to an unknown party who gained accessAttack.Databreachto an organization email account last month , according to a letter sent to members . The organization sent the letter Tuesday to about 2,800 members who may have been affected by the data breachAttack.Databreach. Christina Salcido , vice president of mission operations , said members ’ names , birth dates , home addresses , insurance policy numbers and health history information could have been accessedAttack.Databreachfrom Sept 30 to Oct 1 . “ Out of an abundance of caution , we are notifying everyone whose email was in this email account , ” Salcido wrote in the letter . On the day the organization became aware of the breach , IT services changed the password and determined it was secure , Salcido wrote . The Girl Scouts of Orange County reviewed the account , eliminated all personal information it contained and notified the California attorney general ’ s office of the breach . Because the email account was used for the organization ’ s travel purposes , it contained information about members dating to 2014 . Salcido said the third party used the account to send messages , but she did not specify what type of messages were sent . Elizabeth Fairchild , spokeswoman for the Girl Scouts of Orange County , said staff members noticed Oct 1 that the email account had been used the day before “ to send out non-Girl Scout related emails. ” On Oct 1 , staff members sent an email to members telling them what happened , stating they had secured the account and advising them to not open any unusual emails from that account . “ The vast majority of information stored in the account was nonsensitive , ” Fairchild said . “ Fewer than 300 had sensitive information stored in the account. ” The Girl Scouts of Orange County provided contact information for the credit bureaus Equifax , Experian and TransUnion and suggested that members place fraud alerts on their accounts . If members have questions or concerns about the breach , they can call ( 800 ) 974-9444 or email customercare @ girlscoutsoc.org .
WASHINGTON — The Internal Revenue Service said on Thursday that the personal data of as many as 100,000 taxpayers could have been compromisedAttack.Databreachthrough a scheme in which hackers posed asAttack.Phishingstudents using an online tool to apply for financial aid . The breach may be the most extensive since 2015 , when thieves gained accessAttack.Databreachto the tax returns of over 300,000 people by using stolen data and filed fraudulent returns to get refunds . The possibility of an attack became known in early March after the I.R.S . shut down its Data Retrieval Tool , which families used to import tax information to Fafsa , the Free Application for Federal Student Aid , on the Education Department ’ s website . The shutdown , at the height of financial aid application season , caused outrage among parents and students trying to fill out the complicated Fafsa forms . The I.R.S . has been struggling to overhaul its defenses against increasingly sophisticated cyberthreats as its budget shrinks and its staff dwindles . The agency became concerned last fall when it realized that it was possible for criminals to take advantage of the student loan tool that allows aid applicants to automatically populate the applications with their and their parents ’ tax information . The worry was that thieves might use the stolen data to file fraudulent returns and steal refunds , as they did two years ago . “ Fortunately we caught this at the front end , ” John Koskinen , the I.R.S . commissioner , said Thursday at a Senate Finance Committee hearing . The I.R.S . does not expect the tool to be secure and operational again until October . “ Our highest priority is making sure that we protect taxpayers and their identity , ” he said . But the breadth of the breach remains unknown , and Mr. Koskinen faced tough questions during the hearing as to why he did not act sooner . Senator Orrin G. Hatch of Utah , the Republican chairman of the committee , wondered why Mr. Koskinen had waited several months to shut down the tool after realizing that it might be vulnerable . Mr. Koskinen said he did not want to cut off a tool that millions of financial aid applicants use before the evidence of foul play was clear . After monitoring activity in the system , the I.R.S . noticed an unusual spike of unfinished applications in February that suggested criminals were at work . The commissioner , who in the past has faced calls from many Republican lawmakers to resign , said that the agency had already sent out 35,000 letters to taxpayers and that it was planning to contact 100,000 people to alert them that they might be at risk . The agency believes that fewer than 8,000 fraudulent returns were filed and processed , resulting in refunds issued . The questions about the security of data at the I.R.S . came less than two weeks before tax day and amid new calls from Republicans that Mr. Koskinen resign before his term ends in November . The commissioner has been a boogeyman for Republicans for years , because many in the party think that he has misled them over accusations that the agency overzealously audited certain conservative nonprofit groups .
