personal information on about 80,000 employees , volunteers and vendors from a CPS database . The former worker , Kristi Sims , was arrested Thursday ; officers recovered the stolen files after executing search warrants , according to CPS and Chicago police officials . Sims , 28 , is a former contractor who handled administrative tasks for the Office of Safety and Security . Sims was ordered released on her own recognizance at a bond hearing Friday at the Leighton Criminal Court Building by Judge Sophia Atcherson ; Sims also was ordered not to access to the internet while the case continues . In a letter to employees Thursday evening , CPS Chief Operating Officer Arnie Rivera said the district learned of the massive data breachAttack.DatabreachWednesday , the day after the information was stolenAttack.Databreach. Among the data stolenAttack.Databreachwere names , employee ID numbers , phone numbers , addresses , dates of birth , criminal arrest histories and DCFS findings . Social Security numbers were not takenAttack.Databreach, Rivera said . “ There was no indication that the information , which was in the individual ’ s possession for approximately 24 hours , was used or disseminated to anyone in any way , ” Rivera added . A CPS spokesman referred questions about the criminal charges to Chicago police , but Rivera said “ CPS will work to ensure the individual is prosecuted to the fullest extent of the law. ” CPD spokesman Anthony Guglielmi said Sims is also suspected of deleting the targeted files from the CPS database after they were stolenAttack.Databreach. The digital equipment seized in the warrant is being analyzed , and a search warrant is underway for Sims ’ s email account , Guglielmi said . Though police say they don ’ t believe anyone other than Sims was in possession of the data , they hope to learn more about what might have been done with the information . This latest CPS data breachAttack.Databreachcomes only a few months after the school district mistakenly sent a mass email that linked to the private information of thousands of students and families . The email invited families to submit supplemental applications to selective enrollment schools . Attached at the bottom of the email was a link to a spreadsheet with the personal data of more than 3,700 students and families . In that incident , CPS apologized for the “ unacceptable breachAttack.Databreachof both student information and your trust ” and asked recipients of the email to delete the sensitive information . The data included children ’ s names , home and cellphone numbers , email addresses and ID numbers .
A former Chicago Public Schools worker faces several felony charges after officials allege the worker stoleAttack.Databreachpersonal information on about 80,000 employees , volunteers and vendors from a CPS database . The former worker , Kristi Sims , was arrested Thursday ; officers recovered the stolen files after executing search warrants , according to CPS and Chicago police officials . Sims , 28 , is a former contractor who handled administrative tasks for the Office of Safety and Security . Sims was ordered released on her own recognizance at a bond hearing Friday at the Leighton Criminal Court Building by Judge Sophia Atcherson ; Sims also was ordered not to access to the internet while the case continues . In a letter to employees Thursday evening , CPS Chief Operating Officer Arnie Rivera said the district learned of the massive data breachAttack.DatabreachWednesday , the day after the information was stolenAttack.Databreach. Among the data stolenAttack.Databreachwere names , employee ID numbers , phone numbers , addresses , dates of birth , criminal arrest histories and DCFS findings . Social Security numbers were not takenAttack.Databreach, Rivera said . “ There was no indication that the information , which was in the individual ’ s possession for approximately 24 hours , was used or disseminated to anyone in any way , ” Rivera added . A CPS spokesman referred questions about the criminal charges to Chicago police , but Rivera said “ CPS will work to ensure the individual is prosecuted to the fullest extent of the law. ” CPD spokesman Anthony Guglielmi said Sims is also suspected of deleting the targeted files from the CPS database after they were stolenAttack.Databreach. The digital equipment seized in the warrant is being analyzed , and a search warrant is underway for Sims ’ s email account , Guglielmi said . Though police say they don ’ t believe anyone other than Sims was in possession of the data , they hope to learn more about what might have been done with the information . This latest CPS data breachAttack.Databreachcomes only a few months after the school district mistakenly sent a mass email that linked to the private information of thousands of students and families . The email invited families to submit supplemental applications to selective enrollment schools . Attached at the bottom of the email was a link to a spreadsheet with the personal data of more than 3,700 students and families . In that incident , CPS apologized for the “ unacceptable breachAttack.Databreachof both student information and your trust ” and asked recipients of the email to delete the sensitive information . The data included children ’ s names , home and cellphone numbers , email addresses and ID numbers .
Eurostar has forced all of its customers to reset their passwords after detecting an `` unauthorised attempt '' to hack into its systems and access their accounts . Customers reported receiving an email on Tuesday stating that the company had identified an attempt to access eurostar.com accounts using users ' email and passwords between the 15 and 19 of October . Eurostar confirmed that credit card details and payment details were not compromisedAttack.Databreachbecause the company does not store that information online . Eurostar has yet to confirm how many people have been affected by this data breachAttack.Databreachor whether any data has been takenAttack.Databreach. The company has reported the data breachAttack.Databreachto the Information Commissioner 's Office . `` We have taken this action as a precaution because we identified what we believe to be an unauthorised automated attempt to accessAttack.Databreacheurostar.com accounts using your email address and password , '' the company told customers . `` We 've since carried out an investigation which shows that your account was logged into between the 15 and 19 October . If you did n't log in during this period , there 's a possibility your account was accessedAttack.Databreachby this unauthorised attempt . '' Customers were told to check their accounts for `` anything unusual '' and update login details on any other site where they use the same password . A Eurostar spokesman said : `` This email was sent after we identified what we believe to be an unauthorised automated attempt to access customer accounts , so as a precaution , we asked all account holders to reset their password . We deliberately never store any payment details or bank card information , so there is no possibility of those being compromisedAttack.Databreach. '' An ICO spokesman said : “ We ’ ve received data breachAttack.Databreachreport from Eurostar and are making enquiries. ” Last week , British Airways revealed that almost 200,000 further passengers may have had their personal data stolenAttack.Databreachby hackers in the September attackAttack.Databreachin what experts described as one of the biggest breachesAttack.Databreachof consumer data the UK had ever seen .
Eurostar has forced all of its customers to reset their passwords after detecting an `` unauthorised attempt '' to hack into its systems and access their accounts . Customers reported receiving an email on Tuesday stating that the company had identified an attempt to access eurostar.com accounts using users ' email and passwords between the 15 and 19 of October . Eurostar confirmed that credit card details and payment details were not compromisedAttack.Databreachbecause the company does not store that information online . Eurostar has yet to confirm how many people have been affected by this data breachAttack.Databreachor whether any data has been takenAttack.Databreach. The company has reported the data breachAttack.Databreachto the Information Commissioner 's Office . `` We have taken this action as a precaution because we identified what we believe to be an unauthorised automated attempt to accessAttack.Databreacheurostar.com accounts using your email address and password , '' the company told customers . `` We 've since carried out an investigation which shows that your account was logged into between the 15 and 19 October . If you did n't log in during this period , there 's a possibility your account was accessedAttack.Databreachby this unauthorised attempt . '' Customers were told to check their accounts for `` anything unusual '' and update login details on any other site where they use the same password . A Eurostar spokesman said : `` This email was sent after we identified what we believe to be an unauthorised automated attempt to access customer accounts , so as a precaution , we asked all account holders to reset their password . We deliberately never store any payment details or bank card information , so there is no possibility of those being compromisedAttack.Databreach. '' An ICO spokesman said : “ We ’ ve received data breachAttack.Databreachreport from Eurostar and are making enquiries. ” Last week , British Airways revealed that almost 200,000 further passengers may have had their personal data stolenAttack.Databreachby hackers in the September attackAttack.Databreachin what experts described as one of the biggest breachesAttack.Databreachof consumer data the UK had ever seen .
The Legislative Council has decided to take action on the massive data breachAttack.Databreachat Cathay Pacific Airways , which has affected the personal information of as many as 9.4 million customers . Amid calls for more stringent regulations on personal data protection , lawmaker Horace Cheung Kwok-kwan from the Democratic Alliance for the Betterment and Progress of Hong Kong said Legco will hold a special meeting on Nov 14 to thoroughly discuss how to prevent similar incidents from happening again through regulatory approaches . According to Cheung , the meeting will be attended by members of the Legco Panel on Constitutional Affairs , which he chairs , Panel on Security and Panel on Information Technology and Broadcasting , as well as representatives from the airline , the Hong Kong Economic Journal reported . Secretary for Constitutional and Mainland Affairs Patrick Nip Tak-kuen and Privacy Commissioner for Personal Data Stephen Wong Kai-yi have also agreed to join the discussions , he added . Cheung said quite a number of his colleagues have expressed concerns about the fact that the existing regulations on online privacy have failed to advance with the time , and want to know the view of the authorities on reforming them . Cathay revealed on Oct 23 that it discovered suspicious activity on its computer network in early March and confirmed in early May that personal data of its customers were accessedAttack.Databreachwith no authorization . The data included passenger name , nationality , date of birth , phone number , email , physical addresses , passport number , identity card number , frequent flyer program membership number , customer service remarks , and historical travel information , along with the numbers of hundreds of credit cards . On Monday morning , eight officers from the police ’ s Cyber Security and Technology Crime Bureau went to Cathay City , the airline ’ s headquarters at the Hong Kong International Airport in Chek Lap Kok , to conduct an investigation . With the presence of a Cathay-appointed lawyer , the officers examined some servers before they left about two hours later without taking away any items as evidence . It is understood that the police force has instructed all of its districts to pay attention to cases that may be connected to the data breachAttack.Databreachor those resulting in material losses . Meanwhile , Wong told a radio program on Monday that his office , the next day after the airline unveiled it , sent an initial questionnaire , asking Cathay for an explanation within 10 days .
The Legislative Council has decided to take action on the massive data breachAttack.Databreachat Cathay Pacific Airways , which has affected the personal information of as many as 9.4 million customers . Amid calls for more stringent regulations on personal data protection , lawmaker Horace Cheung Kwok-kwan from the Democratic Alliance for the Betterment and Progress of Hong Kong said Legco will hold a special meeting on Nov 14 to thoroughly discuss how to prevent similar incidents from happening again through regulatory approaches . According to Cheung , the meeting will be attended by members of the Legco Panel on Constitutional Affairs , which he chairs , Panel on Security and Panel on Information Technology and Broadcasting , as well as representatives from the airline , the Hong Kong Economic Journal reported . Secretary for Constitutional and Mainland Affairs Patrick Nip Tak-kuen and Privacy Commissioner for Personal Data Stephen Wong Kai-yi have also agreed to join the discussions , he added . Cheung said quite a number of his colleagues have expressed concerns about the fact that the existing regulations on online privacy have failed to advance with the time , and want to know the view of the authorities on reforming them . Cathay revealed on Oct 23 that it discovered suspicious activity on its computer network in early March and confirmed in early May that personal data of its customers were accessedAttack.Databreachwith no authorization . The data included passenger name , nationality , date of birth , phone number , email , physical addresses , passport number , identity card number , frequent flyer program membership number , customer service remarks , and historical travel information , along with the numbers of hundreds of credit cards . On Monday morning , eight officers from the police ’ s Cyber Security and Technology Crime Bureau went to Cathay City , the airline ’ s headquarters at the Hong Kong International Airport in Chek Lap Kok , to conduct an investigation . With the presence of a Cathay-appointed lawyer , the officers examined some servers before they left about two hours later without taking away any items as evidence . It is understood that the police force has instructed all of its districts to pay attention to cases that may be connected to the data breachAttack.Databreachor those resulting in material losses . Meanwhile , Wong told a radio program on Monday that his office , the next day after the airline unveiled it , sent an initial questionnaire , asking Cathay for an explanation within 10 days .
The Privacy Commissioner for Personal Data , Hong Kong ( Privacy Commissioner ) , Mr Stephen Kai-yi WONG , expressed serious concern over the Cathay Pacific Airways data breach incidentAttack.Databreach, noting that the incidentAttack.Databreachmight involve a vast amount of personal data ( such as name , date of birth , passport number , Hong Kong Identity Card number , credit card number , etc ) of local and foreign citizens . The office of the Privacy Commissioner for Personal Data , Hong Kong ( PCPD ) would proactively contact the airline and initiate a compliance check . The Privacy Commissioner advised the airline to notify the affected clients as soon as possible , and take remedial steps with details explained immediately . Mr Wong said that organisations must take effective security measures to protect the personal data of its clients . If an external service provider is engaged as a data processor , the organisation must adopt contractual or other means to safeguard personal data from unauthorised or accidental access , processing or use . Mr Wong reminded members of the public that if they find any abnormalities with their personal accounts of the airline concerned or credit card accounts , they should contact the airline and the related financial institutions . They should also change the account passwords and enable two-factor authentication to protect their personal data . Mr Wong stated that while reporting of data breachAttack.Databreachis voluntary , any organisation concerned is encouraged to notify the PCPD . By doing so , the PCPD can work together with the organisation to minimise the potential damage to clients .
HONG KONG ( REUTERS ) - Cathay Pacific Airways said on Wednesday ( Oct 24 ) that data of about 9.4 million passengers of Cathay and its unit Hong Kong Dragon Airlines had been accessedAttack.Databreachwithout authorisation . Cathay said 860,000 passport numbers , about 245,000 Hong Kong identity card numbers , 403 expired credit card numbers and 27 credit card numbers with no card verification value ( CVV ) were accessedAttack.Databreachin the breachAttack.Databreach. `` We are very sorry for any concern this data security event may cause our passengers , '' Cathay Pacific chief executive Rupert Hogg said in a statement . `` We acted immediately to contain the event , commence a thorough investigation with the assistance of a leading cyber-security firm , and to further strengthen our IT security measures . '' Mr Hogg said no passwords were compromisedAttack.Databreachin the breachAttack.Databreachand the company was contacting affected passengers to give them information on how to protect themselves . Cathay Pacific was not immediately available for additional comment outside normal business hours . The company said it initially discovered suspicious activity on its network in March this year , and investigations in early May confirmed that certain personal data had been accessedAttack.Databreach. News of Cathay 's passenger data breachAttack.Databreachcomes weeks after British Airways revealed that credit card details of hundreds of thousands of its customers were stolenAttack.Databreachover a two-week period . Cathay said in a statement that accessedAttack.Databreachdata includes names of passengers , their nationalities , dates of birth , telephone numbers , e-mail and physical addresses , passport numbers , identity card numbers and historical travel information . It added that the Hong Kong Police had been notified about the breachAttack.Databreachand that there is no evidence any personal information has been misused .
