on affecting “ a small percentage of our Radisson Rewards members ” . Business Traveller was alerted to the incident by one of our readers , who had received an email from Radisson confirming that his details had been compromisedAttack.Databreach. Radisson says that it identified the breach on October 1 , although it ’ s not clear exactly when the incident occured . A statement on the group ’ s website states : “ This data security incident did not compromiseAttack.Databreachany credit card or password information . Our ongoing investigation has determined that the information accessedAttack.Databreachwas restricted to member name , address ( including country of residence ) , email address , and in some cases , company name , phone number , Radisson Rewards member number and any frequent flyer numbers on file . “ Upon identifying this issue Radisson Rewards immediately revoked access to the unauthorized person ( s ) . All impacted member accounts have been secured and flagged to monitor for any potential unauthorized behavior . “ While the ongoing risk to your Radisson Rewards account is low , please monitor your account for any suspicious activity . You should also be aware that third parties may claim to beAttack.PhishingRadisson Rewards and attempt to gather personal information by deception ( known as “ phishingAttack.Phishing” ) , including through the use of links to fake websites . Radisson Rewards will not ask for your password or user information to be provided in an e-mail . “ Radisson Rewards takes this incident very seriously and is conducting an ongoing extensive investigation into the incident to help prevent data privacy incidents from happening again in the future. ” Radisson says that affected members will have receives an email notification from Radisson Rewards either yesterday ( October 30 ) or today ( October 31 ) . In the FAQs Radisson stresses that credit card data was not exposed by the breachAttack.Databreach, nor were members ’ passwords or travel histories / future stays . The hotel group is the latest in a line of travel companies to suffer data breachesAttack.Databreach, with British Airways and Cathay Pacific both admitting to compromisedAttack.Databreachdata in the last couple of months .
Hollywood Presbyterian Medical Center paidAttack.Ransoma $ 17,000 ransomAttack.Ransomin bitcoin to a hacker who seized control of the hospital 's computer systems and would give back access only when the money was paidAttack.Ransom, the hospital 's chief executive said Wednesday . The assaultAttack.Ransomon Hollywood Presbyterian occurred Feb 5 , when hackers using malware infected the institution 's computers , preventing hospital staff from being able to communicate from those devices , said Chief Executive Allen Stefanek . The hacker demandedAttack.Ransom40 bitcoin , the equivalent of about $ 17,000 , he said . `` The malware locks systems by encrypting files and demanding ransomAttack.Ransomto obtain the decryption key . The quickest and most efficient way to restore our systems and administrative functions was to pay the ransomAttack.Ransomand obtain the decryption key , '' Stefanek said . `` In the best interest of restoring normal operations , we did this . '' The hospital said it alerted authorities and was able to regain control of all its computer systems by Monday , with the assistance of technology experts . Stefanek said patient care was never compromisedAttack.Databreach, nor were hospital records . Top hospital officials called the Los Angeles Police Department last week , according to police Lt John Jenal . Laura Eimiller , an FBI spokeswoman , said the bureau has taken over the hacking investigation but declined to discuss specifics of the case . Law enforcement sources told The Times that the hospital paid the ransomAttack.Ransombefore reaching out to law enforcement for assistance . The attack forced the hospital to return to pen and paper for its record-keeping .
Today , federal officials announced new charges relating to the 2014 hack of Yahoo , alleging a conspiracy between criminal hackers and the Russian Federal Security Agency ( or FSB ) . The indictment names two FSB agents — Igor Suschin and Dmitry Dokuchaev — who allegedly contracted two criminal hackers — Aleksey Belan and Karim Baratov — to compromiseAttack.DatabreachYahoo ’ s database , which included both US military officers and Russian journalists believed to be of interest to the FSB . Baratov was arrested yesterday in Canada , Department of Justice officials say . “ There are no free passes for foreign , state-sponsored criminal behavior , ” Assistant Attorney General McCord told reporters at a press conference . When Yahoo first disclosed the breach in September , the company attributed the attack to “ a state-sponsored actor , ” a claim that some security experts found questionable at the time . Subsequent reports found that the Yahoo database was soldAttack.Databreacha number of times , suggesting a criminal profit motive rather than intelligence gathering . According to the Department of Justice , that was a result of the FSB ’ s collaboration with its criminal contractors , who sold much of the stolen information after it had been handed over . One of the contractors also allegedly searched the accounts for gift cards and other financial info . Yahoo ’ s database was breachedAttack.Databreachtwo separate times during the period — once in August 2013 and again in late 2014 , revealing account details for hundreds of millions of users each time . Today ’ s charges deal only with the 2014 breachAttack.Databreach, which compromisedAttack.Databreach500 million accounts . Many blamed Yahoo CEO Marissa Mayer for refusing to invest in more robust security measures . Mayer later acknowledged the error , and gave up her annual salary , bonus and equity grant for 2016 as a result . Details of the breaches became public only after Yahoo had struck a deal to be acquired by Verizon . News of the security issues caused significant friction in the deal , ultimately causing Verizon to lower its purchase price by $ 350 million , to $ 4.4 billion dollars .
