A pediatrics practice , ABCD Pediatrics , serving the San Antonio , Texas metropolitan area reported that it was hit with a ransomware attack Attack.Ransom , but existing antivirus software helped to slow down the attack , and the practice 's IT vendor successfully removed the virus and all corrupt data from its servers . However , because hackers may have accessed Attack.Databreach portions of the practice ’ s network , the pediatrics group is offering identity and credit protection services from Equifax Personal Solutions to all of its patients . The pediatrics group , which has four locations , posted a “ HIPAA Notification ” on its website , regarding an incident that may have affected patients ’ protected health information ( PHI ) . The practice stated that the notice was made in compliance with the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) . Prior to the attack , ABCD Pediatrics had a variety of security measures in place , including network filtering and security monitoring , intrusion detection systems , firewalls , antivirus software , and password protection , according to the organization ’ s statement . On February 6 , 2017 , an employee of ABCD Pediatrics discovered that a virus gained access and began encrypting ABCD ’ s servers . The encryption was slowed significantly by existing antivirus software . Upon discovery , ABCD immediately contacted its IT vendor , and ABCD ’ s servers and computers were promptly moved offline and analyzed . The virus was identified as “ Dharma Ransomware , ” which is a variant of an older ransomware virus called “ CriSiS , ” according to the organization ’ s IT vendor . “ ABCD ’ s IT company reported that these virus strains typically do not exfiltrate Attack.Databreach ( “ remove ” ) data from the server ; however , exfiltration could not be ruled out . Also , during the analysis of ABCD ’ s servers and computers , suspicious user accounts were discovered suggesting that hackers may have accessed Attack.Databreach portions of ABCD ’ s network , ” the organization stated . The IT vendor successfully removed the virus and all corrupt data from its servers , and the practice said that secure backup data stored separately from its servers and computers was not compromised by the incident , and it was used to restore all affected data . According to the organization , no confidential information was lost or destroyed , including PHI , and the practice group never received a ransom demand Attack.Ransom or other communications from unknown persons . In addition to notifying its patients , ABCD notified the FBI and the U.S. Department of Health and Human Services . According to the HHS ’ Office of Civil Rights ’ data breach Attack.Databreach portal , the incident affected 55,447 patients . While the IT vendor found no evidence that confidential information was actually acquired or removed Attack.Databreach from its servers and computers , it could not rule out the possibility that confidential information may have been viewed Attack.Databreach and possibly was acquired Attack.Databreach , according the ABCD Pediatrics ’ statement . Affected information may have included patients ’ names , addresses , telephone numbers , dates of birth , Social Security Numbers , insurance billing information , medical records , and laboratory reports . Following this incident , ABCD ’ s IT vendor located the source of the intrusion and implemented additional security measures , including state of the art cyber monitoring on its network , the organization said . In addition to the identity and credit protection services from Equifax , the pediatrics group recommended that patients also place a fraud alert on their credit files .