A pediatrics practice , ABCD Pediatrics , serving the San Antonio , Texas metropolitan area reported that it was hit with a ransomware attackAttack.Ransom, but existing antivirus software helped to slow down the attack , and the practice 's IT vendor successfully removed the virus and all corrupt data from its servers . However , because hackers may have accessedAttack.Databreachportions of the practice ’ s network , the pediatrics group is offering identity and credit protection services from Equifax Personal Solutions to all of its patients . The pediatrics group , which has four locations , posted a “ HIPAA Notification ” on its website , regarding an incident that may have affected patients ’ protected health information ( PHI ) . The practice stated that the notice was made in compliance with the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) . Prior to the attack , ABCD Pediatrics had a variety of security measures in place , including network filtering and security monitoring , intrusion detection systems , firewalls , antivirus software , and password protection , according to the organization ’ s statement . On February 6 , 2017 , an employee of ABCD Pediatrics discovered that a virus gained access and began encrypting ABCD ’ s servers . The encryption was slowed significantly by existing antivirus software . Upon discovery , ABCD immediately contacted its IT vendor , and ABCD ’ s servers and computers were promptly moved offline and analyzed . The virus was identified as “ Dharma Ransomware , ” which is a variant of an older ransomware virus called “ CriSiS , ” according to the organization ’ s IT vendor . “ ABCD ’ s IT company reported that these virus strains typically do not exfiltrateAttack.Databreach( “ remove ” ) data from the server ; however , exfiltration could not be ruled out . Also , during the analysis of ABCD ’ s servers and computers , suspicious user accounts were discovered suggesting that hackers may have accessedAttack.Databreachportions of ABCD ’ s network , ” the organization stated . The IT vendor successfully removed the virus and all corrupt data from its servers , and the practice said that secure backup data stored separately from its servers and computers was not compromised by the incident , and it was used to restore all affected data . According to the organization , no confidential information was lost or destroyed , including PHI , and the practice group never received a ransom demandAttack.Ransomor other communications from unknown persons . In addition to notifying its patients , ABCD notified the FBI and the U.S. Department of Health and Human Services . According to the HHS ’ Office of Civil Rights ’ data breachAttack.Databreachportal , the incident affected 55,447 patients . While the IT vendor found no evidence that confidential information was actually acquired or removedAttack.Databreachfrom its servers and computers , it could not rule out the possibility that confidential information may have been viewedAttack.Databreachand possibly was acquiredAttack.Databreach, according the ABCD Pediatrics ’ statement . Affected information may have included patients ’ names , addresses , telephone numbers , dates of birth , Social Security Numbers , insurance billing information , medical records , and laboratory reports . Following this incident , ABCD ’ s IT vendor located the source of the intrusion and implemented additional security measures , including state of the art cyber monitoring on its network , the organization said . In addition to the identity and credit protection services from Equifax , the pediatrics group recommended that patients also place a fraud alert on their credit files .
The Intercontinental Hotels Group data breachAttack.Databreachpreviously announced in February as affecting 12 hotels in the chain has proven to have been far more extensive than was first thought . Last week the group announced that the breachAttack.Databreachaffected guests that used their credit cards to pay at franchisee hotels across the United States and in Puerto Rico between September 29 , 2016 and December 29 , 2016 . According to the chain ’ s website , the Intercontinental Hotels Group data breachAttack.Databreachpotentially affected guests who stayed at its Holiday Inn , Holiday Inn Express , Crowne Plaza , Staybridge Suites , Candlewood Suites , Hotel Indigo , and InterContinental Hotels . The full list of hotels that have potentially been affected by the malware incident has been listed on the IHG website . In total , 1,184 of the group ’ s hotels have potentially been affected . The Intercontinental Hotels Group data breachAttack.Databreachinvolved malware that had been downloaded onto its systems , which was capable of monitoring payment card systems and exfiltratingAttack.Databreachpayment card data . It does not appear that any other information other than card details and cardholders ’ names were stolenAttack.Databreachby the attackers . The hotel group does not believe the data breachAttack.Databreachextended past December 29 , 2016 , although that can not be entirely ruled out as it took until February/March for all of the affected hotels to be investigated and for confirmation to be received that the malware had been removed . Prior to the malware being installed , IHG had started installing the OHG Secure Payment Solution ( SPS ) , which provides point to point encryption to prevent incidents such as this from resulting in the theft of clients ’ data . Had the process started sooner , the Intercontinental Hotel Group data breachAttack.Databreachcould have been prevented . Hotels that had implemented the SPS prior to September 29 , 2016 were not affected and those that had implemented the solution between September 29 , 2016 and December 29 , 2016 stopped the malware from being able to locate and stealAttack.Databreachcredit card data . In those cases , only clients that used their credit cards at affected hotels between September 29 , 2016 and when the SPS system was installed were affected . Intercontinental Hotels Group Data Breach One of Many Affecting the Hospitality Sector The Intercontinental Hotels Group data breachAttack.Databreachstands out due to the extent to which the group was affected , with well over 1,100 hotels affected . However , this is far from the only hotel group to have been affected by POS malware . Previous incidents have also been reported by Hard Rock Hotels , Hilton Hotels , Omni Hotels & Resorts and Trump Hotels . Hotels , in particular hotel chains , are big targets for cybercriminals due to the size of the prize . Many hotel guests choose to pay for their rooms and services on credit cards rather than in cash , and each hotel services many thousands – often tens of thousands – of guests each year . Globally , IHG hotels service more than 150 million guests every year , which is a tremendous number of credit and debit cards . Such a widespread malware infection would be highly lucrative for the attackers . Credit card numbers may only sell for a couple of dollars a time , but with that number of guests , an attackAttack.Databreachsuch as this would be a huge pay day for the attackers .
The Intercontinental Hotels Group data breachAttack.Databreachpreviously announced in February as affecting 12 hotels in the chain has proven to have been far more extensive than was first thought . Last week the group announced that the breachAttack.Databreachaffected guests that used their credit cards to pay at franchisee hotels across the United States and in Puerto Rico between September 29 , 2016 and December 29 , 2016 . According to the chain ’ s website , the Intercontinental Hotels Group data breachAttack.Databreachpotentially affected guests who stayed at its Holiday Inn , Holiday Inn Express , Crowne Plaza , Staybridge Suites , Candlewood Suites , Hotel Indigo , and InterContinental Hotels . The full list of hotels that have potentially been affected by the malware incident has been listed on the IHG website . In total , 1,184 of the group ’ s hotels have potentially been affected . The Intercontinental Hotels Group data breachAttack.Databreachinvolved malware that had been downloaded onto its systems , which was capable of monitoring payment card systems and exfiltratingAttack.Databreachpayment card data . It does not appear that any other information other than card details and cardholders ’ names were stolenAttack.Databreachby the attackers . The hotel group does not believe the data breachAttack.Databreachextended past December 29 , 2016 , although that can not be entirely ruled out as it took until February/March for all of the affected hotels to be investigated and for confirmation to be received that the malware had been removed . Prior to the malware being installed , IHG had started installing the OHG Secure Payment Solution ( SPS ) , which provides point to point encryption to prevent incidents such as this from resulting in the theft of clients ’ data . Had the process started sooner , the Intercontinental Hotel Group data breachAttack.Databreachcould have been prevented . Hotels that had implemented the SPS prior to September 29 , 2016 were not affected and those that had implemented the solution between September 29 , 2016 and December 29 , 2016 stopped the malware from being able to locate and stealAttack.Databreachcredit card data . In those cases , only clients that used their credit cards at affected hotels between September 29 , 2016 and when the SPS system was installed were affected . Intercontinental Hotels Group Data Breach One of Many Affecting the Hospitality Sector The Intercontinental Hotels Group data breachAttack.Databreachstands out due to the extent to which the group was affected , with well over 1,100 hotels affected . However , this is far from the only hotel group to have been affected by POS malware . Previous incidents have also been reported by Hard Rock Hotels , Hilton Hotels , Omni Hotels & Resorts and Trump Hotels . Hotels , in particular hotel chains , are big targets for cybercriminals due to the size of the prize . Many hotel guests choose to pay for their rooms and services on credit cards rather than in cash , and each hotel services many thousands – often tens of thousands – of guests each year . Globally , IHG hotels service more than 150 million guests every year , which is a tremendous number of credit and debit cards . Such a widespread malware infection would be highly lucrative for the attackers . Credit card numbers may only sell for a couple of dollars a time , but with that number of guests , an attackAttack.Databreachsuch as this would be a huge pay day for the attackers .
The Intercontinental Hotels Group data breachAttack.Databreachpreviously announced in February as affecting 12 hotels in the chain has proven to have been far more extensive than was first thought . Last week the group announced that the breachAttack.Databreachaffected guests that used their credit cards to pay at franchisee hotels across the United States and in Puerto Rico between September 29 , 2016 and December 29 , 2016 . According to the chain ’ s website , the Intercontinental Hotels Group data breachAttack.Databreachpotentially affected guests who stayed at its Holiday Inn , Holiday Inn Express , Crowne Plaza , Staybridge Suites , Candlewood Suites , Hotel Indigo , and InterContinental Hotels . The full list of hotels that have potentially been affected by the malware incident has been listed on the IHG website . In total , 1,184 of the group ’ s hotels have potentially been affected . The Intercontinental Hotels Group data breachAttack.Databreachinvolved malware that had been downloaded onto its systems , which was capable of monitoring payment card systems and exfiltratingAttack.Databreachpayment card data . It does not appear that any other information other than card details and cardholders ’ names were stolenAttack.Databreachby the attackers . The hotel group does not believe the data breachAttack.Databreachextended past December 29 , 2016 , although that can not be entirely ruled out as it took until February/March for all of the affected hotels to be investigated and for confirmation to be received that the malware had been removed . Prior to the malware being installed , IHG had started installing the OHG Secure Payment Solution ( SPS ) , which provides point to point encryption to prevent incidents such as this from resulting in the theft of clients ’ data . Had the process started sooner , the Intercontinental Hotel Group data breachAttack.Databreachcould have been prevented . Hotels that had implemented the SPS prior to September 29 , 2016 were not affected and those that had implemented the solution between September 29 , 2016 and December 29 , 2016 stopped the malware from being able to locate and stealAttack.Databreachcredit card data . In those cases , only clients that used their credit cards at affected hotels between September 29 , 2016 and when the SPS system was installed were affected . Intercontinental Hotels Group Data Breach One of Many Affecting the Hospitality Sector The Intercontinental Hotels Group data breachAttack.Databreachstands out due to the extent to which the group was affected , with well over 1,100 hotels affected . However , this is far from the only hotel group to have been affected by POS malware . Previous incidents have also been reported by Hard Rock Hotels , Hilton Hotels , Omni Hotels & Resorts and Trump Hotels . Hotels , in particular hotel chains , are big targets for cybercriminals due to the size of the prize . Many hotel guests choose to pay for their rooms and services on credit cards rather than in cash , and each hotel services many thousands – often tens of thousands – of guests each year . Globally , IHG hotels service more than 150 million guests every year , which is a tremendous number of credit and debit cards . Such a widespread malware infection would be highly lucrative for the attackers . Credit card numbers may only sell for a couple of dollars a time , but with that number of guests , an attackAttack.Databreachsuch as this would be a huge pay day for the attackers .
The Intercontinental Hotels Group data breachAttack.Databreachpreviously announced in February as affecting 12 hotels in the chain has proven to have been far more extensive than was first thought . Last week the group announced that the breachAttack.Databreachaffected guests that used their credit cards to pay at franchisee hotels across the United States and in Puerto Rico between September 29 , 2016 and December 29 , 2016 . According to the chain ’ s website , the Intercontinental Hotels Group data breachAttack.Databreachpotentially affected guests who stayed at its Holiday Inn , Holiday Inn Express , Crowne Plaza , Staybridge Suites , Candlewood Suites , Hotel Indigo , and InterContinental Hotels . The full list of hotels that have potentially been affected by the malware incident has been listed on the IHG website . In total , 1,184 of the group ’ s hotels have potentially been affected . The Intercontinental Hotels Group data breachAttack.Databreachinvolved malware that had been downloaded onto its systems , which was capable of monitoring payment card systems and exfiltratingAttack.Databreachpayment card data . It does not appear that any other information other than card details and cardholders ’ names were stolenAttack.Databreachby the attackers . The hotel group does not believe the data breachAttack.Databreachextended past December 29 , 2016 , although that can not be entirely ruled out as it took until February/March for all of the affected hotels to be investigated and for confirmation to be received that the malware had been removed . Prior to the malware being installed , IHG had started installing the OHG Secure Payment Solution ( SPS ) , which provides point to point encryption to prevent incidents such as this from resulting in the theft of clients ’ data . Had the process started sooner , the Intercontinental Hotel Group data breachAttack.Databreachcould have been prevented . Hotels that had implemented the SPS prior to September 29 , 2016 were not affected and those that had implemented the solution between September 29 , 2016 and December 29 , 2016 stopped the malware from being able to locate and stealAttack.Databreachcredit card data . In those cases , only clients that used their credit cards at affected hotels between September 29 , 2016 and when the SPS system was installed were affected . Intercontinental Hotels Group Data Breach One of Many Affecting the Hospitality Sector The Intercontinental Hotels Group data breachAttack.Databreachstands out due to the extent to which the group was affected , with well over 1,100 hotels affected . However , this is far from the only hotel group to have been affected by POS malware . Previous incidents have also been reported by Hard Rock Hotels , Hilton Hotels , Omni Hotels & Resorts and Trump Hotels . Hotels , in particular hotel chains , are big targets for cybercriminals due to the size of the prize . Many hotel guests choose to pay for their rooms and services on credit cards rather than in cash , and each hotel services many thousands – often tens of thousands – of guests each year . Globally , IHG hotels service more than 150 million guests every year , which is a tremendous number of credit and debit cards . Such a widespread malware infection would be highly lucrative for the attackers . Credit card numbers may only sell for a couple of dollars a time , but with that number of guests , an attackAttack.Databreachsuch as this would be a huge pay day for the attackers .