The world governing body of track and field said Monday that it was the victim of a cyberattack carried out by the infamous Fancy Bear hacking group . The International Association of Athletics Federations ( IAAF ) said the hackAttack.Databreachhad `` compromisedAttack.Databreachathletes ' Therapeutic Use Exemption ( TUE ) applications stored on IAAF servers . '' However , `` it is not known if this information was subsequently stolenAttack.Databreachfrom the network . '' The Fancy Bear website and Twitter account bore no mention of the hacks Monday morning . TUEs are special exemptions given to athletes that allow them to take otherwise banned substances if they have a specific medical need . A statement on the IAAF website said : `` The presence of unauthorized remote accessAttack.Databreachto the IAAF network by the attackers was noted on 21 February where meta data on athlete TUEs was collectedAttack.Databreachfrom a file server and stored in a newly created file . '' While the IAAF did not know if that data was eventually taken , it said there was “ a strong indication of the attackers ’ interest and intent. ” Fancy Bear was responsible for a hack that targeted the World Anti-Doping Agency ( WADA ) last year , subsequently revealing what it said were TUEs granted to a host of U.S. Olympics stars . NBC News reported details of the suspected hackAttack.Databreachof WADA files in August saying it was part of the same covert influence campaign by Russian President Vladimir Putin 's government to target the U.S. government , political organizations and others and potentially disrupt the November election . U.S. officials have also previously linked Fancy Bear to GRU , the Russian military intelligence agency . However , Russian officials denied playing any role in the various hacks attributed to Fancy Bear . The IAAF said athletes who have applied for TUEs since 2012 have been contacted . It added that it had since carried out a `` complex remediation across all systems and servers in order to remove the attackers ’ access to the network . '' IAAF President Sebastian Coe also weighed in . `` Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential , '' he said . `` They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world ’ s best organizations to create as safe an environment as we can . ''
A China-based cyber gang has compromisedAttack.DatabreachUK firms as part of a `` systematic '' global hacking operation , a new report has revealed . The attacksAttack.Databreachwere found to have breachedAttack.Databreacha wide variety of secret data ranging from personal data to intellectual property , in what the report described as `` one of the largest ever sustained global cyber espionage campaigns '' . The group behind the attacks , named APT10 , was found to have used custom malware and `` spear phishingAttack.Phishing`` techniques to target managed outsourced IT service companies as stepping stones into the systems of an `` unprecedented web '' of victims according to the report 's authors . The report 's authors included the National Cyber Security Centre ( NCSC ) and cyber units at defence group BAE systems and accountancy firm PwC . The gang were found to have used the companies as a way into their customers ' systems from 2016 onwards , although there is evidence to suggest they had first employed the tactics from as early 2014 . PwC cyber security Partner Richard Horne told the Press Association the extent of the malicious campaign was still unclear . He said : `` The reason we 've gone public with this is because we can see so much and we have seen so much in several managed IT service providers ( MSPs ) and other companies compromised through it , but we do n't know how far this has gone . `` Us , together with the NCSC and BAE Systems are very keen to get this information out there so we can promote a mass response to this . '' The report behind the unmasking operation , codenamed Cloud Hopper , highlights targeted attacks against Japanese commercial firms and public bodies , but indicates further widespread operations against companies in 14 other countries including the UK , France and the United States . The report 's authors state APT10 is `` highly likely '' to be based in China , demonstrating a pattern of work in line with China Standard Time ( UTC+8 ) and the targeting of specific commercial enterprises `` closely aligned with strategic Chinese interests '' . Mr Horne said the data collectedAttack.Databreachin individual attacks spanned a plethora of sensitive categorisations . He said : `` We 've seen a number of different companies targeted for different reasons , but essentially it 's all around sensitive information they hold , whether that 's intellectual property , or personal information on people or a whole realm of other areas . `` It 's a very large-scale espionage operation . '' Spear phishing emails with bespoke malware were first sentAttack.Phishingto staff in targeted companies , and once the attackers had successfully infiltrated their systems they were free to seek outAttack.Databreacha raft of sensitive data within . Dr Adrian Nish , head of threat intelligence at BAE , told the BBC such MSPs were crucial to the nature of the campaign 's success . He said : `` Organisations large and small rely on these providers for management of core systems and as such they can have deep accessAttack.Databreachto sensitive data '' . `` It is impossible to say how many organisations might be impacted altogether at this point . '' The organisations behind operation Cloud Hopper are expected to release a further report this week into the detailed methods that ATP10 has used in its campaign in a bid to encourage firms to take a proactive approach into checking if their systems have been targeted .
The email-borne attack locked the city ’ s servers and many of the daily business functions , officials said . ( TNS ) -- SPRING HILL , Tenn. — The city was the victim of a recent cyber-attackAttack.Ransom, which caused its computer system to lock with a ransomAttack.Ransomof $ 250,000 . Spring Hill was one of several other local government agencies who were victim to the attackAttack.Ransom, and city officials say they do not believe any citizen or customer account information was stolenAttack.Databreachor compromisedAttack.Databreach. It did , however , temporarily halt any online credit or debit card payments . `` We received a ransomware attackAttack.RansomFriday evening that ended up going in and locking our servers . It affected all of our departments , and we have been in recovery mode ever since [ Sunday ] , '' City Administrator Victor Lay said . `` We 've now been able to , at least minimally , conduct business , although the manual system of paper and pencil seems to work pretty well against those kinds of things . '' Lay added that the `` appropriate government authorities '' have been contacted about the incident , which will meet later this week to discuss an investigation into the incident . He said it was not a `` hack '' per se , but a virus created from a downloadable email attachment , locking the system using an encryption key . `` We 're working through it . Obviously , we chose not to pay the ransomAttack.Ransom. We 're working through the system and it 's going to take us a few days to get things all back to normal , but we 're getting there . ''
Hackers logged into the hospital ’ s remote access portal using a third-party vendor ’ s username and password . Greenfield , Indiana-based Hancock Health paidAttack.Ransomhackers 4 bitcoin or about $ 47,000 to unlock its network on Saturday , after the health system fell victim to a ransomware attackAttack.Ransomon Thursday night . Hackers compromisedAttack.Databreacha third-party vendor ’ s administrative account to the hospital ’ s remote-access portal and launched SamSam ransomware . The virus infected a number of the hospital ’ s IT system and , according to local reports , the malware targeted over 1,400 files and changed the name of each to “ I ’ m sorry. ” Hancock officials followed its incident response and crisis management plan and contacted legal representation and outside security firm immediately following the discovery of the attack . Hospital leadership also contacted the FBI for advisory assistance . The incident was contained by Friday and officials said the next focus was recovery . Hancock Health was given just seven days to pay the ransomAttack.Ransom. While officials said Hancock could have recovered the affected files from backups , it would have taken days or possibly weeks to do so . And it would have been more expensive . “ We were in a very precarious situation at the time of the attack , ” Hancock Health CEO Steve Long said in a statement . “ With the ice and snow storm at hand , coupled with one of the worst flu seasons in memory , we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients . Restoring from backup was considered , though we made the deliberate decision to pay the ransomAttack.Ransomto expedite our return to full operations. ” Hackers released the files early Saturday after they retrieved the bitcoins . The hospital ’ s critical systems were restored to normal function on Monday . The forensic analysis found patient data was not transferredAttack.Databreachoutside of the hospital ’ s network , and the FBI confirmed the motivation for SamSam hackers is ransom paymentAttack.Ransom, not to harvestAttack.Databreachpatient data . The virus did not impact any equipment used to treat patients . However , the hospital ’ s patient portal was down during the security incident . After recovery , officials asked employees to reset passwords and implemented a security feature that could detect similar attacks in the future . The breachAttack.Databreachshould serve as a wake-up call that ransomware attacksAttack.Ransomcan happen . However , it ’ s important to note the FBI , the U.S. Department of Health and Human Services and a laundry list of security experts have long stressed that organizations should not pay ransomsAttack.Ransomto hackers . While the hackers returned the files to Hancock , there was no guarantee that would happen . For example , Kansas Heart Hospital paid a ransomAttack.Ransomin May 2016 , and the hackers kept the files and demanded another paymentAttack.Ransom. The hospital declined to payAttack.Ransoma second time . Secondly , when an organization paysAttack.Ransom, hackers place the business on a list of those willing to pay the ransomAttack.Ransomand can expect to be hitAttack.Ransomagain in the future . “ There are lists out there , if you pay once , you may end up having to pay again because you ’ ve been marked as an organization that will pay , ” said CynergisTek CEO Mac McMillan .