A pediatrics practice , ABCD Pediatrics , serving the San Antonio , Texas metropolitan area reported that it was hit with a ransomware attack Attack.Ransom , but existing antivirus software helped to slow down the attack , and the practice 's IT vendor successfully removed the virus and all corrupt data from its servers . However , because hackers may have accessed Attack.Databreach portions of the practice ’ s network , the pediatrics group is offering identity and credit protection services from Equifax Personal Solutions to all of its patients . The pediatrics group , which has four locations , posted a “ HIPAA Notification ” on its website , regarding an incident that may have affected patients ’ protected health information ( PHI ) . The practice stated that the notice was made in compliance with the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) . Prior to the attack , ABCD Pediatrics had a variety of security measures in place , including network filtering and security monitoring , intrusion detection systems , firewalls , antivirus software , and password protection , according to the organization ’ s statement . On February 6 , 2017 , an employee of ABCD Pediatrics discovered that a virus gained access and began encrypting ABCD ’ s servers . The encryption was slowed significantly by existing antivirus software . Upon discovery , ABCD immediately contacted its IT vendor , and ABCD ’ s servers and computers were promptly moved offline and analyzed . The virus was identified as “ Dharma Ransomware , ” which is a variant of an older ransomware virus called “ CriSiS , ” according to the organization ’ s IT vendor . “ ABCD ’ s IT company reported that these virus strains typically do not exfiltrate Attack.Databreach ( “ remove ” ) data from the server ; however , exfiltration could not be ruled out . Also , during the analysis of ABCD ’ s servers and computers , suspicious user accounts were discovered suggesting that hackers may have accessed Attack.Databreach portions of ABCD ’ s network , ” the organization stated . The IT vendor successfully removed the virus and all corrupt data from its servers , and the practice said that secure backup data stored separately from its servers and computers was not compromised by the incident , and it was used to restore all affected data . According to the organization , no confidential information was lost or destroyed , including PHI , and the practice group never received a ransom demand Attack.Ransom or other communications from unknown persons . In addition to notifying its patients , ABCD notified the FBI and the U.S. Department of Health and Human Services . According to the HHS ’ Office of Civil Rights ’ data breach Attack.Databreach portal , the incident affected 55,447 patients . While the IT vendor found no evidence that confidential information was actually acquired or removed Attack.Databreach from its servers and computers , it could not rule out the possibility that confidential information may have been viewed Attack.Databreach and possibly was acquired Attack.Databreach , according the ABCD Pediatrics ’ statement . Affected information may have included patients ’ names , addresses , telephone numbers , dates of birth , Social Security Numbers , insurance billing information , medical records , and laboratory reports . Following this incident , ABCD ’ s IT vendor located the source of the intrusion and implemented additional security measures , including state of the art cyber monitoring on its network , the organization said . In addition to the identity and credit protection services from Equifax , the pediatrics group recommended that patients also place a fraud alert on their credit files .

ABCD Pediatrics , PA ( “ ABCD ” ) is committed to providing quality pediatric healthcare in the San Antonio area . Our mission is to provide the best care , to each patient , every time . With that being said , ABCD is writing to inform you about an incident that may have affected its patients ’ protected health information . This notification is made in compliance with the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) , Public Law 104-191 , and the included Administrative Simplification provisions . During the morning of February 6 , 2017 , an employee of ABCD Pediatrics discovered that a virus gained access and began encrypting ABCD ’ s servers . The encryption was slowed significantly by existing antivirus software . Upon discovery , ABCD immediately contacted its IT Company , and ABCD ’ s servers and computers were promptly moved offline and analyzed . ABCD ’ s IT Company identified the virus as “ Dharma Ransomware , ” which is a variant of an older ransomware virus called “ CriSiS. ” ABCD ’ s IT Company reported that these virus strains typically do not exfiltrate Attack.Databreach ( “ remove ” ) data from the server ; however , exfiltration could not be ruled out . Also , during the analysis of ABCD ’ s servers and computers , suspicious user accounts were discovered suggesting that hackers may have accessed Attack.Databreach portions of ABCD ’ s network . ABCD ’ s IT Company successfully removed the virus and all corrupt data from its servers . Secure backup data stored separately from ABCD ’ s servers and computers was not compromised by this incident , and it was used to restore all affected data . As a result , no confidential information was lost or destroyed , including protected health information . Also , please note that ABCD never received any ransom demands Attack.Ransom or other communications from unknown persons . However , ABCD remains concerned because it discovered user logs indicating that computer programs or persons may have been on the server for a limited period of time . In addition to notifying its patients , ABCD notified the Federal Bureau of Investigations ( “ FBI ” ) , and it will notify the Department of Health and Human Services . While ABCD ’ s IT Company found no evidence that confidential information was actually acquired or removed Attack.Databreach from its servers and computers , it could not rule out the possibility that confidential information may have been viewed Attack.Databreach and possibly was acquired Attack.Databreach . Importantly , ABCD can not confirm with a high degree of likelihood that confidential information remained secure throughout this incident . Generally , affected information may have included one ’ s name , address , telephone , date of birth , other demographic information , Social Security Number , insurance billing information , current procedural technology codes , medical records , and laboratory reports . ABCD takes its patient ’ s privacy and the security of their information very seriously . ABCD had a variety of security measures in place before this incident , including network filtering and security monitoring , intrusion detection systems , firewalls , antivirus software , and password protection . Following this incident , ABCD ’ s IT Company located the source of the intrusion and implemented several measures to ensure this kind of incident does not occur again , which include state of the art cyber monitoring on its network . ABCD and its IT Company continue to assess its physical and cyber security . We have arranged with Equifax Personal Solutions to help protect the identity and credit information of all patients . Patients can call 844-420-6493 Monday through Friday from 9:00 AM to 9:00 PM Eastern Standard Time to determine whether they were affected . Also , if any patient has questions , they can call this same number to speak with a customer service representative about the incident . Patients also can place a fraud alert on their credit files with the three major credit reporting agencies . A fraud alert is a consumer statement added to one ’ s credit report . The fraud alert signals creditors to take additional steps to verify one ’ s identity prior to granting credit . This service can make it more difficult for someone to get credit in one ’ s name , though it may also delay one ’ s ability to obtain credit while the agency verifies identity . Fraud alerts are free and last 90 days unless you manually renew it or use the automatic fraud alert feature within a Credit Watch subscription . Patients also may want to order their credit report . By establishing a fraud alert , patients will receive a follow-up letter that will explain how they can receive a copy of their credit report . When patients receive their credit report , examine it closely and look for signs of fraud , such as credit accounts that are incorrect . Even though a fraud alert has been placed on their account , patients should continue to monitor future credit reports to ensure an imposter has not opened an account . If patients want to place a security freeze , they will need to call all three credit bureaus ( information listed above ) and place a security freeze on thier credit report . Charges to place and/or remove a security freeze vary by state and credit agency . We deeply regret any inconvenience this incident may have caused . If patients have questions , please call 844-420-6493 Monday through Friday from 9:00 AM to 9:00 PM Eastern Standard Time .

Popular travel-booking site Orbitz has likely been hacked Attack.Databreach , potentially exposing Attack.Databreach payment card information for people that bought plane tickets or booked hotel rooms over the course of two years . The company said that it has uncovered evidence that about 880,000 payment cards were possibly impacted , along with other personal information , like names , payment card information , dates of birth , phone numbers , email addresses , physical and/or billing addresses and gender . The company said evidence suggests an attacker may have accessed Attack.Databreach information stored on a legacy e-commerce platform during two periods : 1 January through 22 June 2016 and 1 October to 22 December 2017 . `` We determined on March 1 , 2018 , that there was evidence suggesting that an attacker may have accessed Attack.Databreach personal information stored on this consumer and business partner platform , ” the Expedia-owned site said in a media statement . “ We took immediate steps to investigate the incident and enhance security and monitoring of the affected platform . To date , we do not have direct evidence that this personal information was actually taken Attack.Databreach from the platform . We deeply regret the incident , and we are committed to doing everything we can to maintain the trust of our customers and partners . '' Mike Schuricht , vice president of product management at Bitglass , said that the issue may have arisen as an artifact of the acquisition integration . Expedia bought the company in September 2015 . “ Any organization that is acquired by or is acquiring another business and its IT assets typically has a major blind spot with respect to its legacy or nonproduction systems , ” Schuricht said via email . “ As is the case with most audits and postmortems in the event of a breach , Expedia is likely looking back at the infrastructure affiliated with its prior acquisitions , like Travelocity , to ensure all of its owned databases are not similarly impacted . It ’ s always a concern when an organization only becomes aware of a breach months or years after it takes place – highlighting the inadequacy of reactive security solutions and auditing processes. ” Orbitz is offering customers a year of free credit monitoring ; yet Nathan Wenzler , chief security strategist at San Francisco-based security consulting company AsTech , said that more is needed . “ Another day , another breach . And while the attackers show no signs of slowing down , companies really need to do more than just provide users a free year of credit monitoring services and consider their work done , ” he said via email . “ Legacy systems are common attack points , as they are often neglected , go without updates or patches and are commonly not monitored , which gives criminals an ideal avenue to gain access and steal Attack.Databreach whatever data may be resident there . In this case , it was nearly 900,000 credit card accounts . Credit monitoring may be a nice PR gesture , but it does not absolve companies from doing their due diligence around securing legacy systems and protecting their customers data , no matter where it lives . ”