The Intercontinental Hotels Group data breachAttack.Databreachpreviously announced in February as affecting 12 hotels in the chain has proven to have been far more extensive than was first thought . Last week the group announced that the breachAttack.Databreachaffected guests that used their credit cards to pay at franchisee hotels across the United States and in Puerto Rico between September 29 , 2016 and December 29 , 2016 . According to the chain ’ s website , the Intercontinental Hotels Group data breachAttack.Databreachpotentially affected guests who stayed at its Holiday Inn , Holiday Inn Express , Crowne Plaza , Staybridge Suites , Candlewood Suites , Hotel Indigo , and InterContinental Hotels . The full list of hotels that have potentially been affected by the malware incident has been listed on the IHG website . In total , 1,184 of the group ’ s hotels have potentially been affected . The Intercontinental Hotels Group data breachAttack.Databreachinvolved malware that had been downloaded onto its systems , which was capable of monitoring payment card systems and exfiltratingAttack.Databreachpayment card data . It does not appear that any other information other than card details and cardholders ’ names were stolenAttack.Databreachby the attackers . The hotel group does not believe the data breachAttack.Databreachextended past December 29 , 2016 , although that can not be entirely ruled out as it took until February/March for all of the affected hotels to be investigated and for confirmation to be received that the malware had been removed . Prior to the malware being installed , IHG had started installing the OHG Secure Payment Solution ( SPS ) , which provides point to point encryption to prevent incidents such as this from resulting in the theft of clients ’ data . Had the process started sooner , the Intercontinental Hotel Group data breachAttack.Databreachcould have been prevented . Hotels that had implemented the SPS prior to September 29 , 2016 were not affected and those that had implemented the solution between September 29 , 2016 and December 29 , 2016 stopped the malware from being able to locate and stealAttack.Databreachcredit card data . In those cases , only clients that used their credit cards at affected hotels between September 29 , 2016 and when the SPS system was installed were affected . Intercontinental Hotels Group Data Breach One of Many Affecting the Hospitality Sector The Intercontinental Hotels Group data breachAttack.Databreachstands out due to the extent to which the group was affected , with well over 1,100 hotels affected . However , this is far from the only hotel group to have been affected by POS malware . Previous incidents have also been reported by Hard Rock Hotels , Hilton Hotels , Omni Hotels & Resorts and Trump Hotels . Hotels , in particular hotel chains , are big targets for cybercriminals due to the size of the prize . Many hotel guests choose to pay for their rooms and services on credit cards rather than in cash , and each hotel services many thousands – often tens of thousands – of guests each year . Globally , IHG hotels service more than 150 million guests every year , which is a tremendous number of credit and debit cards . Such a widespread malware infection would be highly lucrative for the attackers . Credit card numbers may only sell for a couple of dollars a time , but with that number of guests , an attackAttack.Databreachsuch as this would be a huge pay day for the attackers .
LabCorp , one of the largest clinical labs in the U.S. , said the Samsam ransomware attackAttack.Ransomthat forced their systems offline was contained quickly and did n't result in a data breachAttack.Databreach. However , in the brief time between detection and mitigation , the ransomware was able to encrypt thousands of systems and several hundred production servers . The wider public first learned about the LabCorp incident on Monday , when the company disclosed it via an 8-K filing with the SEC . Since then , as recovery efforts continue , the company said they 're at about 90-percent operational capacity . According to sources familiar with the investigation , the Samsam attackAttack.Ransomat LabCorp started at midnight on July 13 . This is when the Samsam group used brute force against RDP and deployed ransomware by the same name to the LabCorp network . At 6:00 p.m. on Saturday , July 14 , the first computer was encrypted . The LabCorp SOC ( Security Operation Center ) immediately took action after that first system was encrypted , alerting IR teams and severing various links and connections . These quick actions ultimately helped the company contain the spread of the infection and neutralize the attack within 50 minutes . However , before the attack was fully contained , 7,000 systems and 1,900 servers were impacted . Of those 1,900 servers , 350 were production servers . The analysis and recovery continued at that point . This led the company to confirm the source of the attack as a brute forced RDP instance , and confirm that only Windows systems were impacted . According to NetFlow management and traffic monitoring , nothing left the network during the attack , so the company is confident that there was no data breachAttack.Databreach. Given the RDP connection to this attack , and the fact that most attacks of this nature are bi-directional , LabCorp will likely implement two-factor authentication in the future . It is n't clear if the company has a timeline for these changes , or if two-factor authentication was already in place at the time of the attack . Salted Hash has reached out to LabCorp for additional comment and will update should they respond . However , because LabCorp was able to detect and respond to the attack quickly , they likely saved themselves from costly and lengthy outages . It 's also likely that backups ( tested and current ) played a large role in the recovery phase of the incident . The last time the Samsam group was in the news , they had attacked the Colorado Department of Transportation twice in two weeks and the City of Atlanta . In March , based on the current value of Bitcoin at the time , it was estimated that the group had earned nearly $ 850,000 USD from their victims , who paid the ransom demandsAttack.Ransom.
JobStreet is informing clients by email whether they were caught up in a Malaysia-based data breachAttack.Databreachthat affected 19 different companies . “ We are writing to notify you that we recently identified a post claiming that personal information from the databases of 19 corporations and associations had been made public , including ours , ” the email says . According to website haveibeenpwned.com , 3,883,455 JobStreet accounts were affected by the breachAttack.Databreach. It says the information was freely downloadable on a Tor hidden service . The breachAttack.Databreachalso affected more than 46 million Malaysian users and several telecommunications companies . Telecommunications providers caught by the breachAttack.Databreachinclude Altel , Celcom , DiGi , EnablingAsia , Friendi , Maxis , Merchantrade Asia , PLDT , Redtone , Tunetalk , Umobile and XoX , reports suggest . It also affected organisations such as the Academy of Medicine Malaysia , the Malaysian Dental Association , the Malaysian Medical Association , and the National Specialist Register of Malaysia . Reports speculate that more than 81,000 records were stolenAttack.Databreachfrom these organisations . “ Our investigations established that some personal candidate information pertaining to accounts created before July 2012 has been exposedAttack.Databreach. To help protect our customers , the team is continuously enhancing our security measures for all user information stored with JobStreet.com , ” JobStreet CEO Suresh Thiru says in an email . According to media reports , that personal information includes identity card numbers , addresses , login IDs , passwords , names , emails and phone numbers . Haveibeenpwned.com also notes that on JobStreet , dates of birth , genders , geographic locations , marital statuses , nationalities and usernames were also compromisedAttack.Databreach. The Malaysian Communications and Multimedia Commission ( MCMC ) may have discovered the possible source of the data leaksAttack.Databreach, according to Malaysian Communications Minister Salleh Said Keruak . `` We have identified several potential sources of the leak and we should be able to complete the probe soon , '' he announced .
East Ohio Regional Hospital in Harper 's Ferry , Ohio , and Ohio Valley Medical Center in Wheeling , West Virginia , both got affected by ransomware on the last weekend of November . [ 1 ] Due to this incident , ambulance patients were transported to other hospitals nearby and emergency room admissions were limited to walk-up patients only . Due to attack , employees needed to switch to paper charting and various systems were taken offline immediately . This fairly quick response limited the ransomware damage and prevented the possible data breachAttack.Databreach. [ 2 ] According to Karin Janiszewski , director of marketing and public relations for EORH and OVMC , hospitals reacted as soon as possible and , at the moment of writing , they are already using the computer network . On the following Saturday , Karin Janiszewski stated : There has been no patient information breachAttack.Databreach. The hospitals are switching to paper charting to ensure patient data protection . We have redundant security , so the attack was able to get through the first layer but not the second layer . IT staff dealt with the outbreak to avoid a data breachAttack.DatabreachWhen it comes to malware attacks on large companies , the lossAttack.Databreachof personal customer data is the worst thing that can happen . It seems that this time the situation was handled quick enough to prevent having the sensitive data being compromisedAttack.Databreach. IT team took several computers offline , and , because of this , most of the clinical operations transferred to other units , and emergency patients were automatically taken to different locations . On Saturday , when the incidents occurred , hospital officials stated that the staff is ready to take everything on paper until the downtime is over . Also , since this is a ransomware-type malware attackAttack.Ransom, hackers demand a ransomAttack.Ransom. However , officials did not select the scenario involving making the paymentAttack.Ransom. No matter how big or how little the ransom demandAttack.Ransomis , officials should n't even consider making the paymentAttack.Ransombecause it may lead to system damage or permanent data loss . [ 3 ] In the United States , data breachesAttack.Databreachand malware attacks on huge organizations have become a common thing , especially in the healthcare industry . In 2016 Hollywood Presbyterian Hospital paid the demanded ransomAttack.Ransomin Bitcoin after having its data encrypted . [ 4 ] The infection was widespread and the attackAttack.Ransomcost around $ 17 000 . Another incident that resulted in ransom paymentAttack.Ransomwas spotted in Kansas Heart Hospital in 2016 also . Unfortunately , after the payment was madeAttack.Ransom, attackers disappeared ignoring the promise to decrypt locked files . They send yet another ransom demandAttack.Ransominstead and asked forAttack.Ransoma bigger amount of money . Previously this year , the Indiana-based hospital got infected with SamSam which is an infamous ransomware virus which has been relying on specific infection tactics which is highly personalized . After considering different scenarios , the hospital decided to payAttack.Ransom4 BTC ( equal to $ 45 000 at that time ) for ransomware developers to get private keys needed for files ' recovery . Ransomware developers gave what they promised .
Family genealogy and DNA testing site MyHeritage announced on Monday a security breachAttack.Databreachduring which an attacker made off with account details for over 92 million MyHeritage users . In a statement on its website , MyHeritage said it became aware of the incident on Monday , the same day of the announcement . The incident came to light after a security researcher found an archive on a third-party server containing the personal details of 92,283,889 MyHeritage users . Only emails and hashed password were exposedAttack.Databreach. The archive contained only emails and hashed passwords , but not payment card details or DNA test result . MyHeritage says it uses third-party payment processors for financial operations , meaning payment data was never stored on its systems , while DNA test results were saved on separate servers from the one that managed user accounts . Based on the creation dates of some accounts , the breach appears to have taken place on October 26 , 2017 . It is unclear if the breach is the result of a hacker attack or because of a malicious employee selling the company 's data . MyHeritage says that user accounts are safe , as the passwords were hashed using a per-user unique cryptographic key . `` MyHeritage does not store user passwords , but rather a one-way hash of each password , in which the hash key differs for each customer , '' the company said . `` Since Oct 26 , 2017 ( the date of the breach ) and the present we have not seen any activity indicating that any MyHeritage accounts had been compromisedAttack.Databreach. '' The company announced the breach in the same day it found out about it because of the EU 's GDPR legislation that forces companies activating in the EU to disclose any security incident within three days of finding out . MyHeritage says it has now reached out to a cyber-security firm to help it investigate the breach severity and what other systems the hacker might have accessed . MyHeritage to roll out 2FA The company also promised to roll out a two-factor authentication ( 2FA ) feature for user accounts , so even if the hacker manages to decrypt the hashed passwords , these would be useless without the second-step verification code . It goes without saying that MyHeritage users should change their passwords as soon as possible . The MyHeritage incident marks the biggest data breachAttack.Databreachof the year , and the biggest leakAttack.Databreachsince last year 's Equifax hackAttack.Databreach.
