner of USA TODAY , the publisher of this report , and 109 local news properties across the United States . The attack was discovered on March 30 and investigated by Gannett ’ s cybersecurity team . It appeared to originate in emails to human resources staff . The 18,000 current and former employees of the company will be sent notices about the incident and offer of credit monitoring via the US Postal Service . No customer account information was touchedAttack.Databreachby the phishing attackAttack.Phishing. They will be provided with an offer of credit monitoring because employee information was potentially available through some of the affected account login credentials before the accounts were locked down . Phishing attacksAttack.Phishingare a common method used by attackers to infiltrate computer networks . They typically consist of faked emails sent toAttack.Phishingan employee that enticeAttack.Phishingthem to click on a link that unleashes malicious software that can compromiseAttack.Databreachtheir computer accounts . Once in a network , attackers can then leapfrog to other accounts , working their way deeper into the system . In the Gannett attack , the infiltration was discovered when the perpetrator attempted to use a co-opted account for a fraudulent corporate wire transfer request . The attempt was identified by Gannett 's finance team as suspicious and was unsuccessful .
Leading French presidential candidate Emmanuel Macron ’ s campaign said on Friday it had been the target of a “ massive ” computer hackAttack.Databreachthat dumpedAttack.Databreachits campaign emails online 1-1/2 days before voters choose between the centrist and his far-right rival , Marine Le Pen . Macron , who is seen as the frontrunner in an election billed as the most important in France in decades , extended his lead over Le Pen in polls on Friday . As much as 9 gigabytes of data were posted on a profile called EMLEAKS to Pastebin , a site that allows anonymous document sharing . It was not immediately clear who was responsible for posting the data or if any of it was genuine . In a statement , Macron ’ s political movement En Marche ! ( Onwards ! ) confirmed that it had been hacked . “ The En Marche Movement has been the victim of a massive and co-ordinated hackAttack.Databreachthis evening which has given rise to the diffusion on social media of various internal information , ” the statement said . An interior ministry official declined to comment , citing French rules that forbid any commentary liable to influence an election , which took effect at midnight on Friday ( 2200 GMT ) . The presidential election commission said in statement that it would hold a meeting later on Saturday after Macron ’ s campaign informed it about the hackAttack.Databreachand publishing of the data . Former economy minister Macron ’ s campaign has previously complained about attempts to hackAttack.Databreachits emails , blaming Russian interests in part for the cyber attacksAttack.Databreach. On April 26 , the team said it had been the target of a attempts to stealAttack.Databreachemail credentials dating back to January , but that the perpetrators had failed to compromiseAttack.Databreachany campaign data . The Kremlin has denied it was behind any such attacks , even though Macron ’ s camp renewed complaints against Russian media and a hackers ’ group operating in Ukraine . Vitali Kremez , director of research with New York-based cyber intelligence firm Flashpoint , told Reuters his review indicates that APT 28 , a group tied to the GRU , the Russian military intelligence directorate , was behind the leak . He cited similarities with U.S. election hacks that have been previously attributed to that group . APT28 last month registered decoyAttack.Phishinginternet addresses to mimicAttack.Phishingthe name of En Marche , which it likely used sendAttack.Phishingtainted emails to hack into the campaign ’ s computers , Kremez said . Those domains include onedrive-en-marche.fr and mail-en-marche.fr . “ If indeed driven by Moscow , this leak appears to be a significant escalation over the previous Russian operations aimed at the U.S. presidential election , expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome , ” Kremez said . France is the latest nation to see a major election overshadowed by accusations of manipulation through cyber hacking . En Marche said the documents only showed the normal functioning of a presidential campaign , but that authentic documents had been mixed on social media with fake ones to sow “ doubt and misinformation ” . Ben Nimmo , a UK-based security researcher with the Digital Forensic Research Lab of the Atlantic Council think tank , said initial analysis indicated that a group of U.S. far-right online activists were behind early efforts to spread the documents via social media . They were later picked up and promoted by core social media supporters of Le Pen in France , Nimmo said . The leaks emerged on 4chan , a discussion forum popular with far right activists in the United States . An anonymous poster provided links to the documents on Pastebin , saying , “ This was passed on to me today so now I am giving it to you , the people . ”