Popular travel-booking site Orbitz has likely been hacked Attack.Databreach , potentially exposing Attack.Databreach payment card information for people that bought plane tickets or booked hotel rooms over the course of two years . The company said that it has uncovered evidence that about 880,000 payment cards were possibly impacted , along with other personal information , like names , payment card information , dates of birth , phone numbers , email addresses , physical and/or billing addresses and gender . The company said evidence suggests an attacker may have accessed Attack.Databreach information stored on a legacy e-commerce platform during two periods : 1 January through 22 June 2016 and 1 October to 22 December 2017 . `` We determined on March 1 , 2018 , that there was evidence suggesting that an attacker may have accessed Attack.Databreach personal information stored on this consumer and business partner platform , ” the Expedia-owned site said in a media statement . “ We took immediate steps to investigate the incident and enhance security and monitoring of the affected platform . To date , we do not have direct evidence that this personal information was actually taken Attack.Databreach from the platform . We deeply regret the incident , and we are committed to doing everything we can to maintain the trust of our customers and partners . '' Mike Schuricht , vice president of product management at Bitglass , said that the issue may have arisen as an artifact of the acquisition integration . Expedia bought the company in September 2015 . “ Any organization that is acquired by or is acquiring another business and its IT assets typically has a major blind spot with respect to its legacy or nonproduction systems , ” Schuricht said via email . “ As is the case with most audits and postmortems in the event of a breach , Expedia is likely looking back at the infrastructure affiliated with its prior acquisitions , like Travelocity , to ensure all of its owned databases are not similarly impacted . It ’ s always a concern when an organization only becomes aware of a breach months or years after it takes place – highlighting the inadequacy of reactive security solutions and auditing processes. ” Orbitz is offering customers a year of free credit monitoring ; yet Nathan Wenzler , chief security strategist at San Francisco-based security consulting company AsTech , said that more is needed . “ Another day , another breach . And while the attackers show no signs of slowing down , companies really need to do more than just provide users a free year of credit monitoring services and consider their work done , ” he said via email . “ Legacy systems are common attack points , as they are often neglected , go without updates or patches and are commonly not monitored , which gives criminals an ideal avenue to gain access and steal Attack.Databreach whatever data may be resident there . In this case , it was nearly 900,000 credit card accounts . Credit monitoring may be a nice PR gesture , but it does not absolve companies from doing their due diligence around securing legacy systems and protecting their customers data , no matter where it lives . ”

Award-winning cooking tools company OXO revealed that it has suffered data breaches Attack.Databreach over the last two years that may have compromised Attack.Databreach customer and credit card information . In a breach disclosure letter filed with the State of California , OXO said that the data security incident involved “ sophisticated criminal activity that may have exposed Attack.Databreach some of your personal information. ” The attacker is believed to have accessed Attack.Databreach credit card information , along with names and billing and shipping addresses , though the letter does not state the scope of impact . “ On December 17 , 2018 , OXO confirmed through our forensic investigators that the security of certain personal information that you entered into our e-commerce website ( https : //www.oxo.com ) may have been compromised Attack.Databreach . We currently believe that information entered in the customer order form between June 9 , 2017 – November 28 , 2017 , June 8 , 2018 – June 9 , 2018 , July 20 , 2018 – October 16 , 2018 may have been compromised Attack.Databreach . While we believe the attempt to compromise Attack.Databreach your payment information may have been ineffective , we are notifying you out of an abundance of caution. ” OXO is currently working with security consultants and forensic investigators , who are looking Vulnerability-related.DiscoverVulnerability at past vulnerabilities in the website as part of an ongoing investigation of the incident . Additionally , the company has taken measures to secure its site to prevent future incidents . “ This latest breach underscores the importance of 24/7 security monitoring , ” said Matan Or-El , CEO of Panorays . “ With the new year upon us , companies should perform an in-depth review of all their digital assets to ensure that they and their third parties have not been compromised . We expect that future hacks will be targeted towards entire industries so as to maximize the payout for cyber-criminals. ” OXO has also secured the services of risk mitigation and response firm Kroll in order to extend identify monitoring services to its customers .