`` There have not been any breachesAttack.Databreachin any of Apple 's systems including iCloud and Apple ID , '' an Apple representative said in an emailed statement . `` The alleged list of email addresses and passwords appears to have been obtainedAttack.Databreachfrom previously compromisedAttack.Databreachthird-party services . '' A group calling itself the Turkish Crime Family claims to have login credentials for more than 750 million icloud.com , me.com and mac.com email addresses , and the group says more than 250 million of those credentials provide access to iCloud accounts that do n't have two-factor authentication turned on . The hackers want Apple to payAttack.Ransom$ 700,000 -- $ 100,000 per group member -- or `` $ 1 million worth in iTunes vouchers . '' Otherwise , they threaten to start wiping data from iCloud accounts and devices linked to them on April 7 . In a message published on Pastebin Thursday , the group said it also asked forAttack.Ransomother things from Apple , but they do n't want to make public . `` We 're actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved , '' the Apple representative said . `` To protect against these type of attacks , we recommend that users always use strong passwords , not use those same passwords across sites and turn on two-factor authentication . '' However , the unusually high numbers advanced by the group are hard to believe . It 's also hard to keep up with the group 's claims , as at various times over the past few days , it has released conflicting or incomplete information that it has later revised or clarified . The group claims that it started out with a database of more than 500 million credentials that it has put together over the past few years by extractingAttack.Databreachthe icloud.com , me.com and mac.com accounts from stolen databases its members have soldAttack.Databreachon the black market . The hackers also claim that since they 've made their ransomAttack.Ransomrequest public a few days ago , others have joined in their effort and shared even more credentials with them , putting the number at more than 750 million . The group claims to be using 1 million high-quality proxy servers to verify how many of the credentials give them access to unprotected iCloud accounts . Apple provides two-factor authentication for iCloud , and accounts with the option turned on are protected even if their password is compromisedAttack.Databreach. The latest number of accessible iCloud accounts advanced by the Turkish Crime Family is 250 million . That 's an impressive ratio of one in every three tested accounts . The largest ever data breachAttack.Databreachwas from Yahoo with a reported 1 billion accounts . `` At best they ’ ve got some reused credentials , but I wouldn ’ t be surprised if it ’ s almost entirely a hoax . '' Hunt has n't seen the actual data that the Turkish Crime Family claims to have , and there is n't much evidence aside from a YouTube video showing a few dozen email addresses and plain text passwords . However , he has significant experience with validating data breachesAttack.Databreachand has seen many bogus hacker claims over the years . To be on the safe side , users should follow Apple 's advice and create a strong password for their account and turn on two-factor authentication or two-step verification at the very least
Around 50 % of the impacted accounts never posted on the forum which leads to the conclusion that they weren ’ t real users but bots . The stolen data contains email addresses , hashed passwords , and salts but none of the usernames were takenAttack.Databreach. However , good news is that all passwords have been reset . Therefore it ’ s too early to assume what happened or how attackers were able to accessAttack.Databreachthe database . Nevertheless , the administrators believe that it could be because of a phishing attackAttack.Phishing. It must be noted that one of the forum ’ s staff members was also impactedAttack.Databreachby the breachAttack.Databreachwhich is not surprising since hackers are successfully cracking passwords from previous data breachesAttack.Databreachand using them for further attacks . More : 21 Million Decrypted Gmail , 5 Million Yahoo Accounts Being Sold on Dark Web The forum is implementing new security measures including site-wide HTTPS support , 2-step authentication requirement for their staff and passwords randomizing of inactive accounts . This is not the first time when Android Forums was security issues . In 2012 , the forum suffered a massive data breachAttack.Databreachin which user credentials of 1 million users were stolenAttack.Databreach. At the time of publishingAttack.Phishingthis article , the Android Forums was down for scheduled maintenance but you can still go through the security notice through Google Cache
Hong Kong might just have experienced its biggest ever data breachAttack.Databreachafter the personal details of the Special Administrative Region ( SAR ) ’ s 3.7 million voters were stolenAttack.Databreachon two laptops . The details are said to have included ID card numbers , addresses and mobile phone numbers . They were stored on two laptops in a locked room at the AsiaWorld-Expo conference center near the airport . The center is said to be the “ back-up venue ” for the region ’ s chief executive elections , which took place over the weekend . The Registration and Electoral Office has reported the theft to police and told the South China Morning Post that the details of voters were encrypted – although it ’ s unclear how strong that encryption is . It ’ s also unclear why the details of 3.7m voters were stored on the laptops when only an Election Committee of 1194 specially chosen business and political leaders is allowed to pick Hong Kong ’ s CEO . The SAR ’ s privacy watchdog said in a statement that it is launching an investigation into the matter . Over a three-year period from 2013 to 2016 , the privacy commissioner ’ s office is said to have received 253 data breachAttack.Databreachnotifications . Eduard Meelhuysen , EMEA boss at Bitglass , argued that public sector breaches stand out as particularly concerning . `` Whether it ’ s the NHS or the Hong Kong Registration and Electoral Office , these organizations need to remember their duty of care , not to mention legal obligations , to protect citizens ' and employees ' data , ” he said . “ This means not only keeping sensitive data encrypted , but also controlling where it goes using tools like access control and data leakage prevention . Is it really a business necessity to store the information of millions of citizens on a laptop ? '' In a separate incident , a laptop was stolenAttack.Databreachfrom Queen Mary Hospital last year , containing the personal details of nearly 4000 patients
Hong Kong might just have experienced its biggest ever data breachAttack.Databreachafter the personal details of the Special Administrative Region ( SAR ) ’ s 3.7 million voters were stolenAttack.Databreachon two laptops . The details are said to have included ID card numbers , addresses and mobile phone numbers . They were stored on two laptops in a locked room at the AsiaWorld-Expo conference center near the airport . The center is said to be the “ back-up venue ” for the region ’ s chief executive elections , which took place over the weekend . The Registration and Electoral Office has reported the theft to police and told the South China Morning Post that the details of voters were encrypted – although it ’ s unclear how strong that encryption is . It ’ s also unclear why the details of 3.7m voters were stored on the laptops when only an Election Committee of 1194 specially chosen business and political leaders is allowed to pick Hong Kong ’ s CEO . The SAR ’ s privacy watchdog said in a statement that it is launching an investigation into the matter . Over a three-year period from 2013 to 2016 , the privacy commissioner ’ s office is said to have received 253 data breachAttack.Databreachnotifications . Eduard Meelhuysen , EMEA boss at Bitglass , argued that public sector breaches stand out as particularly concerning . `` Whether it ’ s the NHS or the Hong Kong Registration and Electoral Office , these organizations need to remember their duty of care , not to mention legal obligations , to protect citizens ' and employees ' data , ” he said . “ This means not only keeping sensitive data encrypted , but also controlling where it goes using tools like access control and data leakage prevention . Is it really a business necessity to store the information of millions of citizens on a laptop ? '' In a separate incident , a laptop was stolenAttack.Databreachfrom Queen Mary Hospital last year , containing the personal details of nearly 4000 patients
In a statement , Sanrio said they didn ’ t believe any data was stolenAttack.Databreach. Now , over a year later , the database has surfaced online . Its resurrection places 3.3 million Hello Kitty fans in the hot seat . On December 19 , 2015 , Salted Hash broke the news that a MongoDB installation for Sanrio , the company behind Hello Kitty , was exposed to the public . The database was discovered by security researcher Chris Vickery . Learn about top security certifications : Who they 're for , what they cost , and which you need . At the time , Sanrio speculated the exposure was due to maintenance conducted several weeks prior , on November 20 , 2015 . The database contained just over 3.3 million records from sanriotown.com , including 186,261 records assigned to people under the age of 18 . Three days after the story broke , on December 22 , 2015 , Sanrio said they investigated the problem and fixed it . “ In addition , new security measures have been applied on the server ( s ) ; and we are conducting an internal investigation and security review into this incident . To the Company ’ s current knowledge , no data was stolen or exposedAttack.Databreach, ” the statement concluded . Unfortunately , someone did copyAttack.Databreachthe database before the configuration error was fixed . On Sunday , Salted Hash learned that the Sanrio database was added to the LeakedSource index . Examining the LeakedSource records and comparing the field names to the screenshots shared by Vickery in 2015 , the data is a match . For example , both sets of data use the “ _createdFrom ” field , as well as “ dateOfBirth ” , “ gender ” , “ firstName ” , “ lastName ” , etc . In both databases , the records contain the account holder ’ s first and last name , birthday ( encoded , but easily reversed ) , gender , country of origin , email addresses , user name , password ( unsalted SHA-1 hash ) , password hint question , and the corresponding answer . However , there is a field in the LeakedSource records that is new to this story , “ incomeRange ” with values running from 0 to 150 . It isn ’ t clear what these values represent , but not every record has them . As was the case previously , the fear is that the exposed database could cause problems for those registered , especially the children . It ’ s hard enough to deal with ID theft related issues as an adult . Such issues are only compounded for children , as the problems might not materialize for several years . This is true today as well , but there ’ s no telling who followed the advice . Also , there is no way to track who had access to this database , as it ’ s been circulating out of the public eye for a least a year before it was shared with LeakedSource . Salted Hash has reached out to Sanrio for comment . Anyone with concerns about the information exposed can checkout Consumer.gov for advice on recovering from identity theft . In it , they briefly recap the events from 2015 , including their previous alert . The statement goes on to dismiss the latest news , despite sample records matching the previously exposed database . `` Recently , reports have surfaced claiming that the 2015 data breachAttack.Databreachwas not corrected . At this time , there is no evidence to support this claim . The original data breachAttack.Databreachfrom SanrioTown.com users in 2015 did not include credit card information or other payment information . Users ’ passwords are encrypted with the cryptographic hash function SHA-1 . `` SanrioTown and Sanrio Digital notified users about the incident , advising them to change their passwords . It should be noted that this current Sanrio database currently circulating onlineAttack.Databreachdoes n't have any financial data , and there have been no claims otherwise . Salted Hash has asked additional questions surrounding the sample data sharedAttack.Databreachwith Sanrio . After reviewing the sample data sets sharedAttack.Databreachby Salted Hash , Sanrio has confirmed that the data indexed by LeakedSource `` looks real '' and likely originated from the exposed database in 2015 . However , the company stopped short of confirming that LeakedSource 's records and the records exposed two years ago are one in the same . “ Sanrio Digital recently received evidence that a 2015 data breachAttack.Databreachof the SanrioTown web site involved some user data theftAttack.Databreach, ” the company said in a statement . “ At the time , we had no evidence of data theftAttack.Databreach, however we have now learned from reporter Steve Ragan of CSO Online that personal information of SanrioTown.com users was stolenAttack.Databreachduring the 2015 data breachAttack.Databreach. According to Mr. Ragan , a database containing information of 3,345,168 SanrioTown users has been circulatingAttack.Databreachsince the time of the incident . “ He received the sample records from LeakedSource containing information of 30 SanrioTown users . We have verified that these sample records appear to be real . We can not , however , relate the source of such sample records to the 2015 data breachAttack.Databreachand we are unable to verify whether the database of LeakedSource contains information of 3,345,168 SanrioTown users stolenAttack.Databreachduring the 2015 SanrioTown data breachAttack.Databreach”
In a statement , Sanrio said they didn ’ t believe any data was stolenAttack.Databreach. Now , over a year later , the database has surfaced online . Its resurrection places 3.3 million Hello Kitty fans in the hot seat . On December 19 , 2015 , Salted Hash broke the news that a MongoDB installation for Sanrio , the company behind Hello Kitty , was exposed to the public . The database was discovered by security researcher Chris Vickery . Learn about top security certifications : Who they 're for , what they cost , and which you need . At the time , Sanrio speculated the exposure was due to maintenance conducted several weeks prior , on November 20 , 2015 . The database contained just over 3.3 million records from sanriotown.com , including 186,261 records assigned to people under the age of 18 . Three days after the story broke , on December 22 , 2015 , Sanrio said they investigated the problem and fixed it . “ In addition , new security measures have been applied on the server ( s ) ; and we are conducting an internal investigation and security review into this incident . To the Company ’ s current knowledge , no data was stolen or exposedAttack.Databreach, ” the statement concluded . Unfortunately , someone did copyAttack.Databreachthe database before the configuration error was fixed . On Sunday , Salted Hash learned that the Sanrio database was added to the LeakedSource index . Examining the LeakedSource records and comparing the field names to the screenshots shared by Vickery in 2015 , the data is a match . For example , both sets of data use the “ _createdFrom ” field , as well as “ dateOfBirth ” , “ gender ” , “ firstName ” , “ lastName ” , etc . In both databases , the records contain the account holder ’ s first and last name , birthday ( encoded , but easily reversed ) , gender , country of origin , email addresses , user name , password ( unsalted SHA-1 hash ) , password hint question , and the corresponding answer . However , there is a field in the LeakedSource records that is new to this story , “ incomeRange ” with values running from 0 to 150 . It isn ’ t clear what these values represent , but not every record has them . As was the case previously , the fear is that the exposed database could cause problems for those registered , especially the children . It ’ s hard enough to deal with ID theft related issues as an adult . Such issues are only compounded for children , as the problems might not materialize for several years . This is true today as well , but there ’ s no telling who followed the advice . Also , there is no way to track who had access to this database , as it ’ s been circulating out of the public eye for a least a year before it was shared with LeakedSource . Salted Hash has reached out to Sanrio for comment . Anyone with concerns about the information exposed can checkout Consumer.gov for advice on recovering from identity theft . In it , they briefly recap the events from 2015 , including their previous alert . The statement goes on to dismiss the latest news , despite sample records matching the previously exposed database . `` Recently , reports have surfaced claiming that the 2015 data breachAttack.Databreachwas not corrected . At this time , there is no evidence to support this claim . The original data breachAttack.Databreachfrom SanrioTown.com users in 2015 did not include credit card information or other payment information . Users ’ passwords are encrypted with the cryptographic hash function SHA-1 . `` SanrioTown and Sanrio Digital notified users about the incident , advising them to change their passwords . It should be noted that this current Sanrio database currently circulating onlineAttack.Databreachdoes n't have any financial data , and there have been no claims otherwise . Salted Hash has asked additional questions surrounding the sample data sharedAttack.Databreachwith Sanrio . After reviewing the sample data sets sharedAttack.Databreachby Salted Hash , Sanrio has confirmed that the data indexed by LeakedSource `` looks real '' and likely originated from the exposed database in 2015 . However , the company stopped short of confirming that LeakedSource 's records and the records exposed two years ago are one in the same . “ Sanrio Digital recently received evidence that a 2015 data breachAttack.Databreachof the SanrioTown web site involved some user data theftAttack.Databreach, ” the company said in a statement . “ At the time , we had no evidence of data theftAttack.Databreach, however we have now learned from reporter Steve Ragan of CSO Online that personal information of SanrioTown.com users was stolenAttack.Databreachduring the 2015 data breachAttack.Databreach. According to Mr. Ragan , a database containing information of 3,345,168 SanrioTown users has been circulatingAttack.Databreachsince the time of the incident . “ He received the sample records from LeakedSource containing information of 30 SanrioTown users . We have verified that these sample records appear to be real . We can not , however , relate the source of such sample records to the 2015 data breachAttack.Databreachand we are unable to verify whether the database of LeakedSource contains information of 3,345,168 SanrioTown users stolenAttack.Databreachduring the 2015 SanrioTown data breachAttack.Databreach”