Save the Children Foundation has revealed that the charity was targeted by fraudsters last year , leading to the loss of $ 1 million . Speaking to the Boston Globe , the US arm of the non-profit , which supports children worldwide , said that con artists managed to compromiseAttack.Databreachan employee 's email account in order to masquerade asAttack.Phishingthe staff member in question . Once access was gainedAttack.Databreachto the account , the hackers behind the scam createdAttack.Phishinga number of false invoices and related documents which described a need to purchase solar panels for health centers located in Pakistan . The Connecticut-based charity organization fell for the ruseAttack.Phishing, conducted in May 2017 , and approved the transfer of close to $ 1 million to an entity in Japan which was used as a front to rake in the proceeds . By the time the foundation realized the invoice was false , it was too late and the money was gone . The publication says that Save the Children possessed insurance which covered close to all of the lost funds , and in the end , the charity only lost $ 112,000 . `` We have improved our security measures to help ensure this does not happen again , '' Stacy Brandom , the chief financial officer of Save the Children told the Globe . `` Fortunately , through insurance , we were ultimately reimbursed for most of the funds . '' The scammers targeting the charity appeared to follow the rules of Business Email Compromise (BEC) attacksAttack.Phishingalmost to the letter . These campaigns have a number of steps , compromiseAttack.Databreacha business email account via brute-force hacking or social engineering ; pretend to beAttack.Phishinga legitimate staff member , and lureAttack.Phishinganother individual to approve false invoices or fraudulent payments . The FBI has previously warned that December 2016 and May 2018 , there was a 136 percent increase in BEC scamsAttack.Phishing, reported across 150 countries , Ill-gotten funds are often sent to entities in Asia and billions of dollars have been lost . In February , IBM said a single BEC scamAttack.Phishingoriginating in Nigeria led to the loss of millions of dollars belonging to Fortune 500 companies . These types of scams are incredibly common and it can be difficult to track down the fraudsters responsible , who may be located in any country in the world . However , on rare occasion , a BEC scam artist is taken to task for their actions . In September , a man from Nigeria was ordered to pay $ 2.5 million and serve five years in prison for conducting a variety of BEC scamsAttack.Phishingagainst enterprise companies . Prosecutors estimate that the con artist defrauded victims out of hundreds of millions of dollars .
Save the Children Foundation has revealed that the charity was targeted by fraudsters last year , leading to the loss of $ 1 million . Speaking to the Boston Globe , the US arm of the non-profit , which supports children worldwide , said that con artists managed to compromiseAttack.Databreachan employee 's email account in order to masquerade asAttack.Phishingthe staff member in question . Once access was gainedAttack.Databreachto the account , the hackers behind the scam createdAttack.Phishinga number of false invoices and related documents which described a need to purchase solar panels for health centers located in Pakistan . The Connecticut-based charity organization fell for the ruseAttack.Phishing, conducted in May 2017 , and approved the transfer of close to $ 1 million to an entity in Japan which was used as a front to rake in the proceeds . By the time the foundation realized the invoice was false , it was too late and the money was gone . The publication says that Save the Children possessed insurance which covered close to all of the lost funds , and in the end , the charity only lost $ 112,000 . `` We have improved our security measures to help ensure this does not happen again , '' Stacy Brandom , the chief financial officer of Save the Children told the Globe . `` Fortunately , through insurance , we were ultimately reimbursed for most of the funds . '' The scammers targeting the charity appeared to follow the rules of Business Email Compromise (BEC) attacksAttack.Phishingalmost to the letter . These campaigns have a number of steps , compromiseAttack.Databreacha business email account via brute-force hacking or social engineering ; pretend to beAttack.Phishinga legitimate staff member , and lureAttack.Phishinganother individual to approve false invoices or fraudulent payments . The FBI has previously warned that December 2016 and May 2018 , there was a 136 percent increase in BEC scamsAttack.Phishing, reported across 150 countries , Ill-gotten funds are often sent to entities in Asia and billions of dollars have been lost . In February , IBM said a single BEC scamAttack.Phishingoriginating in Nigeria led to the loss of millions of dollars belonging to Fortune 500 companies . These types of scams are incredibly common and it can be difficult to track down the fraudsters responsible , who may be located in any country in the world . However , on rare occasion , a BEC scam artist is taken to task for their actions . In September , a man from Nigeria was ordered to pay $ 2.5 million and serve five years in prison for conducting a variety of BEC scamsAttack.Phishingagainst enterprise companies . Prosecutors estimate that the con artist defrauded victims out of hundreds of millions of dollars .