SAN FRANCISCO — Hackers took advantage of an Equifax security vulnerability two months after an industry group discoveredVulnerability-related.DiscoverVulnerabilitythe coding flaw and sharedVulnerability-related.PatchVulnerabilitya fix for it , raising questions about why Equifax did n't updateVulnerability-related.PatchVulnerabilityits software successfully when the danger became known . A week after Equifax revealed one of the largest breachesAttack.Databreachof consumers ' private financial data in history — 143 million consumers and accessAttack.Databreachto the credit-card data of 209,000 — the industry group that manages the open source software in which the hack occurred blamed Equifax . `` The Equifax data compromiseAttack.Databreachwas due to ( Equifax 's ) failure to install the security updates providedVulnerability-related.PatchVulnerabilityin a timely manner , '' The Apache Foundation , which oversees the widely-used open source software , said in a statement Thursday . Equifax told USA TODAY late Wednesday the criminals who gained accessAttack.Databreachto its customer data exploitedVulnerability-related.DiscoverVulnerabilitya website application vulnerability known asVulnerability-related.DiscoverVulnerabilityApache Struts CVE-2017-5638 . The vulnerability was patchedVulnerability-related.PatchVulnerabilityon March 7 , the same day it was announcedVulnerability-related.DiscoverVulnerability, The Apache Foundation said . Cybersecurity professionals who lend their free services to the project of open-source software — code that 's shared by major corporations and that 's tested and modified by developers working at hundreds of firms — had shared their discovery with the industry group , making the risk and fix known to any company using the software . Modifications were made on March 10 , according to the National Vulnerability Database . But two months later , hackers took advantage of the vulnerability to enter the credit reporting agency 's systems : Equifax said the unauthorized access began in mid-May . Equifax did not respond to a question Wednesday about whether the patches were appliedVulnerability-related.PatchVulnerability, and if not , why not . `` We continue to work with law enforcement as part of our criminal investigation and have shared indicators of compromise with law enforcement , '' it said . It should have have acted faster to successfully deal with the problem , other cybersecurity professionals said . `` They should have patchedVulnerability-related.PatchVulnerabilityit as soon as possible , not to exceed a week . A typical bank would have patchedVulnerability-related.PatchVulnerabilitythis critical vulnerability within a few days , ” said Pravin Kothari , CEO of CipherCloud , a cloud security company . Federal regulators are now investigating whether Equifax is at fault . The Federal Trade Commission and the Consumer Financial Protection Bureau have said they 've opened probes into the hack . So far dozens of state attorneys general are investigating the breach , and on Tuesday Massachusetts Attorney General Maura Healey said she plans to sue the company for violating state consumer protection laws . More than 23 class-action lawsuits against the company have also been proposed . Proof that Equifax failed to protect customers , particularly when it had the tools and information to do so , is likely to further damage Equifax 's financial outlook . Shares fell 2.5 % Thursday after news of the FTC probe and are down 33 % since it revealed the link .