SOUTH BEND — A local physicians network was the focus of a recent cyberattack that released ransomware into its network . According to a news release from Allied Physicians of Michiana CEO Shery Roussarie , the company became aware of the cyberattack on Thursday afternoon and immediately took steps to shut down the network in order to protect personal and protected health information of patients . The company restored its data in a secure format without significant disruption to patients , but an investigation is ongoing to confirm that personal or protected health information wasn ’ t compromisedAttack.Databreach. The type of ransomware , known as SamSam , has been used in other attacks to coerce businesses , municipalities and individuals to pay a ransomAttack.Ransomin order to unlock files held hostage by the infection . In March , the city of Atlanta was attackedAttack.Ransomby SamSam ransomware that crippled its court system , prevented water bill payments and forced city employees to file paper reports . “ The security of our patients ’ personal and protected health information is foremost in our mind ” Roussarie said in the news release . “ While we make every effort to keep ahead of these types of cyberattacks , we have nevertheless taken additional steps to minimize any such future attack of the type experienced last week. ” Allied Physicians would not say whether or not it has paid a ransomAttack.Ransom, or what amount was demandedAttack.Ransomby the SamSam hackers , but that it plans to work with “ all relevant regulatory agencies , including the FBI , to thoroughly define the scope of the incident . ”
Cybercriminals are finding it more difficult to maintain the malicious URLs and deceptive domains used for phishing attacksAttack.Phishingfor more than a few hours because action is being taken to remove them from the internet much more quickly . That does n't mean that phishingAttack.Phishing-- one of the most common means of performing cyber-attacks -- is any less dangerous , but a faster approach to dealing with the issue is starting to hinder attacks . Deceptive domain names look likeAttack.Phishingthose of authentic services , so that somebody who clicks on a malicious link may not realise they are n't visiting the real website of the organisation being spoofedAttack.Phishing. One of the most common agencies to be imitatedAttack.Phishingby cyber-attackers around the world is that of government tax collectors . The idea behind such attacksAttack.Phishingis that people will be trickedAttack.Phishinginto believing they are owed money by emails claiming to beAttack.Phishingfrom the taxman . However , no payment ever comes , and if a victim falls for such an attack , they 're only going to lose money when their bank details are stolenAttack.Databreach, and they can even have their personal information compromisedAttack.Databreach. In order to combat phishingAttack.Phishingand other forms of cyber-attack , the UK 's National Cyber Crime Centre -- the internet security arm of GCHQ -- launched what it called the Active Cyber Defence programme a year ago . It appears to have some success in its first 12 months because , despite a rise in registered fraudulent domains , the lifespan of a phishing URL has been reduced and the number of global phishing attacksAttack.Phishingbeing carried out by UK-hosted sites has declined from five percent to three percent . The figures are laid out in a new NCSC report : Active Cyber Defence - One Year On . During that time , 121,479 phishing sites hosted in the UK , and 18,067 worldwide spoofingAttack.PhishingUK government , were taken down , with many of them purporting to beAttack.PhishingHMRC and linked to phishing emails in the form of tax refund scams . An active approach to dealing with phishing domains has also led to a reduction in the amount of time these sites are active , potentially limiting cybercriminal campaigns before they can gain any real traction . Prior to the launch of the program , the average time a phishing website spoofingAttack.Phishinga UK government website remained active was for 42 hours -- or almost two days . Now , with an approach designed around looking for domains and taking them down , that 's dropped to ten hours , leaving a much smaller window for attacks to be effective . However , while this does mean there 's less time for the attackers to stealAttack.Databreachinformation or finances , it does n't mean that they 're not successful in carrying out attacks . The increased number of registered domains for carrying out phishing attacksAttack.Phishingshows that crooks are happy to work a little bit harder in order to reap the rewards of campaigns -- and the NCSC is n't under any illusion that the job of protecting internet users is anywhere near complete . `` The ACD programme intends to increase our cyber adversaries ' risk and reduces their return on investment to protect the majority of people in the UK from cyber attacks , '' said Dr Ian Levy , technical director of the NCSC . `` The results we have published today are positive , but there is a lot more work to be done . The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt . '' A focus on taking down HMRC and other government-related domains has helped UK internet users , but cyber-attacks are n't limited by borders , with many malicious IPs hosted in practically every country used to carry out cyber-attacks around the world -- meaning every country should be playing a part . `` Obviously , phishingAttack.Phishingand web-inject attacks are not connected to the UK 's IP space and most campaigns of these types are hosted elsewhere . There needs to be concerted international effort to have a real effect on the security of users , '' says the report .
JobStreet is informing clients by email whether they were caught up in a Malaysia-based data breachAttack.Databreachthat affected 19 different companies . “ We are writing to notify you that we recently identified a post claiming that personal information from the databases of 19 corporations and associations had been made public , including ours , ” the email says . According to website haveibeenpwned.com , 3,883,455 JobStreet accounts were affected by the breachAttack.Databreach. It says the information was freely downloadable on a Tor hidden service . The breachAttack.Databreachalso affected more than 46 million Malaysian users and several telecommunications companies . Telecommunications providers caught by the breachAttack.Databreachinclude Altel , Celcom , DiGi , EnablingAsia , Friendi , Maxis , Merchantrade Asia , PLDT , Redtone , Tunetalk , Umobile and XoX , reports suggest . It also affected organisations such as the Academy of Medicine Malaysia , the Malaysian Dental Association , the Malaysian Medical Association , and the National Specialist Register of Malaysia . Reports speculate that more than 81,000 records were stolenAttack.Databreachfrom these organisations . “ Our investigations established that some personal candidate information pertaining to accounts created before July 2012 has been exposedAttack.Databreach. To help protect our customers , the team is continuously enhancing our security measures for all user information stored with JobStreet.com , ” JobStreet CEO Suresh Thiru says in an email . According to media reports , that personal information includes identity card numbers , addresses , login IDs , passwords , names , emails and phone numbers . Haveibeenpwned.com also notes that on JobStreet , dates of birth , genders , geographic locations , marital statuses , nationalities and usernames were also compromisedAttack.Databreach. The Malaysian Communications and Multimedia Commission ( MCMC ) may have discovered the possible source of the data leaksAttack.Databreach, according to Malaysian Communications Minister Salleh Said Keruak . `` We have identified several potential sources of the leak and we should be able to complete the probe soon , '' he announced .