In a statement , Sanrio said they didn ’ t believe any data was stolenAttack.Databreach. Now , over a year later , the database has surfaced online . Its resurrection places 3.3 million Hello Kitty fans in the hot seat . On December 19 , 2015 , Salted Hash broke the news that a MongoDB installation for Sanrio , the company behind Hello Kitty , was exposed to the public . The database was discovered by security researcher Chris Vickery . Learn about top security certifications : Who they 're for , what they cost , and which you need . At the time , Sanrio speculated the exposure was due to maintenance conducted several weeks prior , on November 20 , 2015 . The database contained just over 3.3 million records from sanriotown.com , including 186,261 records assigned to people under the age of 18 . Three days after the story broke , on December 22 , 2015 , Sanrio said they investigated the problem and fixed it . “ In addition , new security measures have been applied on the server ( s ) ; and we are conducting an internal investigation and security review into this incident . To the Company ’ s current knowledge , no data was stolen or exposedAttack.Databreach, ” the statement concluded . Unfortunately , someone did copyAttack.Databreachthe database before the configuration error was fixed . On Sunday , Salted Hash learned that the Sanrio database was added to the LeakedSource index . Examining the LeakedSource records and comparing the field names to the screenshots shared by Vickery in 2015 , the data is a match . For example , both sets of data use the “ _createdFrom ” field , as well as “ dateOfBirth ” , “ gender ” , “ firstName ” , “ lastName ” , etc . In both databases , the records contain the account holder ’ s first and last name , birthday ( encoded , but easily reversed ) , gender , country of origin , email addresses , user name , password ( unsalted SHA-1 hash ) , password hint question , and the corresponding answer . However , there is a field in the LeakedSource records that is new to this story , “ incomeRange ” with values running from 0 to 150 . It isn ’ t clear what these values represent , but not every record has them . As was the case previously , the fear is that the exposed database could cause problems for those registered , especially the children . It ’ s hard enough to deal with ID theft related issues as an adult . Such issues are only compounded for children , as the problems might not materialize for several years . This is true today as well , but there ’ s no telling who followed the advice . Also , there is no way to track who had access to this database , as it ’ s been circulating out of the public eye for a least a year before it was shared with LeakedSource . Salted Hash has reached out to Sanrio for comment . Anyone with concerns about the information exposed can checkout Consumer.gov for advice on recovering from identity theft . In it , they briefly recap the events from 2015 , including their previous alert . The statement goes on to dismiss the latest news , despite sample records matching the previously exposed database . `` Recently , reports have surfaced claiming that the 2015 data breachAttack.Databreachwas not corrected . At this time , there is no evidence to support this claim . The original data breachAttack.Databreachfrom SanrioTown.com users in 2015 did not include credit card information or other payment information . Users ’ passwords are encrypted with the cryptographic hash function SHA-1 . `` SanrioTown and Sanrio Digital notified users about the incident , advising them to change their passwords . It should be noted that this current Sanrio database currently circulating onlineAttack.Databreachdoes n't have any financial data , and there have been no claims otherwise . Salted Hash has asked additional questions surrounding the sample data sharedAttack.Databreachwith Sanrio . After reviewing the sample data sets sharedAttack.Databreachby Salted Hash , Sanrio has confirmed that the data indexed by LeakedSource `` looks real '' and likely originated from the exposed database in 2015 . However , the company stopped short of confirming that LeakedSource 's records and the records exposed two years ago are one in the same . “ Sanrio Digital recently received evidence that a 2015 data breachAttack.Databreachof the SanrioTown web site involved some user data theftAttack.Databreach, ” the company said in a statement . “ At the time , we had no evidence of data theftAttack.Databreach, however we have now learned from reporter Steve Ragan of CSO Online that personal information of SanrioTown.com users was stolenAttack.Databreachduring the 2015 data breachAttack.Databreach. According to Mr. Ragan , a database containing information of 3,345,168 SanrioTown users has been circulatingAttack.Databreachsince the time of the incident . “ He received the sample records from LeakedSource containing information of 30 SanrioTown users . We have verified that these sample records appear to be real . We can not , however , relate the source of such sample records to the 2015 data breachAttack.Databreachand we are unable to verify whether the database of LeakedSource contains information of 3,345,168 SanrioTown users stolenAttack.Databreachduring the 2015 SanrioTown data breachAttack.Databreach”
In a statement , Sanrio said they didn ’ t believe any data was stolenAttack.Databreach. Now , over a year later , the database has surfaced online . Its resurrection places 3.3 million Hello Kitty fans in the hot seat . On December 19 , 2015 , Salted Hash broke the news that a MongoDB installation for Sanrio , the company behind Hello Kitty , was exposed to the public . The database was discovered by security researcher Chris Vickery . Learn about top security certifications : Who they 're for , what they cost , and which you need . At the time , Sanrio speculated the exposure was due to maintenance conducted several weeks prior , on November 20 , 2015 . The database contained just over 3.3 million records from sanriotown.com , including 186,261 records assigned to people under the age of 18 . Three days after the story broke , on December 22 , 2015 , Sanrio said they investigated the problem and fixed it . “ In addition , new security measures have been applied on the server ( s ) ; and we are conducting an internal investigation and security review into this incident . To the Company ’ s current knowledge , no data was stolen or exposedAttack.Databreach, ” the statement concluded . Unfortunately , someone did copyAttack.Databreachthe database before the configuration error was fixed . On Sunday , Salted Hash learned that the Sanrio database was added to the LeakedSource index . Examining the LeakedSource records and comparing the field names to the screenshots shared by Vickery in 2015 , the data is a match . For example , both sets of data use the “ _createdFrom ” field , as well as “ dateOfBirth ” , “ gender ” , “ firstName ” , “ lastName ” , etc . In both databases , the records contain the account holder ’ s first and last name , birthday ( encoded , but easily reversed ) , gender , country of origin , email addresses , user name , password ( unsalted SHA-1 hash ) , password hint question , and the corresponding answer . However , there is a field in the LeakedSource records that is new to this story , “ incomeRange ” with values running from 0 to 150 . It isn ’ t clear what these values represent , but not every record has them . As was the case previously , the fear is that the exposed database could cause problems for those registered , especially the children . It ’ s hard enough to deal with ID theft related issues as an adult . Such issues are only compounded for children , as the problems might not materialize for several years . This is true today as well , but there ’ s no telling who followed the advice . Also , there is no way to track who had access to this database , as it ’ s been circulating out of the public eye for a least a year before it was shared with LeakedSource . Salted Hash has reached out to Sanrio for comment . Anyone with concerns about the information exposed can checkout Consumer.gov for advice on recovering from identity theft . In it , they briefly recap the events from 2015 , including their previous alert . The statement goes on to dismiss the latest news , despite sample records matching the previously exposed database . `` Recently , reports have surfaced claiming that the 2015 data breachAttack.Databreachwas not corrected . At this time , there is no evidence to support this claim . The original data breachAttack.Databreachfrom SanrioTown.com users in 2015 did not include credit card information or other payment information . Users ’ passwords are encrypted with the cryptographic hash function SHA-1 . `` SanrioTown and Sanrio Digital notified users about the incident , advising them to change their passwords . It should be noted that this current Sanrio database currently circulating onlineAttack.Databreachdoes n't have any financial data , and there have been no claims otherwise . Salted Hash has asked additional questions surrounding the sample data sharedAttack.Databreachwith Sanrio . After reviewing the sample data sets sharedAttack.Databreachby Salted Hash , Sanrio has confirmed that the data indexed by LeakedSource `` looks real '' and likely originated from the exposed database in 2015 . However , the company stopped short of confirming that LeakedSource 's records and the records exposed two years ago are one in the same . “ Sanrio Digital recently received evidence that a 2015 data breachAttack.Databreachof the SanrioTown web site involved some user data theftAttack.Databreach, ” the company said in a statement . “ At the time , we had no evidence of data theftAttack.Databreach, however we have now learned from reporter Steve Ragan of CSO Online that personal information of SanrioTown.com users was stolenAttack.Databreachduring the 2015 data breachAttack.Databreach. According to Mr. Ragan , a database containing information of 3,345,168 SanrioTown users has been circulatingAttack.Databreachsince the time of the incident . “ He received the sample records from LeakedSource containing information of 30 SanrioTown users . We have verified that these sample records appear to be real . We can not , however , relate the source of such sample records to the 2015 data breachAttack.Databreachand we are unable to verify whether the database of LeakedSource contains information of 3,345,168 SanrioTown users stolenAttack.Databreachduring the 2015 SanrioTown data breachAttack.Databreach”
In a statement , Sanrio said they didn ’ t believe any data was stolenAttack.Databreach. Now , over a year later , the database has surfaced online . Its resurrection places 3.3 million Hello Kitty fans in the hot seat . On December 19 , 2015 , Salted Hash broke the news that a MongoDB installation for Sanrio , the company behind Hello Kitty , was exposed to the public . The database was discovered by security researcher Chris Vickery . Learn about top security certifications : Who they 're for , what they cost , and which you need . At the time , Sanrio speculated the exposure was due to maintenance conducted several weeks prior , on November 20 , 2015 . The database contained just over 3.3 million records from sanriotown.com , including 186,261 records assigned to people under the age of 18 . Three days after the story broke , on December 22 , 2015 , Sanrio said they investigated the problem and fixed it . “ In addition , new security measures have been applied on the server ( s ) ; and we are conducting an internal investigation and security review into this incident . To the Company ’ s current knowledge , no data was stolen or exposedAttack.Databreach, ” the statement concluded . Unfortunately , someone did copyAttack.Databreachthe database before the configuration error was fixed . On Sunday , Salted Hash learned that the Sanrio database was added to the LeakedSource index . Examining the LeakedSource records and comparing the field names to the screenshots shared by Vickery in 2015 , the data is a match . For example , both sets of data use the “ _createdFrom ” field , as well as “ dateOfBirth ” , “ gender ” , “ firstName ” , “ lastName ” , etc . In both databases , the records contain the account holder ’ s first and last name , birthday ( encoded , but easily reversed ) , gender , country of origin , email addresses , user name , password ( unsalted SHA-1 hash ) , password hint question , and the corresponding answer . However , there is a field in the LeakedSource records that is new to this story , “ incomeRange ” with values running from 0 to 150 . It isn ’ t clear what these values represent , but not every record has them . As was the case previously , the fear is that the exposed database could cause problems for those registered , especially the children . It ’ s hard enough to deal with ID theft related issues as an adult . Such issues are only compounded for children , as the problems might not materialize for several years . This is true today as well , but there ’ s no telling who followed the advice . Also , there is no way to track who had access to this database , as it ’ s been circulating out of the public eye for a least a year before it was shared with LeakedSource . Salted Hash has reached out to Sanrio for comment . Anyone with concerns about the information exposed can checkout Consumer.gov for advice on recovering from identity theft . In it , they briefly recap the events from 2015 , including their previous alert . The statement goes on to dismiss the latest news , despite sample records matching the previously exposed database . `` Recently , reports have surfaced claiming that the 2015 data breachAttack.Databreachwas not corrected . At this time , there is no evidence to support this claim . The original data breachAttack.Databreachfrom SanrioTown.com users in 2015 did not include credit card information or other payment information . Users ’ passwords are encrypted with the cryptographic hash function SHA-1 . `` SanrioTown and Sanrio Digital notified users about the incident , advising them to change their passwords . It should be noted that this current Sanrio database currently circulating onlineAttack.Databreachdoes n't have any financial data , and there have been no claims otherwise . Salted Hash has asked additional questions surrounding the sample data sharedAttack.Databreachwith Sanrio . After reviewing the sample data sets sharedAttack.Databreachby Salted Hash , Sanrio has confirmed that the data indexed by LeakedSource `` looks real '' and likely originated from the exposed database in 2015 . However , the company stopped short of confirming that LeakedSource 's records and the records exposed two years ago are one in the same . “ Sanrio Digital recently received evidence that a 2015 data breachAttack.Databreachof the SanrioTown web site involved some user data theftAttack.Databreach, ” the company said in a statement . “ At the time , we had no evidence of data theftAttack.Databreach, however we have now learned from reporter Steve Ragan of CSO Online that personal information of SanrioTown.com users was stolenAttack.Databreachduring the 2015 data breachAttack.Databreach. According to Mr. Ragan , a database containing information of 3,345,168 SanrioTown users has been circulatingAttack.Databreachsince the time of the incident . “ He received the sample records from LeakedSource containing information of 30 SanrioTown users . We have verified that these sample records appear to be real . We can not , however , relate the source of such sample records to the 2015 data breachAttack.Databreachand we are unable to verify whether the database of LeakedSource contains information of 3,345,168 SanrioTown users stolenAttack.Databreachduring the 2015 SanrioTown data breachAttack.Databreach”
Payday lender Wonga appears to be the latest big-name brand to suffer a damaging data breachAttack.Databreach, after admitting over the weekend “ there may have been illegal and unauthorized accessAttack.Databreach” to customers ’ personal details . The firm was tight-lipped on how many customers might have been affected , although reports suggest it is in the region of 270,000 , most of whom are based in the UK . The short-term loans company , which charges customers over 1200 % APR , was also short on details and hedged its bets somewhat as to the cause . The firm claimed in an FAQ on the incident that it is still trying to establish the details and contact those affected . What we do know is that customer names , e-mail addresses , home addresses and phone numbers may have been compromisedAttack.Databreach, along with the last four digits of their card number and/or bank account number and sort code . It added : “ We do not believe your Wonga account password was compromisedAttack.Databreachand believe your account should be secure , however if you are concerned you should change your account password . We also recommend that you look out for any unusual activity across any bank accounts and online portals ” . Wonga also advised customers to be on the lookout for follow-up scams , both online and over the phone . The kind of information that appears to have been compromisedAttack.Databreachwould certainly provide seasoned fraudsters with enough to socially engineer targets into divulging more details such as their full card numbers . This is just the latest in a long line of breaches at big-name companies . Data from over 130,000 customers of network operator Three was illegally obtainedAttack.Databreachby fraudsters back in November . The impact to brand and reputation can be a serious blow to breached organizations . TalkTalk is said to have lost 100,000 customers and £60m as a result of a breach at the ISP . André Stewart , EMEA vice-president at Netskope , argued that coming European privacy laws will force organizations to be more accountable for their data practices . “ As a result , companies will be forced to take active measures to mitigate any threats to personal privacy , whether that data is stored on-premises or in the cloud . Any companies falling short of these standards could face hefty fines , ” he explained . “ Alongside demonstrating that they have coached employees on the GDPR and secure data handling , employers will also need to provide staff with the tools to do their jobs securely without sacrificing ease and convenience ” . Kevin Cunningham , president of SailPoint , added that staff from the board down need to be well-drilled in order to help protect sensitive customer information . “ In today ’ s market , it ’ s a matter of when , not if , a data breachAttack.Databreachwill happen . So the most important factors are prevention , education , and rapid response , ” he argued . “ When a breach does happen , it ’ s important to quickly find out how and why it occurred , assess the damage and required response , and put IT controls in place to address future attacks ”
The Intercontinental Hotels Group ( IHG ) has been forced to reveal yet another major data breachAttack.Databreachof customer card details over the latter part of 2016 . In a lengthy missive on Friday , the group explained that an unspecified number of IHG hotels run as franchises were affected between September 29 and December 29 last year . It added : “ Although there is no evidence of unauthorized accessAttack.Databreachto payment card data after December 29 2016 , confirmation that the malware was eradicated did not occur until the properties were investigated in February and March 2017… `` The malware searched for track data ( which sometimes has cardholder name in addition to card number , expiration date , and internal verification code ) read from the magnetic stripe of a payment card as it was being routed through the affected hotel server . There is no indication that other guest information was affected. ” IHG-branded hotels which had implemented the firm ’ s Secure Payment Solution ( SPS ) – a point-to-point encryption ( P2PE ) payment acceptance product – are said to have been protected from the malware ’ s attempts to find card data . Although the hotel group didn ’ t explicitly mention how many outlets and/or customers may have been affected , a list of hotels impacted by the breach reveals a huge number across the US and Puerto Rico . Ilia Kolochenko , CEO of High-Tech Bridge , argued that the hotel industry remains relatively poorly secured . “ I frequently face well-known hotel brands asking to send a passport and two-sides of a credit card by email , or having their reception laptops connected to free Wi-Fis for guests , ” he explained . “ Such carelessness and negligence will unavoidably lead to huge data breachesAttack.Databreach, the majority of which will not be ever detected due to lack of technical skills and resources . Strict regulation , besides PCI DSS and the approaching GDPR , is certainly required to make hotel business safe. ” Hyatt , Marriott , Starwood and Intercontinental hotels were hit with point-of-sale malware revealed in August last year . Like the current IHG breach , it was the firms ’ card providers that alerted them , revealing a worrying lack of internal threat detection capabilities .