While the company was able to avoid falling victim to the ransomware , the attackers may have been able to access Attack.Databreach patient data . On February 6 , 2017 , an employee noticed that a virus had begun encrypting the practice 's servers . The encryption process was slowed by the company 's anti-virus software , and ABCD 's IT company was able to take its servers offline and identify the virus as Dharma Ransomware , a variant of Crysis for which decryption tools are available . `` ABCD 's IT company reported that these virus strains typically do not exfiltrate Attack.Databreach ( 'remove ' ) data from the server ; however , exfiltration could not be ruled out , '' the company said in a statement . `` Also , during the analysis of ABCD 's servers and computers , suspicious user accounts were discovered suggested that hackers may have accessed Attack.Databreach portions of ABCD 's network . '' The IT company was able to remove the virus and all corrupt data from its servers , and successfully restored all affected data from a secure backup . `` As a result , no confidential information was lost or destroyed , including protected health information , '' the company said

HipChat has reset all its users ' passwords after what it called a security incident that may have exposed Attack.Databreach their names , email addresses and hashed password information . In some cases , attackers may have accessed Attack.Databreach messages and content in chat rooms , HipChat said in a Monday blog post . But this happened in no more than 0.05 percent of the cases , each of which involved a domain URL , such as company.hipchat.com . HipChat did n't say how many users may have been affected by the incident . The passwords that may have been exposed Attack.Databreach would also be difficult to crack , the company said . The data is hashed , or obscured , with the bcrypt algorithm , which transforms the passwords into a set of random-looking characters . For added security , HipChat `` salted '' each password with a random value before hashing it . HipChat warned that chat room data including the room name and topic may have also been exposed Attack.Databreach . But no financial or credit information was taken Attack.Databreach , the company said . HipChat is a popular messaging service used among enterprises , and an attack Attack.Databreach that exposed Attack.Databreach sensitive work-related chats could cause significant harm . The service , which is owned by Atlassian , said it detected the security incident last weekend . It affected Vulnerability-related.DiscoverVulnerability a server in the HipChat Cloud and was caused by a vulnerability in an unnamed , but popular , third-party library that HipChat.com used , the company said . No other Atlassian systems were affected , the company said . “ We are confident we have isolated the affected systems and closed any unauthorized access , ” HipChat said in its blog post . This is not the first time the messaging service has faced problems keeping accounts secure . In 2015 , HipChat reset user passwords after detecting and blocking suspicious activity in which account information was stolen Attack.Databreach from less than 2 percent of its users . When breaches occur , security experts advise users to change their passwords for any accounts where they used the same login information . Users can consider using a password manager to help them store complex , tough-to-memorize passwords . HipChat has already sent an email to affected users , informing them of the password reset . In 2015 , rival chat application Slack reported its own breach , and as a result rolled out two-factor authentication to beef up its account security . HipChat does not offer two-factor authentication .