About 33 million records belonging to Dun & Bradstreet have been leakedAttack.Databreach, placing a large portion of the US corporate population at risk . According to independent researcher Troy Hunt , the database is about 52 gigabytes in size and contains just under 33.7 million unique email addresses and other contact information from employees of thousands of large enterprises and government entities . While details are unfolding , the leakAttack.Databreachis thought to be from a database D & B acquired from NetProspex in 2015 . The file is a “ list rental ” file that D & B offers marketers for use for their own email campaigns . It ’ s believed that one of these marketing firms is the source of the leakAttack.Databreachitself having been compromisedAttack.Databreachin some way . `` We 've carefully evaluated the information that was shared with us and it is of a type and in a format that we deliver to customers every day , ” D & B said in a media statement . “ Dun & Bradstreet maintains that neither they or NetProspex suffered a breachAttack.Databreachor caused the leakAttack.Databreach, ” said Stephen Boyer , co-founder and CTO of third-party risk management and security ratings firm BitSight . “ If true and the leakAttack.Databreachstemmed from one of their customers , which represents a new dimension of third-party risk . While customers do n't have ongoing relationships in the way that vendors and suppliers do , they still can pose risk when licensing and buying data in bulk. ” As originally reported by ZDNet , Hunt said in a blog post that he was able to determine that the most records in the database come from the US Department of Defense , with other government and large enterprises following . The worrisome part is the deep bench of information that the records contain . For Wells Fargo , for example , the information is for the C-suite and 45 vice presidents , senior vice presidents , assistant vice presidents and executive vice presidents , all with names and email addresses alongside job titles . `` The market for stolen personal identifiable information continues to be lucrative for attackers to steal and sellAttack.Databreachdata , ” said Lee Weiner , chief product officer at Rapid7 , via email . “ Individuals affected by this breachAttack.Databreachshould continue to be vigilant for piggy-back attacks that can ensue from attackers using this information to engage in phishing tactics with this information to stealAttack.Databreachpasswords and gain accessAttack.Databreachto accounts . '' Those follow-on threats can include business email compromise ( BEC ) . “ This leakAttack.Databreachallows cyber-criminals to carry out whaling attacksAttack.Phishingfor large enterprises , ” said Boyer . “ Some organizations have over 100,000 employee records compromisedAttack.Databreachin this breachAttack.Databreachand may witness an uptake in targeted phishing attacksAttack.Phishingand fraud schemes. ” Hunt noted that the leak is an example of an endemic problem in data management and society . “ We 've lost control of our personal data and…we often do not have any way of feeding back to companies what data we ’ d rather not share , ” he noted . “ Particularly when D & B believe they 're operating legally by selling this information , what chance do we have—either as individuals or corporations—of regaining control of data like this ? Next to zero and about the only thing you can do right now is assess whether you 've been exposed . ”
`` There have not been any breachesAttack.Databreachin any of Apple 's systems including iCloud and Apple ID , '' an Apple representative said in an emailed statement . `` The alleged list of email addresses and passwords appears to have been obtainedAttack.Databreachfrom previously compromisedAttack.Databreachthird-party services . '' A group calling itself the Turkish Crime Family claims to have login credentials for more than 750 million icloud.com , me.com and mac.com email addresses , and the group says more than 250 million of those credentials provide access to iCloud accounts that do n't have two-factor authentication turned on . The hackers want Apple to payAttack.Ransom$ 700,000 -- $ 100,000 per group member -- or `` $ 1 million worth in iTunes vouchers . '' Otherwise , they threaten to start wiping data from iCloud accounts and devices linked to them on April 7 . In a message published on Pastebin Thursday , the group said it also asked forAttack.Ransomother things from Apple , but they do n't want to make public . `` We 're actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved , '' the Apple representative said . `` To protect against these type of attacks , we recommend that users always use strong passwords , not use those same passwords across sites and turn on two-factor authentication . '' However , the unusually high numbers advanced by the group are hard to believe . It 's also hard to keep up with the group 's claims , as at various times over the past few days , it has released conflicting or incomplete information that it has later revised or clarified . The group claims that it started out with a database of more than 500 million credentials that it has put together over the past few years by extractingAttack.Databreachthe icloud.com , me.com and mac.com accounts from stolen databases its members have soldAttack.Databreachon the black market . The hackers also claim that since they 've made their ransomAttack.Ransomrequest public a few days ago , others have joined in their effort and shared even more credentials with them , putting the number at more than 750 million . The group claims to be using 1 million high-quality proxy servers to verify how many of the credentials give them access to unprotected iCloud accounts . Apple provides two-factor authentication for iCloud , and accounts with the option turned on are protected even if their password is compromisedAttack.Databreach. The latest number of accessible iCloud accounts advanced by the Turkish Crime Family is 250 million . That 's an impressive ratio of one in every three tested accounts . The largest ever data breachAttack.Databreachwas from Yahoo with a reported 1 billion accounts . `` At best they ’ ve got some reused credentials , but I wouldn ’ t be surprised if it ’ s almost entirely a hoax . '' Hunt has n't seen the actual data that the Turkish Crime Family claims to have , and there is n't much evidence aside from a YouTube video showing a few dozen email addresses and plain text passwords . However , he has significant experience with validating data breachesAttack.Databreachand has seen many bogus hacker claims over the years . To be on the safe side , users should follow Apple 's advice and create a strong password for their account and turn on two-factor authentication or two-step verification at the very least