LinkedIn users are being warned to be on their guard following a rise in reports of attacks being distributed via email designed to trickAttack.Phishingjob seekers into sharing their personal details . Scammers have spammed out email messages posing asAttack.Phishingcommunications from LinkedIn , claiming that a company is “ urgently seeking ” workers matching your qualifications in “ your region ” . It would be nice to think that recipients of the bogus message would spot a number of warning signals as soon as they open the communication in their email inbox . But there ’ s always a chance that someone eager to find new employment might – in their haste – not notice that the messages As HelpNetSecurity describes , if anyone was careless enough to followAttack.Phishingthe email ’ s advice and click on the link contained within the message – they would be takenAttack.Phishingto a third-party website where they are instructed to upload their CVs , making it child ’ s play for scammers to harvest the information . Just think of some of the personal information that you include in your CV or resume . Before you know it , a scammer might have your full name , date of birth , work and home email addresses , work and home telephone numbers , and all manner of other personal information that could be abused by scammers . At the simplest level such data breachesAttack.Databreachcould lead to a rise in targeted spam attacks , or scam phone calls . But it could also be a stepping stone to more damaging business email compromiseAttack.Phishing( also often known as “ CEO fraud ” ) which has resulted , in some cases , in companies losing tens of millions of dollars . Anything which gives online criminals inside information about you and your position within a company could give them the head start they need to launch a targeted attack that could lead to a significant data breachAttack.Databreachor a substantial financial loss . In short , being careless with your personal information – such as your CV – might not just put your career in jeopardy , it could also ultimately endanger the company you work for . And that ’ s certainly not going to ever look good on your CV .
Online gaming company Reality Squared Games ( R2Games ) has been compromisedAttack.Databreachfor the second time in two years , according to records obtainedAttack.Databreachby the for-profit notification service LeakBase . The hacker who shared the data with LeakBase says the attackAttack.Databreachhappened earlier this month . Headquartered in Shenzhen , China , R2Games operates a number of free-to-play , micropayment-driven games on iOS and Android , as well as modern browsers . The company currently supports 19 online games , and claims over 52 million players . In December of 2015 , stretching into July of 2016 , more than 22 million R2Games accounts were compromisedAttack.Databreach, exposingAttack.DatabreachIP addresses , easily cracked passwords , email addresses , and usernames . The company denied the breach reports , telling one customer that `` R2Games is safe and secured , and far from being hackedAttack.Databreach. '' The hacker claims all forums were compromisedAttack.Databreach, in addition to the Russian version of r2games.com . The latest record set includes usernames , passwords , email addresses , IP addresses , and other optional record fields , such as instant messenger IDs , birthday , and Facebook related details ( ID , name , access token ) . LeakBase shared the most recent records with Troy Hunt , a security researcher and owner of the non-profit breach notification website `` Have I Been Pwned ? '' ( HIBP ) . Hunt checked the data by testing a small sample of email addresses and usernames against the password reset function on R2Games . Every address checked was confirmed as an existing account . From there , Hunt did some number crunching . There were 5,191,898 unique email addresses in the data shared by LeakBase . However , 3,379,071 of those email addresses were using mail.ar.r2games.com or mail.r2games.com ; and another 789,361 looked generated , as they were all [ number ] @ vk.com addresses . LeakBase speculates that the r2games.com addresses are the result of registrations from third-party services . After stripping the questionable addresses Hunt was left with 1,023,466 unique email addresses to load into HIBP . Of this set , 482,074 have been seen before in other breaches , leaving 541,392 new entries for his index – and new notifications for 1,105 subscribers . When asked about the passwords , Hunt told Salted Hash many of them are MD5 with no salt , but a large number of them have a hash corresponding to the password `` admin '' and a few hundred thousand others are using the plain text word `` sync '' . `` The observation I 'd make here is that clearly , they do n't seem to be learning from previous failures . The prior incident should really have been a wake-up call and to see a subsequent breach not that long after is worrying . Perhaps the prior denials are evidence that they just do n't see the seriousness in security , '' Hunt said , when asked his opinion about the latest R2Games data breachAttack.Databreach. Salted Hash reached out to R2Games , but the company did n't respond to questions . Emails were sent to support , as well as recruiting and sales , on the off chance someone could direct them to the proper resources . For their part , LeakBase said since this data breachAttack.Databreachis n't in the public domain , they will not add the records to their service and it will not be searchable . However , they do plan to email impacted users and inform them of the incident . HIBP has been updated , and those changes are live now . If you 're an R2Games player , it might be wise to change your password and make sure the old password is n't used on any other websites . Also , keep an eye out for gaming related offers and emails , as well as `` notifications '' from domains that are n't related to R2Games itself - as those could be scammers looking to cash-in on the breach . While the hacked data is n't public yet , there 's nothing preventing the person who shared it with LeakBase from selling it or trading it .
A California financing company exposedAttack.Databreachup to 1 million records online that contained names , addresses , fragments of Social Security numbers and data related to vehicle loans , according to a researcher 's report . The data comes from Alliance Direct Lending , which is based in Orange , California , writes Bob Diachenko , who works with the security research team at Kromtech Alliance Corp. of Germany . Alliance Direct Lending specializes in refinancing auto loans at a lower interest rate , and it also has partnerships with dealers across the country . `` It is unclear if anyone other than security researchers accessed it or how long the data was exposedAttack.Databreach, '' Diachenko writes in a blog post . Security researchers , as well as hackers , have had a field day lately exposing configuration mistakes organizations have made when setting up databases . Despite a string of well-publicized findings , the errors are still being made , or at least , not being caught . Aside from breachesAttack.Databreach, other organizations have seen their data erased and held for ransomAttack.Ransom, with notes left inside the databases asking for bitcoinsAttack.Ransom( see Database Hijackings : Who 's Next ? ) . Kromtech notified Alliance , which has since taken the data offline , Diachenko writes . Information Security Media Group 's efforts to reach Alliance officials were not immediately successful . Under California 's mandatory data breachAttack.Databreachnotification law , Alliance would be required to report the breachAttack.Databreach. `` The IT administrator claimed that it had only recently been leakedAttack.Databreachand was not was not up for long , '' Diachenko writes . `` He thanked us for the notification and the data was secured very shortly after the notification call . '' Researchers came across the data while looking into Amazon Web Services Simple Storage Service ( S3 ) `` buckets , '' which is the term for storage instances on the popular cloud hosting service . They were specifically hunting for buckets that had been left online but required no authentication . The bucket contained 1,000 items , of which 210 were public . The leaked data included .csv files listed by dealerships located around the country . The number of consumer details leaked ranges between 550,000 up to 1 million , Diachenko writes . A screenshot posted on Kromtech 's blog shows a sampling of the dealerships affected . Kromtech shared with ISMG a data sample pertaining to a dealership in Michigan . It shows full names , addresses , ZIP codes , what appear to be FICO credit scores , an annual percentage rate and the last four digits of Social Security numbers . `` The danger of this information being leakedAttack.Databreachis that cybercriminals would have enough to engage in identity theft , obtainAttack.Databreachcredit cards or even file a false tax return , '' Diachenko writes . While full Social Security numbers weren't exposedAttack.Databreach, there 's still a risk in leakingAttack.Databreachthe last four digits . When trying to verify customers ' identities , companies will sometimes ask for a fragment of data . So for fraudsters compiling dossiers , every bit , however incomplete , helps . Also exposedAttack.Databreachwere 20 phone call recordings with customers who were negotiating auto loan deals . `` These consent calls were the customers agreeing that they understood they were getting an auto loan , confirming that the information was correct and true , '' Diachenko writes . `` They included the customer 's name , date of birth , social security numbers , and phone numbers . '' The bucket was last modified on Dec. 29 , 2016 , Kromtech writes . Amazon has strong security built around S3 storage , so it would appear that whomever created the bucket might have disabled its controls . According to Amazon 's guidance , `` only the bucket and object owners originally have access to Amazon S3 resources they created . '' Amazon also has identity and access management controls that can be used to carefully restrict who can access and change data . Buckets can also be made off-limits based on HTTP referrers and IP addresses . Managing Editor , Security and Technology , ISMG Kirk is a veteran journalist who has reported from more than a dozen countries . Based in Sydney , he is Managing Editor for Security and Technology for Information Security Media Group . Prior to ISMG , he worked from London and Sydney covering computer security and privacy for International Data Group . Further back , he covered military affairs from Seoul , South Korea , and general assignment news for his hometown paper in Illinois .
Businesses that failed to update Windows-based computer systems that were hit by a massive cyber attack over the weekend could be sued over their lax cyber security , but Microsoft itself enjoys strong protection from lawsuits , legal experts said . The WannaCry worm has affected more than 200,000 Windows computers around the world since Friday , disruptingAttack.Ransomcar factories , global shipper FedEx Corp and Britain 's National Health Service , among others . The hacking tool spreads silently between computers , shutting them down by encrypting data and then demanding a ransomAttack.Ransomof US $ 300 to unlock them . According to Microsoft , computers affected by the ransomware did not have security patches for various Windows versions installed or were running Windows XP , which the company no longer supports . `` Using outdated versions of Windows that are no longer supported raises a lot of questions , '' said Christopher Dore , a lawyer specializing in digital privacy law at Edelson PC . `` It would arguably be knowingly negligent to let those systems stay in place. ” Businesses could face legal claims if they failed to deliver services because of the attack , said Edward McAndrew , a data privacy lawyer at Ballard Spahr . `` There is this stream of liability that flows from the ransomware attackAttack.Ransom, '' he said `` That 's liability to individuals , consumers and patients , '' WannaCry exploitsVulnerability-related.DiscoverVulnerabilitya vulnerability in older versions of Windows , including Windows 7 and Windows XP . Microsoft issuedVulnerability-related.PatchVulnerabilitya security update in March that stops WannaCry and other malware in Windows 7 . Over the weekend the company took the unusual step of releasingVulnerability-related.PatchVulnerabilitya similar patch for Windows XP , which the company announced in 2014 it would no longer support . Dore said companies that faced disruptions because they did not run the Microsoft update or because they were using older versions of Windows could face lawsuits if they publicly touted their cyber security . His law firm sued LinkedIn after a 2012 data breachAttack.Databreach, alleging individuals paid for premium accounts because the company falsely stated it had top-quality cyber security measures . LinkedIn settled for US $ 1.25 million in 2014 . But Scott Vernick , a data security lawyer at Fox Rothschild that represents companies , said he was sceptical that WannaCry would produce a flood of consumer lawsuits . He noted there was no indication the cyber attack had resulted in widespread disclosure of personal data . `` It isn ’ t clear that there has been a harm to consumers , '' he said . Vernick said businesses that failed to update their software could face scrutiny from the US Federal Trade Commission , which has previously sued companies for misrepresenting their data privacy measures . Microsoft itself is unlikely to face legal trouble over the flaw in Windows being exploitedVulnerability-related.DiscoverVulnerabilityby WannaCry , according to legal experts . When Microsoft sells software it does so through a licensing agreement that states the company is not liable for any security breaches , said Michael Scott , a professor at Southwestern Law School . Courts have consistently upheld those agreements , he said . Alex Abdo , a staff attorney at the Knight First Amendment Institute at Columbia University , said Microsoft and other software companies have strategically settled lawsuits that could lead to court rulings weakening their licensing agreements . `` This area of law has been stunted in its growth , '' he said . `` It is very difficult to hold software manufacturers accountable for flaws in their products . '' Also enjoying strong protection from liability over the cyber attack is the US National Security Agency , whose stolen hacking tool is believed to be the basis for WannaCry . The NSA did not immediately return a request for comment . Jonathan Zittrain , a professor specializing in internet law at Harvard Law School , said courts have frequently dismissed lawsuits against the agency on the grounds they might result in the disclosure of top secret information . On top of that , the NSA would likely be able to claim that it is shielded from liability under the doctrine of sovereign immunity , which says that the government can not be sued over carrying out its official duties . `` I doubt there can be any liability that stems back to the NSA , '' Dore said .