PhishingAttack.Phishingand other hacking incidents have led to several recently reported large health data breachesAttack.Databreach, including one that UConn Health reports affected 326,000 individuals . In describing a phishing attackAttack.Phishing, UConn Health says that on Dec 24 , 2018 , it determined that an unauthorized third party illegally accessedAttack.Databreacha limited number of employee email accounts containing patient information , including some individuals ' names , dates of birth , addresses and limited medical information , such as billing and appointment information . The accounts also contained the Social Security numbers of some individuals . Several other healthcare entities also have recently reported to federal regulators data breachesAttack.Databreachinvolving apparent phishingAttack.Phishingand other email-related attacks . `` All of these incidents speak to the rampant attacks we are seeing across healthcare , and yet organizations are still not investing enough in protection or detection , '' says Mac McMillan , CEO of security consulting firm CynergisTek . UConn Health , an academic medical center , says in a media statement that it identified approximately 326,000 potentially impacted individuals whose personal information was contained in the compromisedAttack.Databreachemail accounts . For approximately 1,500 of these individuals , this information included Social Security numbers . `` It is important to note that , at this point , UConn Health does not know for certain if any personal information was ever viewed or acquiredAttack.Databreachby the unauthorized party , and is not aware of any instances of fraud or identity theft as a result of this incident , '' the statement notes . `` The incident had no impact on UConn Health 's computer networks or electronic medical record systems . '' UConn Health is offering prepaid identity theft protection services to individuals whose Social Security numbers may be impacted . The organization says it has notified law enforcement officials and retained a forensics firm to investigate the matter . Once the U.S.Department of Health and Human Services confirms the details , the attackAttack.Databreachon UConn Health could rank as the second largest health data breachAttack.Databreachreported so far this year , based on a snapshot of its HIPAA Breach Reporting Tool website on Monday . The largest health data breachAttack.Databreachrevealed so far this year , but not yet added to the tally , affected University of Washington Medicine . UW Medicine says a misconfigured database left patient data exposedAttack.Databreachon the internet for several weeks last December , resulting in a breachAttack.Databreachaffecting 974,000 individuals . Several other phishingAttack.Phishingand hacking incidents have been added to the HHS `` wall of shame '' tally in recent weeks . Among those is a hacking incident impacting 40,000 individuals reported on Feb 1 by Minnesota-based Reproductive Medicine and Infertility Associates . In a statement , the organization notes that on Dec 5 , 2018 , it discovered it had been the target of a `` criminal malware attack . '' An RMIA practice manager tells Information Security Media Group that independent computer forensics experts removed the malware , but did not definitively determine how the malware infection was launched . The practice suspects the malware was likely embedded in an email attachment , he says . RMIA 's statement notes that while the investigation did not identify any evidence of unauthorized accessAttack.Databreachto anyone 's personal information , `` we unfortunately could not completely rule out the possibility that patients ' personal information , including name , address , date of birth , health insurance information , limited treatment information and , for donors only , Social Security number , may have been accessibleAttack.Databreach. '' In the aftermath of the incident , RMIA says it 's adding another firewall , requiring changes to user credentials/passwords , implementing dual-factor authentication and providing additional staff training regarding information security . '' Also reporting a hacking incident in recent weeks was Charleston , S.C.-based Roper St.Francis Healthcare , which operates several hospitals in the region . The attack was reported as impacting nearly 35,300 individuals . In a Jan 29 statement , the entity says that on Nov 30 , 2018 , it learned that an unauthorized actor may have gained accessAttack.Databreachto some of its employees ' email accounts between Nov 15 and Dec 1 , 2018 , `` Our investigation determined that some patient information may have been contained in the email accounts , patients ' names , medical record numbers , information about services they received from Roper St.Francis , health insurance information , and , in some cases , Social Security numbers and financial information , '' the statement says . For those patients whose Social Security number was potentially exposedAttack.Databreach, the organization is offering prepaid credit monitoring and identity protection services . `` To help prevent something like this from happening again , we are continuing education with our staff on email protection and enhancing our email security , '' Roper St. Francis says . As phishingAttack.Phishingcontinues to menace healthcare entities , covered entities and business associates need to keep up with their defenses , some experts note . `` Phishing techniques have become more sophisticated than in the past , '' note Kate Borten , president of security and privacy consulting firm The Marblehead Group . `` Workforce training should include simulated phishing attacksAttack.Phishingto make people better prepared to recognize and thwart a real attack . '' To help mitigate breach risks , organizations should be deploying next-generation firewalls and multifactor authentication , plus employing advanced malware detection solutions , McMillan says . Too many organizations are overlooking the value of multifactor authentication , Borten adds . `` Two-factor user authentication was intended to be required over the internet and public networks in the proposed HIPAA Security Rule , '' she notes . `` Unfortunately , since that requirement was dropped in the final rule , healthcare is lagging on multifactor authentication , which is easier now than ever to implement . '' But McMillan advises healthcare organizations to avoid using multifactor authentication systems that use SMS to transmit a one-time password because those messages can be interceptedAttack.Databreach. `` The software- or hardware-based solutions are preferred , '' McMillan says . So what other technologies or best practices should covered entities and business associates consider to prevent falling victim to phishingAttack.Phishingand other attacks ? `` Unfortunately we have n't seen any silver bullets here yet , but one thing we might want to begin exploring is just what an attacker has accessAttack.Databreachto when they compromiseAttack.Databreacha user 's account , '' McMillan notes . `` All too often , we hear that the accounts compromisedAttack.Databreachhad incredibly large numbers of emails immediately accessibleAttack.Databreachto the attacker . The question is , are their better ways to deal with retention that mitigate risk as well ? ''