The Cyber Division of the U.S. Federal Bureau of Investigation ( FBI ) has issued an alert to warn the healthcare industry that malicious actors are actively targeting File Transfer Protocol ( FTP ) servers that allow anonymous access . According to the law enforcement agency , attackers have targeted the FTP servers of medical and dental facilities in an effort to obtain accessAttack.Databreachto protected health information ( PHI ) and personally identifiable information ( PII ) , and use it to intimidate , blackmail and harass business owners . “ The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode . If businesses have a legitimate use for operating a FTP server in anonymous mode , administrators should ensure sensitive PHI or PII is not stored on the server , ” the FBI said . These servers allow users to authenticate with only a username , such as “ anonymous ” or “ ftp , ” and either a generic password or no password at all . The FBI pointed out that vulnerable FTP servers can also be abused to store malicious tools or to launch cyberattacks . In 2015 , IBM named healthcare as the most attacked industry , with more than 100 million records compromisedAttack.Databreach, after in the previous year this sector did not even make it to the top five . An IBM report for 2016 showed that the volume of compromised records was smaller , but the number of data breachesAttack.Databreachincreased , causing operational , reputational and financial damage to healthcare organizations . A report published recently by Fortinet showed the top threats targeting healthcare companies in the last quarter of 2016 , including malware , ransomware , IPS events , exploit kits and botnets
The shadowy hacker consortium known as Callisto Group targeted the UK 's Foreign Office over several months in 2016 . According to research firm F-Secure , Callisto Group is an advanced threat actor whose known targets include military personnel , government officials , think tanks and journalists , especially in Europe and the South Caucasus . Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions , and this , combined with infrastructure footprint links to known state actors , suggests a nation-state benefactor , the firm said . In October 2015 the Callisto Group targeted a handful of individuals with phishing emails that attempted to obtainAttack.Databreachthe target ’ s webmail credentials . Then , in early 2016 , the Callisto Group began sendingAttack.Phishinghighly targeted spear phishing emails with malicious attachments that contained , as their final payload , the “ Scout ” malware tool from the HackingTeam RCS Galileo platform . Scout was , ironically , originally developed for law enforcement . “ These spear-phishing emails were craftedAttack.Phishingto appear highly convincing , including being sentAttack.Phishingfrom legitimate email accounts suspected to have been previously compromisedAttack.Databreachby the Callisto Group via credential phishingAttack.Phishing, ” F-Secure noted in a paper , adding that the group is continuing to set up new phishingAttack.Phishinginfrastructure every week . One of the targets for Callisto in 2016 was the Foreign Office , according to BBC sources . The outlet reports that the government is investigating an attack that began in April last year . A source told the BBC that the compromised server didn ’ t contain the most sensitive information , fortunately . In a statement , the UK 's National Cyber Security Centre ( NCSC ) declined attribution or comment and merely said : `` The first duty of government is to safeguard the nation and as the technical authority on cybersecurity , the NCSC is delivering ground breaking innovations to make the UK the toughest online target in the world . The government 's Active Cyber Defence programme is developing services to block , prevent and neutralise attacks before they reach inboxes. ” F-Secure also said that evidence suggests the Callisto Group may have a nation-state sponsor , and that it uses infrastructure tied to China , Russia and Ukraine . It told the BBC that Callisto Group 's hacking efforts show similarities in tactics , techniques , procedures and targets to the Russia-linked group known as APT28 , though the two appear to be different entities . However , Callisto Group is also associated with infrastructure used for the sale of controlled substances , which “ hints at the involvement of a criminal element , ” F-Secure said . Going a bit further , a different source told the BBC that two of the phishing domains used in the UK attackAttack.Phishing“ were once linked to an IP address mentioned in a US government report into Grizzly Steppe. ” Grizzly Steppe is the code-name for Russian meddling in the US elections .
On April 14 , the company disclosed to the California attorney general that a December 2015 breachAttack.DatabreachcompromisedAttack.Databreachmore sensitive information than first thought . It also disclosed new attacksAttack.Databreachfrom earlier this year that exposedAttack.Databreachnames , contact information , email addresses and purchase histories , although the retailer says it repelled most of the attacks . The dual notifications mark the latest problems for the company , which disclosed in early 2014 that its payment systems were infected with malware that stoleAttack.Databreach350,000 payment card details . Over the past few years , retailers such as Target , Home Depot and others have battled to keep their card payments systems malware-free ( see Neiman Marcus Downsizes Breach Estimate ) . The 2015 incident started around Dec 26 . In a notification to California about a month later , the retailer said it was believed attackers cycled through login credentials that were likely obtainedAttack.Databreachthrough other data breachesAttack.Databreach. A total of 5,200 accounts were accessedAttack.Databreach, and 70 of those accounts were used to make fraudulent purchases . Although email addresses and passwords were not exposedAttack.Databreach, the original notification noted , accessAttack.Databreachto the accounts would have revealed names , saved contact information , purchase histories and the last four digits of payment card numbers . The affected websites included other brands run by Neiman Marcus , including Bergdorf Goodman , Last Call , CUSP and Horchow . According to its latest notification , however , Neiman Marcus Group now says full payment card numbers and expiration dates were exposedAttack.Databreachin the 2015 incidentAttack.Databreach. The latest attack disclosed by Neiman Marcus Group , which occurred around Jan 17 , mirrors the one from December 2015 . It affects the websites of Neiman Marcus , Bergdorf Goodman , Last Call , CUSP , Horchow and a loyalty program called InCircle . Again , the company believes that attackers recycled other stolen credentials in an attempt to see which ones still worked on its sites . It appears that some of the credentials did unlock accounts . The breachAttack.DatabreachexposedAttack.Databreachnames , contact information , email addresses , purchase histories and the last four digits of payment card numbers . It did n't specify the number of accounts affected . The attackers were also able to accessAttack.Databreachsome InCircle gift card numbers , the company says . Web services can slow down hackers when suspicious activity is noticed , such as rapid login attempts from a small range of IP addresses . Those defensive systems can be fooled , however , by slowing down login attempts and trying to plausibly geographically vary where those attempts originate . For those affected by the January incident , Neimen Marcus Group is enforcing a mandatory password reset . It 's an action that 's not undertaken lightly for fear of alienating users , but it 's a sign of how serious a service feels the risk is to users or customers . The company also is offering those affected a one-year subscription to an identity theft service .