DocuSign , a major provider of electronic signature technology , acknowledged today that a series of recent malware phishing attacksAttack.Phishingtargeting its customers and users was the result of a data breachAttack.Databreachat one of its computer systems . The company stresses that the data stolenAttack.Databreachwas limited to customer and user email addresses , but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign . San Francisco-based DocuSign warned on May 9 that it was trackingAttack.Phishinga malicious email campaign where the subject line reads , “ Completed : docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature. ” The missives contained a link to a downloadable Microsoft Word document that harbored malware . The company said at the time that the messages were not associated with DocuSign , and that they were sent fromAttack.Phishinga malicious third-party using DocuSign branding in the headers and body of the email . But in an update late Monday , DocuSign confirmed that this malicious third party was able to sendAttack.Phishingthe messages to customers and users because it had broken in and stolenAttack.DatabreachDocuSign ’ s list of customers and users . “ As part of our ongoing investigation , today we confirmed that a malicious third party had gained temporary accessAttack.Databreachto a separate , non-core system that allows us to communicate service-related announcements to users via email , ” DocuSign wrote in an alert posted to its site . “ A complete forensic analysis has confirmed that only email addresses were accessedAttack.Databreach; no names , physical addresses , passwords , social security numbers , credit card data or other information was accessedAttack.Databreach. No content or any customer documents sent through DocuSign ’ s eSignature system was accessedAttack.Databreach; and DocuSign ’ s core eSignature service , envelopes and customer documents and data remain secure. ” The company is asking people to forward any suspicious emails related to DocuSign to spam @ docusign.com , and then to delete the missives . “ They may appear suspicious because you don ’ t recognize the sender , weren ’ t expecting a document to sign , contain misspellings ( like “ docusgn.com ” without an ‘ i ’ or @ docus.com ) , contain an attachment , or direct you to a link that starts with anything other than https : //www.docusign.com or https : //www.docusign.net , ” reads the advisory . If you have reason to expect a DocuSign document via email , don ’ t respond to an email that looks likeAttack.Phishingit ’ s from DocuSign by clicking a link in the message . When in doubt , access your documents directly by visiting docusign.com , and entering the unique security code included at the bottom of every legitimate DocuSign email . DocuSign says it will never ask recipients to open a PDF , Office document or ZIP file in an email . DocuSign was already a perennial target for phishers and malware writers , but this incident is likely to intensify attacks against its users and customers . DocuSign says it has more than 100 million users , and it seems all but certain that the criminals who stoleAttack.Databreachthe company ’ s customer email list are going to be putting it to nefarious use for some time to come .
OneLogin has revealed more about the attackAttack.Databreachon its systems , confirming that a `` threat actor '' had accessedAttack.Databreachdatabase tables including `` information about users , apps , and various types of keys . '' It warned once again that the malefactor , who was able to rifle through OneLogin 's infrastructure for seven hours , may have been able to decrypt customer data . The company said : Our review has shown that a threat actor obtained accessAttack.Databreachto a set of AWS keys and used them to access the AWS API from an intermediate host with another , smaller service provider in the US . Evidence shows the attack started on May 31 , 2017 around 2 am PST . Through the AWS API , the actor created several instances in our infrastructure to do reconnaissance . OneLogin staff was alerted of unusual database activity around 9 am PST and within minutes shut down the affected instance as well as the AWS keys that were used to create it . One customer affected by the OneLogin attack told Ars that he was having to `` rebuild the whole authentication security system ... OUCH ! '' OneLogin told fretful customers in an internal notification that they would need to work through a number of steps to secure their accounts , including generation of new API credentials and OAuth tokens . Any users served by the firm 's US data centre have been hit by the breach , OneLogin said . `` While we encrypt certain sensitive data at rest , at this time we can not rule out the possibility that the threat actor also obtainedAttack.Databreachthe ability to decrypt data , '' OneLogin said . `` We are thus erring on the side of caution and recommending actions our customers should take , which we have already communicated to our customers . '' OneLogin has admitted that the single sign-on ( SSO ) and identity management firm has suffered a data breachAttack.Databreach. However its public statement is vague about the nature of the attack . An e-mail to customers provides a bit of detail—warning them that their data may have been exposed . And a support page that is only accessible to OneLogin account holders is even more worrying for customers . It apparently says that `` customer data was compromisedAttack.Databreach, including the ability to decrypt encrypted data . '' OneLogin—which claims to offer a service that `` secures connections across all users , all devices , and every application '' —said on Thursday that it had `` detected unauthorised access '' in the company 's US data region . It added in the post penned by OneLogin CISO Alvaro Hoyos : We have since blocked this unauthorised access , reported the matter to law enforcement , and are working with an independent security firm to determine how the unauthorised access happened and verify the extent of the impact of this incident . We want our customers to know that the trust they have placed in us is paramount . While our investigation is still ongoing , we have already reached out to impacted customers with specific recommended remediation steps and are actively working to determine how best to prevent such an incident from occurring in the future and will update our customers as these improvements are implemented . It has given customers a long list of actions to protect their accounts following the attack . It 's unclear why it is that OneLogin has provided three different sets of information to its customers . It 's possible the company was hoping to only disclose more detail to those directly affected by the attack to avoid revealing potential weaknesses that may have exposed the data in the first place . But that attempt to keep the information under wraps has clearly backfired as customers scramble to secure their accounts . This is the second data breachAttack.Databreachthat OneLogin has suffered within the past year . Last August it warned customers of a cleartext login bug on its Secure Notes service , after `` an unauthorised user gained access to one of our standalone systems , which we use for log storage and analytics . '' Hoyos apologised for that particular breach . `` We are making every effort to prevent any similar occurrence in the future , '' he said at the time .
OneLogin has revealed more about the attackAttack.Databreachon its systems , confirming that a `` threat actor '' had accessedAttack.Databreachdatabase tables including `` information about users , apps , and various types of keys . '' It warned once again that the malefactor , who was able to rifle through OneLogin 's infrastructure for seven hours , may have been able to decrypt customer data . The company said : Our review has shown that a threat actor obtained accessAttack.Databreachto a set of AWS keys and used them to access the AWS API from an intermediate host with another , smaller service provider in the US . Evidence shows the attack started on May 31 , 2017 around 2 am PST . Through the AWS API , the actor created several instances in our infrastructure to do reconnaissance . OneLogin staff was alerted of unusual database activity around 9 am PST and within minutes shut down the affected instance as well as the AWS keys that were used to create it . One customer affected by the OneLogin attack told Ars that he was having to `` rebuild the whole authentication security system ... OUCH ! '' OneLogin told fretful customers in an internal notification that they would need to work through a number of steps to secure their accounts , including generation of new API credentials and OAuth tokens . Any users served by the firm 's US data centre have been hit by the breach , OneLogin said . `` While we encrypt certain sensitive data at rest , at this time we can not rule out the possibility that the threat actor also obtainedAttack.Databreachthe ability to decrypt data , '' OneLogin said . `` We are thus erring on the side of caution and recommending actions our customers should take , which we have already communicated to our customers . '' OneLogin has admitted that the single sign-on ( SSO ) and identity management firm has suffered a data breachAttack.Databreach. However its public statement is vague about the nature of the attack . An e-mail to customers provides a bit of detail—warning them that their data may have been exposed . And a support page that is only accessible to OneLogin account holders is even more worrying for customers . It apparently says that `` customer data was compromisedAttack.Databreach, including the ability to decrypt encrypted data . '' OneLogin—which claims to offer a service that `` secures connections across all users , all devices , and every application '' —said on Thursday that it had `` detected unauthorised access '' in the company 's US data region . It added in the post penned by OneLogin CISO Alvaro Hoyos : We have since blocked this unauthorised access , reported the matter to law enforcement , and are working with an independent security firm to determine how the unauthorised access happened and verify the extent of the impact of this incident . We want our customers to know that the trust they have placed in us is paramount . While our investigation is still ongoing , we have already reached out to impacted customers with specific recommended remediation steps and are actively working to determine how best to prevent such an incident from occurring in the future and will update our customers as these improvements are implemented . It has given customers a long list of actions to protect their accounts following the attack . It 's unclear why it is that OneLogin has provided three different sets of information to its customers . It 's possible the company was hoping to only disclose more detail to those directly affected by the attack to avoid revealing potential weaknesses that may have exposed the data in the first place . But that attempt to keep the information under wraps has clearly backfired as customers scramble to secure their accounts . This is the second data breachAttack.Databreachthat OneLogin has suffered within the past year . Last August it warned customers of a cleartext login bug on its Secure Notes service , after `` an unauthorised user gained access to one of our standalone systems , which we use for log storage and analytics . '' Hoyos apologised for that particular breach . `` We are making every effort to prevent any similar occurrence in the future , '' he said at the time .
Kmart has suffered another credit card breachAttack.Databreach, its second in three years . This time though , its chip-and-PIN card readers significantly contained the fallout . Kmart is not saying how many of its 750 stores in the US were affected by the point-of-sale ( PoS ) malware , but it stressed that no personal data , including names , addresses , Social Security Numbers or email addresses , was stolenAttack.Databreach. It also talked up its EMV reader implementation . Kmart has EMV-enabled terminals in its stores , forcing customers with chip cards to insert their cards instead of swiping their stripes , which minimized the impact of the infection . Still , as independent researcher Brian Krebs reported , those consumers without chip cards could feel significant effects : “ The malware copiesAttack.Databreachaccount data stored on the card ’ s magnetic stripe , ” he explained . “ Armed with that information , thieves can effectively clone the cards and use them to buy high-priced merchandise from electronics stores and big box retailers. ” Several financial institutions flagged the breach to Krebs , indicating that fraud is indeed occurring as a result of the attack , though again , no details are available as to how widespread the impact is . The incident has no relation to previous breaches , the bargain retailer said in an FAQ , noting that it ’ s confident that it was successful in eradicating any residual traces of malware or persistence left behind by earlier attacks . Instead , its payment systems were infected with malware that Kmart says was “ undetectable ” by its antivirus protections . “ Does this mean that we may be dealing with an entirely new family of malware or methods of infecting POS terminals , or that the solution they were using was unable to detect the threat ? ” said Richard Henderson , Global Security Strategist , Absolute , via email . “ If the former , then it will be absolutely critical for Kmart to get information about this attack to other retailers , antivirus companies and network security appliance vendors so that everyone can both look for indicators of compromise inside their own networks and bolster defenses against this new threat. ” If a hole was simply found in KMart 's defenses , it brings up the need for a defense-in-depth approach , he added . The incident was a passing test for the PCI DSS standard of payment security as well , some said . `` This is another example what cybersecurity experts are saying day by day : no IT systems can stay safe if they hold something valuable , ” said Csaba Krasznay , product evangelist at Balabit , in a note . “ More than 10 years ago , T.J.Maxx suffered a very similar data breachAttack.Databreachwhen approximately 100 million cards data was stolenAttack.Databreach. That incident helped the drive for credit-card companies to introduce PCI DSS as a mandatory security standard for everyone who manages card data . If Kmart was really able to avoid large scale data leakage , then we can be sure that PCI DSS is mature and useful enough in these circumstances , at this point . ''
Hackers are reportedly sellingAttack.Databreachstolen data from the Qatar National Bank ( QNB ) and UAE InvestBank on the dark web . Both the banks suffered major data breachesAttack.Databreachin 2016 and the data of thousands of customers was later leakedAttack.Databreachonline by hackers . Now , even as tensions escalate between the two Middle Eastern nations , cybercriminals appear to be cashing in on the underground cybercrime community . Hackers hitAttack.Databreachthe QNB in April 2016 and the UAE InvestBank in May 2016 . The Sharjah-based InvestBank 's stolen data was leakedAttack.Databreachonline by a hacker going by the pseudonym `` Buba '' , who demandedAttack.Ransoma $ 3m ransomAttack.Ransomfrom the bank . The stolen data , including customers ' financial details as well as personal details such as full names , addresses , passport numbers , phone numbers , account numbers , credit card numbers along with their CVV codes and more was leakedAttack.Databreachonline by the hacker after the bank refused to pay up the ransomAttack.Ransom. In the case of the QNB , a hacker group going by the pseudonym `` Bozkurt Hackers '' claimed responsibility for the data breachAttack.Databreach. Hackers leakedAttack.Databreach1.4GB data , which included customers ' financial records , credit card numbers and PIN codes as well as banking details pertaining to the Al-Thani Qatar Royal Family and Al Jazeera journalists . The stolen data from the QNB hackAttack.Databreachas well as the InvestBank data breachAttack.Databreachis now up for sale on an unspecified yet popular dark web marketplace , HackRead reported . This has not been independently verified by IBTimes UK . InvestBank 's data is allegedly being sold for a mere 0.0071 bitcoins ( $ 18.86 , £14.91 ) . The data on sale includes bank accounts , card details , customer IDs , branch codes as well as account holders ' full names . The stolen and leaked data from the QNB , which the bank later acknowledged may have been accurate , is also on sale for 0.0071 bitcoins . The data listed for sale includes the previously leaked QNB records such as bank accounts as well as card and personal details of customers . Dark web data sales from major breachesAttack.Databreachare not uncommon . In 2016 , a series of major breachesAttack.Databreachaffecting several leading tech firms including LinkedIn and Dropbox , eventually saw hackers sellingAttack.Databreachhacked and stolen databases on the dark web .