Hard Rock Hotels & Casinos alongside Loews Hotels have warned customers that a security failure may have resulted in the theft of their information . Both incidents appear to have been linked to a third-party reservation platform , SynXis , which only begun informing client hotels of the security breach in June , months after the attacks took place . Hard Rock Hotels & Casinos issued a statement informing customers of the data breachAttack.Databreachlast week , which took place due to the Sabre Hospitality Solutions SynXis third-party reservation system . The hotel chain , which operates 176 cafes , 24 hotels and 11 casinos in 75 countries , said SynXis , the backbone infrastructure for reservations made through hotels and travel agencies , provided the avenue for data theftAttack.Databreachand the exposureAttack.Databreachof customer information . `` The unauthorized party first obtained accessAttack.Databreachto payment card and other reservation information on August 10 , 2016 , '' the hotel chain said. `` The last accessAttack.Databreachto payment card information was on March 9 , 2017 . '' Hard Rock Hotel & Casino properties in Biloxi , Cancun , Chicago , Goa , Las Vegas , Palm Springs , Panama Megapolis , Punta Cana , Rivera Maya , San Diego and Vallarta are all affected . According to Sabre , an `` unauthorized party gained accessAttack.Databreachto account credentials that permitted unauthorized accessAttack.Databreachto payment card information , as well as certain reservation information '' for a `` subset '' of reservations . The attacker was able to grabAttack.Databreachunencrypted payment card information for hotel reservations , including cardholder names , card numbers , and expiration dates . In some cases , security codes were also exposedAttack.Databreach, alongside guest names , email addresses , phone numbers , and addresses . In May , Sabre said an investigation into a possible breach was underway . In a quarterly SEC filing , the company said , `` unauthorized access has been shut off , and there is no evidence of continued unauthorized activity at this time . '' While Sabre has not revealed exactly how the system was breached , the company has hired third-party cybersecurity firm Mandiant to investigate . Loews Hotels also appears to be a victim of the same security failure . According to NBC , Sabre was also at fault and cyberattackers were able to slurpAttack.Databreachcredit card , security code , and password information through the booking portal . In some cases , email addresses , phone numbers , and street addresses were also allegedly exposedAttack.Databreach. According to Sabre , its software is used by roughly 36,000 hotel properties . `` Not all reservations that were viewed included the payment card security code , as a large percentage of bookings were made without a security code being provided , '' Sabre said in a statement . `` Others were processed using virtual card numbers in lieu of consumer credit cards . Sabre has notified law enforcement and the credit card brands as part of our investigation . '' If you stayed in one of these properties on the dates mentioned above , you may be at risk of identity theft should the attackers choose to sell their stolen cache of data . Sabre suggests signing up for a free credit report -- available to US consumers once a year for free -- and notify their bank of any stolen activity . However , no compensation has yet been made available . These hotel chains are far from the only ones that have suffered a data breachAttack.Databreachin recent years . Back in April , InterContinental admitted that a data breachAttack.Databreachfirst believed to be isolated to 12 properties actually harmed roughly 1,200 , resulting in the exposureAttack.Databreachof customer credit card data .
The Equifax data breachAttack.Databreachin which millions of Americans had their personal details stolenAttack.Databreachmay have been carried out by a foreign government in a bid to recruit U.S. spies , experts believe . Hackers tookAttack.Databreachaddresses , dates of birth , Social Security details and credit card numbers from 148million people when they targeted the credit ratings giant Equifax in 2017 . But the stolen data has not appeared on any 'dark web ' sites which sell personal information for sinister use , analysts have said . The data 's apparent disappearance has led some experts to conclude that it is in the hands of a foreign government , CNBC reported . One analyst told the channel : 'We are all working to be able to consistently determine whether this data is out there and whether it has ever been out there . And at this time there has been absolutely no indication , whatsoever , that the data has been disclosed , that it has been used or that it has been offered for sale . Another ex-intelligence worker said personal data could be used by foreign governments to identify powerful people who were having financial problems . Those people would be prime targets for a bribe or might be attracted by a job offer , he said . It has also been suggested that the criminals who stoleAttack.Databreachthe data feared detection if they sold it online and have kept it to themselves to avoid capture . Equifax , one of America 's three leading consumer reporting agencies , announced the huge data hackAttack.Databreachin September 2017 and its CEO Richard Smith resigned later that month . They initially said 143million people had been affected but the number eventually grew to 148million , equivalent to nearly half the U.S. population . The hackers targeted the company for 76 days until the attack was spotted , according to a congressional report . Hackers gained accessAttack.Databreachto 48 databases between May 13 and July 29 when Equifax noticed the intrusion , the report said . Last year the firm admitted that passport images and information had also been stolenAttack.Databreach. The U.S. House committee which investigated the breach said the firm had 'failed to fully appreciate and mitigate its cybersecurity risks ' . 'Had the company taken action to addressVulnerability-related.PatchVulnerabilityits observable security issues prior to this cyberattack , the data breachAttack.Databreachcould have been prevented , ' the committee 's report said .