A group of thieves exploitedVulnerability-related.DiscoverVulnerabilityweaknesses in Signaling System 7 ( SS7 ) to drainAttack.Databreachusers ’ bank accounts , including those protected by two-step verification ( 2SV ) . On 3 May , a representative with O2 Telefonica , a provider of mobile phones and broadband , told German newspaper Süddeutsche Zeitung that thieves managed to bypass security measures and make unauthorized withdrawals from customers ’ bank accounts : “ Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January . The attack redirected incoming SMS messages for selected German customers to the attackers. ” The thieves pulled off their heist by exploiting the weak underbelly of SS7 . It ’ s a protocol that specifies how public switched telephone networks ( PSTN ) exchange data over digital signaling network . In simpler terms , SS7 helps phone carriers around the world route your calls and text messages . Useful ! Unfortunately , it ’ s also terribly insecure . That ’ s what researchers Tobias Engel and Karsten Nohl foundVulnerability-related.DiscoverVulnerabilityback in 2014 . Specifically , the duo discoveredVulnerability-related.DiscoverVulnerabilityflaws in the protocol that allowed an attacker to intercept a victim ’ s mobile phone calls as well as use a radio antenna to pick up all of a local user ’ s phone calls and texts . Along the researchers ’ observations , the January attackers first compromisedAttack.Databreachusers ’ computers with malware that stoleAttack.Databreachtheir bank account numbers , login credentials , and mobile phone numbers . The Register reports that these criminals then waited until the middle of the night to spring into action . For those accounts protected by SMS-based 2SV ( not to be confused with 2FA ) , the attackers abused SS7 to redirect customers ’ SMS text messages to phone numbers under their control . This exploit allowed the thieves to stealAttack.Databreachusers ’ mobile transaction authentication numbers ( mTAN ) and thereby withdraw money from their accounts . In the aftermath of the attack , authorities blocked the unidentified foreign network exploited by the attackers . Bank officials also notified customers of the unauthorized withdrawals . But that ’ s not all . Some people are now calling on the FCC to fixVulnerability-related.PatchVulnerabilitythe ( finally ! ) fix the issues affectingVulnerability-related.DiscoverVulnerabilitySS7 . One of them is U.S. Representative Ted Lieu , who made his position clear to Ars Technica : “ Everyone ’ s accounts protected by text-based two-factor authentication , such as bank accounts , are potentially at risk until the FCC and telecom industry fixVulnerability-related.PatchVulnerabilitythe devastating SS7 security flaw . Both the FCC and telecom industry have been aware that hackers can acquire our text messages and phone conversations just knowing our cell phone number . It is unacceptable the FCC and telecom industry have not acted sooner to protect our privacy and financial security . I urge the Republican-controlled Congress to hold immediate hearings on this issue. ” Let ’ s hope we finally get some movement on these security flaws . In the meantime , users might want to reconsider using SMS messages as a means of 2SV . They might want to go with an app like Google Authenticator or choose a solution like the U2F Security Key instead .
A cyber attack has compromisedAttack.Databreachthe personal data of up to 26,000 Debenhams customers . The breachAttack.Databreach, which is understood to have been malware-based , targeted the online portal for the retailer 's florist arm , Debenhams Flowers . Debenhams has stressed that the site is operated by Ecomnova , a third-party supplier , and that customers of other services have not been affected . Ecomnova also operates Debenhams ' websites for hampers , personalised gifts and wines . While all four sites have been suspended , the retailer has not announced whether the others were also breached . Debenhams confirmed to Sky News that customer payment details , names and addresses were accessed or stolenAttack.Databreachduring the attackAttack.Databreach. In a statement the company stressed that it was only the Ecomnova-run site that had been compromisedAttack.Databreach, and that customers of its main website Debenhams.com `` can be confident they are unaffected by this attack '' . `` All affected customers have been contacted by Debenhams to inform them of the incident , '' the firm told Sky News . `` We are working with Ecomnova to ask the banks of those affected to block payment cards of those customers affected and issue customers with new cards . '' Debenhams said the incident had been reported to the Information Commissioner 's Office ( ICO ) , the UK 's independent body for upholding the Data Protection Act . Following a cyber attack in October 2015 , the ICO fined TalkTalk a record £400,000 after 15,656 individuals ' bank account details and sort codes were stolenAttack.Databreach. An ICO spokesperson said it was aware of the `` potential incident '' involving Debenhams Flowers and that enquiries were being made . `` Businesses and organisations are required under the Data Protection Act to keep people 's personal data safe and secure , '' the spokesperson said . Debenhams chief executive Sergio Bucher said : `` As soon as we were informed that there had been a cyber attack , we suspended the Debenhams Flowers website and commenced a full investigation . `` We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk . '' Ecomnova did not immediately respond to Sky News for comment .
As of June 2016 , more than 150 million active users interact with one another daily via Snapchat . Others are drawn by the service 's more recent features . Those include Snapcash , a method introduced for users to send mobile payments to their friends . Given the app 's popularity , it 's no wonder online criminals have set their sights on hacking users ' Snapchat accounts . For instance , back in late 2013 , a group of hackers publishedAttack.Databreacha database containing the usernames and phone numbers of approximately 4.6 million Snapchat users . Nefarious individuals could have used that information to profile targets across multiple web accounts . We also ca n't forget about the security incidentAttack.Phishingthat occurred back in February 2016 . In that attackAttack.Phishing, someone posed asAttack.Phishingthe company 's CEO and convinced a Snapchat employee to send over payroll information . The successful phish ultimately compromisedAttack.Databreachdozens of employees ' identities . To be fair , a mega breach on the scale of what affected LinkedIn , Tumblr , and Yahoo has yet to strike the messaging app . But that 's not to say criminals are n't trying to find a way into people 's accounts . Hackers clearly have Snapchat in their sights , which is why users need to learn how to spot the warning signs of a hack and how they can recover their accounts if someone compromises them .
PhishingAttack.Phishingand other hacking incidents have led to several recently reported large health data breachesAttack.Databreach, including one that UConn Health reports affected 326,000 individuals . In describing a phishing attackAttack.Phishing, UConn Health says that on Dec 24 , 2018 , it determined that an unauthorized third party illegally accessedAttack.Databreacha limited number of employee email accounts containing patient information , including some individuals ' names , dates of birth , addresses and limited medical information , such as billing and appointment information . The accounts also contained the Social Security numbers of some individuals . Several other healthcare entities also have recently reported to federal regulators data breachesAttack.Databreachinvolving apparent phishingAttack.Phishingand other email-related attacks . `` All of these incidents speak to the rampant attacks we are seeing across healthcare , and yet organizations are still not investing enough in protection or detection , '' says Mac McMillan , CEO of security consulting firm CynergisTek . UConn Health , an academic medical center , says in a media statement that it identified approximately 326,000 potentially impacted individuals whose personal information was contained in the compromisedAttack.Databreachemail accounts . For approximately 1,500 of these individuals , this information included Social Security numbers . `` It is important to note that , at this point , UConn Health does not know for certain if any personal information was ever viewed or acquiredAttack.Databreachby the unauthorized party , and is not aware of any instances of fraud or identity theft as a result of this incident , '' the statement notes . `` The incident had no impact on UConn Health 's computer networks or electronic medical record systems . '' UConn Health is offering prepaid identity theft protection services to individuals whose Social Security