Hackers are reportedly sellingAttack.Databreachstolen data from the Qatar National Bank ( QNB ) and UAE InvestBank on the dark web . Both the banks suffered major data breachesAttack.Databreachin 2016 and the data of thousands of customers was later leakedAttack.Databreachonline by hackers . Now , even as tensions escalate between the two Middle Eastern nations , cybercriminals appear to be cashing in on the underground cybercrime community . Hackers hitAttack.Databreachthe QNB in April 2016 and the UAE InvestBank in May 2016 . The Sharjah-based InvestBank 's stolen data was leakedAttack.Databreachonline by a hacker going by the pseudonym `` Buba '' , who demandedAttack.Ransoma $ 3m ransomAttack.Ransomfrom the bank . The stolen data , including customers ' financial details as well as personal details such as full names , addresses , passport numbers , phone numbers , account numbers , credit card numbers along with their CVV codes and more was leakedAttack.Databreachonline by the hacker after the bank refused to pay up the ransomAttack.Ransom. In the case of the QNB , a hacker group going by the pseudonym `` Bozkurt Hackers '' claimed responsibility for the data breachAttack.Databreach. Hackers leakedAttack.Databreach1.4GB data , which included customers ' financial records , credit card numbers and PIN codes as well as banking details pertaining to the Al-Thani Qatar Royal Family and Al Jazeera journalists . The stolen data from the QNB hackAttack.Databreachas well as the InvestBank data breachAttack.Databreachis now up for sale on an unspecified yet popular dark web marketplace , HackRead reported . This has not been independently verified by IBTimes UK . InvestBank 's data is allegedly being sold for a mere 0.0071 bitcoins ( $ 18.86 , £14.91 ) . The data on sale includes bank accounts , card details , customer IDs , branch codes as well as account holders ' full names . The stolen and leaked data from the QNB , which the bank later acknowledged may have been accurate , is also on sale for 0.0071 bitcoins . The data listed for sale includes the previously leaked QNB records such as bank accounts as well as card and personal details of customers . Dark web data sales from major breachesAttack.Databreachare not uncommon . In 2016 , a series of major breachesAttack.Databreachaffecting several leading tech firms including LinkedIn and Dropbox , eventually saw hackers sellingAttack.Databreachhacked and stolen databases on the dark web .
For those unfamiliar with the tool , Rsync ( remote sync ) is commonly used by hosting providers , ISPs , and IT departments to backup data between servers . The ISP in question , KWIC Internet in Simcoe , Ontario , fixedVulnerability-related.PatchVulnerabilitythe Rsync problems after being notifiedVulnerability-related.DiscoverVulnerabilityby Salted Hash , but it isn ’ t clear how long the company ’ s customers were exposed . Via email , Vickery shared his latest findingsVulnerability-related.DiscoverVulnerabilitywith Salted Hash last week . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . Initially , Vickery discovered databases belonging to Annex Business Media , a publishing firm with offices in Simcoe and Aurora , Ontario . One of the exposed Annex databases stood out to him , as it contained the data from the 2015 Ashley Madison data breachAttack.Databreach. The other databases contained customer information ( names , email addresses , etc . ) Salted Hash reached out to Annex Business Media and asked about the Ashley Madison records , as well as to inform them about the more recent security problems , but the company didn ’ t respond to questions . Additional digging led Vickery to discover that Annex was just one part of a larger data breachAttack.Databreach, one that affected all of KWIC Internet 's customers . “ I quickly realized that this one is going to be a real mess for someone to clean up and quite a headache to determine all the affected parties , ” Vickery told Salted Hash . In all , there were terabytes of KWIC data exposed by the breachAttack.Databreach. The information inside the leaked databases included credit card details , email addresses , passwords , names , home and business addresses , phone numbers , email backups , VPN details and credentials , internal KWIC backups , and more . The KWIC archives also included a common PHP shell named r57 , and a PHP-based DDoS tool , suggesting that the company had been hackedAttack.Databreachat some point prior to leaking their backups to the public . “ There are dozens of SQL database backup files and thousands of email backup directories containing everything from internal KWIC staff login credentials to police warrants for ISP subscriber information , ” Vickery said . Other customers exposed by the KWIC data breachAttack.Databreachinclude at least one law firm , Norfolk County ( norfolkcounty.ca ) , United Way ( unitedwayhn.on.ca ) , and Greenfield Dental Health Group ( greenfielddentistry.ca ) . In March of 2016 , Malwarebytes researcher Jérôme Segura discovered a KWIC customer , Norfolk General Hospital , had a compromised Joomla install that was being used to distribute Ransomware . When Segura reached out to contact the hospital about the incident , they didn ’ t respond right away because the notification was viewed as a sales pitch . KWIC thought a second Malwarebytes notification was a Phishing attackAttack.Phishing. There are a number of unknowns connected to this incident , including the root cause , the number of people and businesses affected , and again - the length of time the data remained exposed to the public . Other questions focus on the PHP shell scripts and DDoS tools , why were they there ? KWIC was contacted immediately after Salted Hash was informed about the data breachAttack.Databreach. It took multiple attempts , as the company does n't have phone support after 8:00 p.m. on weekdays , 3:00 p.m. on Saturdays ( they 're closed Sunday ) , but KWIC eventually responded via email . Twenty-four hours after being notified , the company stated the Rsync issues were fixed , However , they have n't answered any of the other follow-up questions asked by Salted Hash . On Tuesday , via email , the company said an audit was underway and affected customers would be notified once it is complete
For those unfamiliar with the tool , Rsync ( remote sync ) is commonly used by hosting providers , ISPs , and IT departments to backup data between servers . The ISP in question , KWIC Internet in Simcoe , Ontario , fixedVulnerability-related.PatchVulnerabilitythe Rsync problems after being notifiedVulnerability-related.DiscoverVulnerabilityby Salted Hash , but it isn ’ t clear how long the company ’ s customers were exposed . Via email , Vickery shared his latest findingsVulnerability-related.DiscoverVulnerabilitywith Salted Hash last week . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . Initially , Vickery discovered databases belonging to Annex Business Media , a publishing firm with offices in Simcoe and Aurora , Ontario . One of the exposed Annex databases stood out to him , as it contained the data from the 2015 Ashley Madison data breachAttack.Databreach. The other databases contained customer information ( names , email addresses , etc . ) Salted Hash reached out to Annex Business Media and asked about the Ashley Madison records , as well as to inform them about the more recent security problems , but the company didn ’ t respond to questions . Additional digging led Vickery to discover that Annex was just one part of a larger data breachAttack.Databreach, one that affected all of KWIC Internet 's customers . “ I quickly realized that this one is going to be a real mess for someone to clean up and quite a headache to determine all the affected parties , ” Vickery told Salted Hash . In all , there were terabytes of KWIC data exposed by the breachAttack.Databreach. The information inside the leaked databases included credit card details , email addresses , passwords , names , home and business addresses , phone numbers , email backups , VPN details and credentials , internal KWIC backups , and more . The KWIC archives also included a common PHP shell named r57 , and a PHP-based DDoS tool , suggesting that the company had been hackedAttack.Databreachat some point prior to leaking their backups to the public . “ There are dozens of SQL database backup files and thousands of email backup directories containing everything from internal KWIC staff login credentials to police warrants for ISP subscriber information , ” Vickery said . Other customers exposed by the KWIC data breachAttack.Databreachinclude at least one law firm , Norfolk County ( norfolkcounty.ca ) , United Way ( unitedwayhn.on.ca ) , and Greenfield Dental Health Group ( greenfielddentistry.ca ) . In March of 2016 , Malwarebytes researcher Jérôme Segura discovered a KWIC customer , Norfolk General Hospital , had a compromised Joomla install that was being used to distribute Ransomware . When Segura reached out to contact the hospital about the incident , they didn ’ t respond right away because the notification was viewed as a sales pitch . KWIC thought a second Malwarebytes notification was a Phishing attackAttack.Phishing. There are a number of unknowns connected to this incident , including the root cause , the number of people and businesses affected , and again - the length of time the data remained exposed to the public . Other questions focus on the PHP shell scripts and DDoS tools , why were they there ? KWIC was contacted immediately after Salted Hash was informed about the data breachAttack.Databreach. It took multiple attempts , as the company does n't have phone support after 8:00 p.m. on weekdays , 3:00 p.m. on Saturdays ( they 're closed Sunday ) , but KWIC eventually responded via email . Twenty-four hours after being notified , the company stated the Rsync issues were fixed , However , they have n't answered any of the other follow-up questions asked by Salted Hash . On Tuesday , via email , the company said an audit was underway and affected customers would be notified once it is complete
The Equifax data breachAttack.Databreachin which millions of Americans had their personal details stolenAttack.Databreachmay have been carried out by a foreign government in a bid to recruit U.S. spies , experts believe . Hackers tookAttack.Databreachaddresses , dates of birth , Social Security details and credit card numbers from 148million people when they targeted the credit ratings giant Equifax in 2017 . But the stolen data has not appeared on any 'dark web ' sites which sell personal information for sinister use , analysts have said . The data 's apparent disappearance has led some experts to conclude that it is in the hands of a foreign government , CNBC reported . One analyst told the channel : 'We are all working to be able to consistently determine whether this data is out there and whether it has ever been out there . And at this time there has been absolutely no indication , whatsoever , that the data has been disclosed , that it has been used or that it has been offered for sale . Another ex-intelligence worker said personal data could be used by foreign governments to identify powerful people who were having financial problems . Those people would be prime targets for a bribe or might be attracted by a job offer , he said . It has also been suggested that the criminals who stoleAttack.Databreachthe data feared detection if they sold it online and have kept it to themselves to avoid capture . Equifax , one of America 's three leading consumer reporting agencies , announced the huge data hackAttack.Databreachin September 2017 and its CEO Richard Smith resigned later that month . They initially said 143million people had been affected but the number eventually grew to 148million , equivalent to nearly half the U.S. population . The hackers targeted the company for 76 days until the attack was spotted , according to a congressional report . Hackers gained accessAttack.Databreachto 48 databases between May 13 and July 29 when Equifax noticed the intrusion , the report said . Last year the firm admitted that passport images and information had also been stolenAttack.Databreach. The U.S. House committee which investigated the breach said the firm had 'failed to fully appreciate and mitigate its cybersecurity risks ' . 'Had the company taken action to addressVulnerability-related.PatchVulnerabilityits observable security issues prior to this cyberattack , the data breachAttack.Databreachcould have been prevented , ' the committee 's report said .
The Equifax data breachAttack.Databreachin which millions of Americans had their personal details stolenAttack.Databreachmay have been carried out by a foreign government in a bid to recruit U.S. spies , experts believe . Hackers tookAttack.Databreachaddresses , dates of birth , Social Security details and credit card numbers from 148million people when they targeted the credit ratings giant Equifax in 2017 . But the stolen data has not appeared on any 'dark web ' sites which sell personal information for sinister use , analysts have said . The data 's apparent disappearance has led some experts to conclude that it is in the hands of a foreign government , CNBC reported . One analyst told the channel : 'We are all working to be able to consistently determine whether this data is out there and whether it has ever been out there . And at this time there has been absolutely no indication , whatsoever , that the data has been disclosed , that it has been used or that it has been offered for sale . Another ex-intelligence worker said personal data could be used by foreign governments to identify powerful people who were having financial problems . Those people would be prime targets for a bribe or might be attracted by a job offer , he said . It has also been suggested that the criminals who stoleAttack.Databreachthe data feared detection if they sold it online and have kept it to themselves to avoid capture . Equifax , one of America 's three leading consumer reporting agencies , announced the huge data hackAttack.Databreachin September 2017 and its CEO Richard Smith resigned later that month . They initially said 143million people had been affected but the number eventually grew to 148million , equivalent to nearly half the U.S. population . The hackers targeted the company for 76 days until the attack was spotted , according to a congressional report . Hackers gained accessAttack.Databreachto 48 databases between May 13 and July 29 when Equifax noticed the intrusion , the report said . Last year the firm admitted that passport images and information had also been stolenAttack.Databreach. The U.S. House committee which investigated the breach said the firm had 'failed to fully appreciate and mitigate its cybersecurity risks ' . 'Had the company taken action to addressVulnerability-related.PatchVulnerabilityits observable security issues prior to this cyberattack , the data breachAttack.Databreachcould have been prevented , ' the committee 's report said .
Unfortunately , Yahoo did n't , according to a new internal investigation . The internet pioneer , which reported a massive data breachAttack.Databreachinvolving 500 million user accounts in September , actually knew an intrusionAttack.Databreachhad occurred back in 2014 , but allegedly botched its response . The findings were made in a Yahoo securities exchange filing on Wednesday that offered more details about the 2014 breach , which the company has blamed on a state-sponsored hacker . That breachAttack.Databreach, which only became public last year , involved the theftAttack.Databreachof user account details such as email addresses , telephone numbers , and hashed passwords . After Yahoo went public with it , the company established an independent committee to investigate the matter . The committee found that Yahoo ’ s security team and senior executives actually knew that a state-sponsored actor had hacked certain user accounts back in 2014 , according to the filing . But even as the company took some remedial actions , such as notifying 26 users targeted in the hack and adding new security features , some senior executives allegedly failed to comprehend or investigate the incident further . For instance , in December 2014 , Yahoo 's security team knew the state-sponsored actor had stolenAttack.Databreachcopies of backup files that contained users ' personal data . But it 's unclear whether this information was ever `` effectively communicated and understood '' outside the security team , Wednesday 's filing said . No intentional suppression of information was found , although Yahoo 's legal team had enough reason to investigate the breaches further , the committee concluded . `` As a result , the 2014 security Incident was not properly investigated and analyzed at the time , '' the filing said . It was only about two years later when Yahoo publicly disclosed the breach . That came after a stolen database from the company allegedly went upAttack.Databreachfor sale on the black market . However , after Yahoo disclosed the breachAttack.Databreach, a few months later , the company learned of an even bigger hackAttack.Databreachthat involved 1 billion Yahoo user accounts and further rocked the company 's reputation . That breachAttack.Databreachoriginally occurred in August 2013 but wasn ’ t noticed until law enforcement provided Yahoo with a copy of the stolen data last November . According to Wednesday 's filing , Yahoo still hasn ’ t learned how this data was stolenAttack.Databreach, although it appears to be separate from the 2014 breach . In addition , the company has been investigating an another incident involving a hacker forging cookies as a way to break into user accounts . Wednesday 's filing said that about 32 million user accounts were affected .