PhishingAttack.Phishingand other hacking incidents have led to several recently reported large health data breachesAttack.Databreach, including one that UConn Health reports affected 326,000 individuals . In describing a phishing attackAttack.Phishing, UConn Health says that on Dec 24 , 2018 , it determined that an unauthorized third party illegally accessedAttack.Databreacha limited number of employee email accounts containing patient information , including some individuals ' names , dates of birth , addresses and limited medical information , such as billing and appointment information . The accounts also contained the Social Security numbers of some individuals . Several other healthcare entities also have recently reported to federal regulators data breachesAttack.Databreachinvolving apparent phishingAttack.Phishingand other email-related attacks . `` All of these incidents speak to the rampant attacks we are seeing across healthcare , and yet organizations are still not investing enough in protection or detection , '' says Mac McMillan , CEO of security consulting firm CynergisTek . UConn Health , an academic medical center , says in a media statement that it identified approximately 326,000 potentially impacted individuals whose personal information was contained in the compromisedAttack.Databreachemail accounts . For approximately 1,500 of these individuals , this information included Social Security numbers . `` It is important to note that , at this point , UConn Health does not know for certain if any personal information was ever viewed or acquiredAttack.Databreachby the unauthorized party , and is not aware of any instances of fraud or identity theft as a result of this incident , '' the statement notes . `` The incident had no impact on UConn Health 's computer networks or electronic medical record systems . '' UConn Health is offering prepaid identity theft protection services to individuals whose Social Security numbers may be impacted . The organization says it has notified law enforcement officials and retained a forensics firm to investigate the matter . Once the U.S.Department of Health and Human Services confirms the details , the attackAttack.Databreachon UConn Health could rank as the second largest health data breachAttack.Databreachreported so far this year , based on a snapshot of its HIPAA Breach Reporting Tool website on Monday . The largest health data breachAttack.Databreachrevealed so far this year , but not yet added to the tally , affected University of Washington Medicine . UW Medicine says a misconfigured database left patient data exposedAttack.Databreachon the internet for several weeks last December , resulting in a breachAttack.Databreachaffecting 974,000 individuals . Several other phishingAttack.Phishingand hacking incidents have been added to the HHS `` wall of shame '' tally in recent weeks . Among those is a hacking incident impacting 40,000 individuals reported on Feb 1 by Minnesota-based Reproductive Medicine and Infertility Associates . In a statement , the organization notes that on Dec 5 , 2018 , it discovered it had been the target of a `` criminal malware attack . '' An RMIA practice manager tells Information Security Media Group that independent computer forensics experts removed the malware , but did not definitively determine how the malware infection was launched . The practice suspects the malware was likely embedded in an email attachment , he says . RMIA 's statement notes that while the investigation did not identify any evidence of unauthorized accessAttack.Databreachto anyone 's personal information , `` we unfortunately could not completely rule out the possibility that patients ' personal information , including name , address , date of birth , health insurance information , limited treatment information and , for donors only , Social Security number , may have been accessibleAttack.Databreach. '' In the aftermath of the incident , RMIA says it 's adding another firewall , requiring changes to user credentials/passwords , implementing dual-factor authentication and providing additional staff training regarding information security . '' Also reporting a hacking incident in recent weeks was Charleston , S.C.