numbers may be impacted . The organization says it has notified law enforcement officials and retained a forensics firm to investigate the matter . Once the U.S.Department of Health and Human Services confirms the details , the attackAttack.Databreachon UConn Health could rank as the second largest health data breachAttack.Databreachreported so far this year , based on a snapshot of its HIPAA Breach Reporting Tool website on Monday . The largest health data breachAttack.Databreachrevealed so far this year , but not yet added to the tally , affected University of Washington Medicine . UW Medicine says a misconfigured database left patient data exposedAttack.Databreachon the internet for several weeks last December , resulting in a breachAttack.Databreachaffecting 974,000 individuals . Several other phishingAttack.Phishingand hacking incidents have been added to the HHS `` wall of shame '' tally in recent weeks . Among those is a hacking incident impacting 40,000 individuals reported on Feb 1 by Minnesota-based Reproductive Medicine and Infertility Associates . In a statement , the organization notes that on Dec 5 , 2018 , it discovered it had been the target of a `` criminal malware attack . '' An RMIA practice manager tells Information Security Media Group that independent computer forensics experts removed the malware , but did not definitively determine how the malware infection was launched . The practice suspects the malware was likely embedded in an email attachment , he says . RMIA 's statement notes that while the investigation did not identify any evidence of unauthorized accessAttack.Databreachto anyone 's personal information , `` we unfortunately could not completely rule out the possibility that patients ' personal information , including name , address , date of birth , health insurance information , limited treatment information and , for donors only , Social Security number , may have been accessibleAttack.Databreach. '' In the aftermath of the incident , RMIA says it 's adding another firewall , requiring changes to user credentials/passwords , implementing dual-factor authentication and providing additional staff training regarding information security . '' Also reporting a hacking incident in recent weeks was Charleston , S.C.-based Roper St.Francis Healthcare , which operates several hospitals in the region . The attack was reported as impacting nearly 35,300 individuals . In a Jan 29 statement , the entity says that on Nov 30 , 2018 , it learned that an unauthorized actor may have gained accessAttack.Databreachto some of its employees ' email accounts between Nov 15 and Dec 1 , 2018 , `` Our investigation determined that some patient information may have been contained in the email accounts , patients ' names , medical record numbers , information about services they received from Roper St.Francis , health insurance information , and , in some cases , Social Security numbers and financial information , '' the statement says . For those patients whose Social Security number was potentially exposedAttack.Databreach, the organization is offering prepaid credit monitoring and identity protection services . `` To help prevent something like this from happening again , we are continuing education with our staff on email protection and enhancing our email security , '' Roper St. Francis says . As phishingAttack.Phishingcontinues to menace healthcare entities , covered entities and business associates need to keep up with their defenses , some experts note . `` Phishing techniques have become more sophisticated than in the past , '' note Kate Borten , president of security and privacy consulting firm The Marblehead Group . `` Workforce training should include simulated phishing attacksAttack.Phishingto make people better prepared to recognize and thwart a real attack . '' To help mitigate breach risks , organizations should be deploying next-generation firewalls and multifactor authentication , plus employing advanced malware detection solutions , McMillan says . Too many organizations are overlooking the value of multifactor authentication , Borten adds . `` Two-factor user authentication was intended to be required over the internet and public networks in the proposed HIPAA Security Rule , '' she notes . `` Unfortunately , since that requirement was dropped in the final rule , healthcare is lagging on multifactor authentication , which is easier now than ever to implement . '' But McMillan advises healthcare organizations to avoid using multifactor authentication systems that use SMS to transmit a one-time password because those messages can be interceptedAttack.Databreach. `` The software- or hardware-based solutions are preferred , '' McMillan says . So what other technologies or best practices should covered entities and business associates consider to prevent falling victim to phishingAttack.Phishingand other attacks ? `` Unfortunately we have n't seen any silver bullets here yet , but one thing we might want to begin exploring is just what an attacker has accessAttack.Databreachto when they compromiseAttack.Databreacha user 's account , '' McMillan notes . `` All too often , we hear that the accounts compromisedAttack.Databreachhad incredibly large numbers of emails immediately accessibleAttack.Databreachto the attacker . The question is , are their better ways to deal with retention that mitigate risk as well ? ''
PhishingAttack.Phishingand other hacking incidents have led to several recently reported large health data breachesAttack.Databreach, including one that UConn Health reports affected 326,000 individuals . In describing a phishing attackAttack.Phishing, UConn Health says that on Dec 24 , 2018 , it determined that an unauthorized third party illegally accessedAttack.Databreacha limited number of employee email accounts containing patient information , including some individuals ' names , dates of birth , addresses and limited medical information , such as billing and appointment information . The accounts also contained the Social Security numbers of some individuals . Several other healthcare entities also have recently reported to federal regulators data breachesAttack.Databreachinvolving apparent phishingAttack.Phishingand other email-related attacks . `` All of these incidents speak to the rampant attacks we are seeing across healthcare , and yet organizations are still not investing enough in protection or detection , '' says Mac McMillan , CEO of security consulting firm CynergisTek . UConn Health , an academic medical center , says in a media statement that it identified approximately 326,000 potentially impacted individuals whose personal information was contained in the compromisedAttack.Databreachemail accounts . For approximately 1,500 of these individuals , this information included Social Security numbers . `` It is important to note that , at this point , UConn Health does not know for certain if any personal information was ever viewed or acquiredAttack.Databreachby the unauthorized party , and is not aware of any instances of fraud or identity theft as a result of this incident , '' the statement notes . `` The incident had no impact on UConn Health 's computer networks or electronic medical record systems . '' UConn Health is offering prepaid identity theft protection services to individuals whose Social Security numbers may be impacted . The organization says it has notified law enforcement officials and retained a forensics firm to investigate the matter . Once the U.S.Department of Health and Human Services confirms the details , the attackAttack.Databreachon UConn Health could rank as the second largest health data breachAttack.Databreachreported so far this year , based on a snapshot of its HIPAA Breach Reporting Tool website on Monday . The largest health data breachAttack.Databreachrevealed so far this year , but not yet added to the tally , affected University of Washington Medicine . UW Medicine says a misconfigured database left patient data exposedAttack.Databreachon the internet for several weeks last December , resulting in a breachAttack.Databreachaffecting 974,000 individuals . Several other phishingAttack.Phishingand hacking incidents have been added to the HHS `` wall of shame '' tally in recent weeks . Among those is a hacking incident impacting 40,000 individuals reported on Feb 1 by Minnesota-based Reproductive Medicine and Infertility Associates . In a statement , the organization notes that on Dec 5 , 2018 , it discovered it had been the target of a `` criminal malware attack . '' An RMIA practice manager tells Information Security Media Group that independent computer forensics experts removed the malware , but did not definitively determine how the malware infection was launched . The practice suspects the malware was likely embedded in an email attachment , he says . RMIA 's statement notes that while the investigation did not identify any evidence of unauthorized accessAttack.Databreachto anyone 's personal information , `` we unfortunately could not completely rule out the possibility that patients ' personal information , including name , address , date of birth , health insurance information , limited treatment information and , for donors only , Social Security number , may have been accessibleAttack.Databreach. '' In the aftermath of the incident , RMIA says it 's adding another firewall , requiring changes to user credentials/passwords , implementing dual-factor authentication and providing additional staff training regarding information security . '' Also reporting a hacking incident in recent weeks was Charleston , S.C.