-based Roper St.Francis Healthcare , which operates several hospitals in the region . The attack was reported as impacting nearly 35,300 individuals . In a Jan 29 statement , the entity says that on Nov 30 , 2018 , it learned that an unauthorized actor may have gained accessAttack.Databreachto some of its employees ' email accounts between Nov 15 and Dec 1 , 2018 , `` Our investigation determined that some patient information may have been contained in the email accounts , patients ' names , medical record numbers , information about services they received from Roper St.Francis , health insurance information , and , in some cases , Social Security numbers and financial information , '' the statement says . For those patients whose Social Security number was potentially exposedAttack.Databreach, the organization is offering prepaid credit monitoring and identity protection services . `` To help prevent something like this from happening again , we are continuing education with our staff on email protection and enhancing our email security , '' Roper St. Francis says . As phishingAttack.Phishingcontinues to menace healthcare entities , covered entities and business associates need to keep up with their defenses , some experts note . `` Phishing techniques have become more sophisticated than in the past , '' note Kate Borten , president of security and privacy consulting firm The Marblehead Group . `` Workforce training should include simulated phishing attacksAttack.Phishingto make people better prepared to recognize and thwart a real attack . '' To help mitigate breach risks , organizations should be deploying next-generation firewalls and multifactor authentication , plus employing advanced malware detection solutions , McMillan says . Too many organizations are overlooking the value of multifactor authentication , Borten adds . `` Two-factor user authentication was intended to be required over the internet and public networks in the proposed HIPAA Security Rule , '' she notes . `` Unfortunately , since that requirement was dropped in the final rule , healthcare is lagging on multifactor authentication , which is easier now than ever to implement . '' But McMillan advises healthcare organizations to avoid using multifactor authentication systems that use SMS to transmit a one-time password because those messages can be interceptedAttack.Databreach. `` The software- or hardware-based solutions are preferred , '' McMillan says . So what other technologies or best practices should covered entities and business associates consider to prevent falling victim to phishingAttack.Phishingand other attacks ? `` Unfortunately we have n't seen any silver bullets here yet , but one thing we might want to begin exploring is just what an attacker has accessAttack.Databreachto when they compromiseAttack.Databreacha user 's account , '' McMillan notes . `` All too often , we hear that the accounts compromisedAttack.Databreachhad incredibly large numbers of emails immediately accessibleAttack.Databreachto the attacker . The question is , are their better ways to deal with retention that mitigate risk as well ? ''
News Corp is a network of leading companies in the worlds of diversified media , news , education , and information services . Addresses , names and phone numbers for staff were accessedAttack.Databreachin the data breachAttack.DatabreachSPORTS Direct failed to tell its workers about a major data breachAttack.Databreachthat saw personal information accessedAttack.Databreachby hackers . A cyber attacker gained accessAttack.Databreachto internal systems containing details for phone numbers , names and home and email addresses of the retail giant's 30,000 staff members . But according to The Register , workers still have n't been told about the breachAttack.Databreach, which took place in September . Sports Direct discovered the attackAttack.Databreachthree months later after a phone number was leftAttack.Databreachon the company 's internal site with a message encouraging bosses to make contact . Chiefs filed a report with the Information Commissioner 's office after it became aware that personal information had been compromisedAttack.Databreach. But as there was no evidence the data had been sharedAttack.Databreach, Sports Direct did n't report the breachAttack.Databreachto staff . The blunder is the latest in a string of controversies surrounding the sporting goods retailer . Allegations also surfaced of some workers being promised permanent contracts in exchange for sexual favours . Committee chairman Iain Wright said evidence heard by MPs last year suggested Sports Direct 's working practices `` are closer to that of a Victorian workhouse than that of a modern , reputable High Street retailer '' . In November , six MPs from the Business and Skills Committee said attempts were made to record their private discussions when they visited Sport Direct to investigate working practices . A spokesman for Sports Direct said : `` We can not comment on operational matters in relation to cyber-security for obvious reasons .