-based Roper St.Francis Healthcare , which operates several hospitals in the region . The attack was reported as impacting nearly 35,300 individuals . In a Jan 29 statement , the entity says that on Nov 30 , 2018 , it learned that an unauthorized actor may have gained accessAttack.Databreachto some of its employees ' email accounts between Nov 15 and Dec 1 , 2018 , `` Our investigation determined that some patient information may have been contained in the email accounts , patients ' names , medical record numbers , information about services they received from Roper St.Francis , health insurance information , and , in some cases , Social Security numbers and financial information , '' the statement says . For those patients whose Social Security number was potentially exposedAttack.Databreach, the organization is offering prepaid credit monitoring and identity protection services . `` To help prevent something like this from happening again , we are continuing education with our staff on email protection and enhancing our email security , '' Roper St. Francis says . As phishingAttack.Phishingcontinues to menace healthcare entities , covered entities and business associates need to keep up with their defenses , some experts note . `` Phishing techniques have become more sophisticated than in the past , '' note Kate Borten , president of security and privacy consulting firm The Marblehead Group . `` Workforce training should include simulated phishing attacksAttack.Phishingto make people better prepared to recognize and thwart a real attack . '' To help mitigate breach risks , organizations should be deploying next-generation firewalls and multifactor authentication , plus employing advanced malware detection solutions , McMillan says . Too many organizations are overlooking the value of multifactor authentication , Borten adds . `` Two-factor user authentication was intended to be required over the internet and public networks in the proposed HIPAA Security Rule , '' she notes . `` Unfortunately , since that requirement was dropped in the final rule , healthcare is lagging on multifactor authentication , which is easier now than ever to implement . '' But McMillan advises healthcare organizations to avoid using multifactor authentication systems that use SMS to transmit a one-time password because those messages can be interceptedAttack.Databreach. `` The software- or hardware-based solutions are preferred , '' McMillan says . So what other technologies or best practices should covered entities and business associates consider to prevent falling victim to phishingAttack.Phishingand other attacks ? `` Unfortunately we have n't seen any silver bullets here yet , but one thing we might want to begin exploring is just what an attacker has accessAttack.Databreachto when they compromiseAttack.Databreacha user 's account , '' McMillan notes . `` All too often , we hear that the accounts compromisedAttack.Databreachhad incredibly large numbers of emails immediately accessibleAttack.Databreachto the attacker . The question is , are their better ways to deal with retention that mitigate risk as well ? ''
Email addresses , passwords and IP addresses were exposed . The breachAttack.Databreach, which took place in September 2015 but was only recently disclosed , compromisedAttack.Databreachemail addresses , passwords and IP addresses , the Daily Mail reports . The hacker 's likely aim was to profit financially from the stolen information. `` Data breachesAttack.Databreachare often sold via darkweb sites or within closed trading circles , '' Hunt told the Daily Mail . Still , Willy Leichter , vice president of marketing at CipherCloud , told eSecurity Planet by email that while the attack targeted gaming forums , any large scale breach like this should concern businesses as well . `` Users often use common passwords , security questions , or personal email addresses to access personal and work-related systems , making it easier for hackers to break intoAttack.Databreachcorporate networks and stealAttack.Databreachmassive amounts of data , '' he said . And while all users are being advised to change their passwords , Jeff Hill , director of product management at Prevalent , said it may be too late to make a difference. `` The initial breachAttack.Databreachoccurred in September 2015 , giving the attackers 17 months to operate undetected , more than enough time to find and exfiltrateAttack.Databreachenough data to profit greatly from their efforts , '' he said . `` At this point , it ’ s not even clear the breach was actually detected -- possibly the attackers simply [ wrung ] as much return as possible out of their theft , and simply discarded the remaining useless data , '' Hill added .
Yahoo CEO Marissa Mayer said she 'll forego her 2016 bonus and any stock award for this year after the company admitted it failed to properly investigate hack attacksAttack.Databreachthat compromisedAttack.Databreachmore than a billion user accounts . Further ReadingYahoo admits it ’ s been hackedAttack.Databreachagain , and 1 billion accounts were exposedAttack.Databreach`` When I learned in September 2016 that a large number of our user database files had been stolenAttack.Databreach, I worked with the team to disclose the incidentAttack.Databreachto users , regulators , and government agencies , '' she wrote in a note published Monday on Tumblr . `` However , I am the CEO of the company and since this incident happened during my tenure , I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company ’ s hardworking employees , who contributed so much to Yahoo ’ s success in 2016 . '' Her note came as Yahoo for the first time said that outside investigators identified about 32 million accounts for which forged browser cookies were used or taken in 2015 and 2016 . The investigators said some of the forgeries were connected to the same nation-sponsored attackers who compromised Yahoo in 2014 . The cookies tied to the forgeries have since been invalidated . Yahoo also said that the 2014 attacks targeted 26 specific accounts by exploiting the company ’ s account management tool . The company went on to say unnamed senior executives failed to grasp the extent of the breach early enough . A filing submitted Monday with the US Securities and Exchange Commission stated : Based on its investigation , the Independent Committee concluded that the Company ’ s information security team had contemporaneous knowledge of the 2014 compromise of user accounts , as well as incidents by the same attacker involving cookie forging in 2015 and 2016 . In late 2014 , senior executives and relevant legal staff were aware that a state-sponsored actor had accessed certain user accounts by exploiting the Company ’ s account management tool . The Company took certain remedial actions , notifying 26 specifically targeted users and consulting with law enforcement . While significant additional security measures were implemented in response to those incidents , it appears certain senior executives did not properly comprehend or investigate , and therefore failed to act sufficiently upon , the full extent of knowledge known internally by the Company ’ s information security team . Specifically , as of December 2014 , the information security team understood that the attacker had exfiltratedAttack.Databreachcopies of user database backup files containing the personal data of Yahoo users but it is unclear whether and to what extent such evidence of exfiltration was effectively communicated and understood outside the information security team . However , the Independent Committee did not conclude that there was an intentional suppression of relevant information . Nonetheless , the Committee found that the relevant legal team had sufficient information to warrant substantial further inquiry in 2014 , and they did not sufficiently pursue it . As a result , the 2014 Security Incident was not properly investigated and analyzed at the time , and the Company was not adequately advised with respect to the legal and business risks associated with the 2014 Security Incident . The Independent Committee found that failures in communication , management , inquiry and internal reporting contributed to the lack of proper comprehension and handling of the 2014 Security Incident .