A California auto loan company left the names , addresses , credit scores and partial Social Security numbers of up to 1 million people exposed Attack.Databreach on an insecure online database . The company behind the database is Alliance Direct Lending Corporation , according to Kromtech Security Research Center , which discovered the data earlier this week . It said the data was found on an unprotected Amazon server and that the data could have been exposed Attack.Databreach for up to two years . According to Alliance Direct Lending ’ s website , the company works with individuals and auto dealership partners to help car owners refinance existing auto loans . Data stored in the cloud was in clear text , according Diachenko . He said data also included several dozen recorded voice conversations with customers that disclosed full Social Security numbers of loan applicants . Sample data included the names of 114 car dealerships . According to Kromtech , it estimated between 550,000 to 1.1 million loan records from those dealers were exposed Attack.Databreach online . Dealers were located across the United States from California , Colorado , Florida and Massachusetts . Kromtech said it was unsure if additional third parties may have accessed Attack.Databreach the data . Privacy experts said the data in the hands of the wrong person would be a nightmare for victims . A criminal that knows the data comes from people who have refinanced their car loan and may have less than stellar credit , coupled with partial Social Security numbers , would be a dream come true . “ Things could go wrong on a variety of levels . The data could be used to phish additional data Attack.Phishing via email or phone scams . That ’ s not even mentioning the reputational damage to those in the database with bad credit scores , ” said Adam Levin , chairman and founder of CyberScout . The data found by Kromtech was on an Amazon ’ s AWS S3 server . AWS S3 is marketed as an easy-to-use web service that allows businesses to store and retrieve data at a moment ’ s notice . Data is stored in what Amazon calls buckets . “ The Kromtech Security Research Center has seen an increase in vulnerable AWS S3 buckets recently due to misconfigurations or public settings , ” Diachenko said . “ We have identified hundreds of misconfigured instances and we have been focused on helping to secure them as soon as we identify who the data belongs to. ” He said companies should consider Alliance Direct Lending ’ s example a sobering reminder that companies and individuals need to make sure their data is secure . For Diachenko , this is the latest in a string of insecure database he has helped uncover . In January , he was part of a research team that found 400,000 audio files associated with a Florida company ’ s telemarketing efforts were stored insecurely online . In February , Kromtech researchers found tens of thousands of sensitive documents insecurely stored online belonging to a print and marketing firm . Thousands of resumes and job applications from U.S. military veterans , law enforcement , and others were leaked Attack.Databreach by a recruiting vendor in an unsecured AWS S3 bucket .

The toys -- which can receive and send voice messages from children and parents -- have been involved in a data breach Attack.Databreach dealing with more than 800,000 user accounts . The breach Attack.Databreach , which grabbed headlines on Monday , is drawing concerns from security researchers because it may have given hackers access Attack.Databreach to voice recordings from the toy 's customers . But the company behind the products , Spiral Toys , is denying that any customers were hacked Attack.Databreach . Absolutely not , '' said Mark Meyers , CEO of the company . Security researcher Troy Hunt , who tracks data breaches Attack.Databreach , brought the incident Attack.Databreach to light on Monday . Hackers appear to have accessed Attack.Databreach an exposed CloudPets ' database , which contained email addresses and hashed passwords , and they even sought to ransom Attack.Ransom the information back in January , he said in a blog post . The incident Attack.Databreach underscores the danger with connected devices , including toys , and how data passing through them can be exposed Attack.Databreach , he added . In the case of CloudPets , the brand allegedly made the mistake of storing the customer information in a publicly exposed Attack.Databreach online MongoDB database that required no authentication to access . That allowed anyone , including hackers , to view and steal Attack.Databreach the data . On the plus side , the passwords exposed Attack.Databreach in the breach Attack.Databreach are hashed with the bcrypt algorithm , making them difficult to crack . Unfortunately , CloudPets placed no requirement on password strength , meaning that even a single character such as letter `` a '' was acceptable , according to Hunt , who was given a copy of the stolen data last week . As a result , Hunt was able to decipher a large number of the passwords , by simply checking them against common terms such as qwerty , 123456 , and cloudpets . `` Anyone with the data could crack a large number of passwords , log on to accounts and pull down the voice recordings , '' Hunt said in his blog post . Security researcher Victor Gevers from the GDI Foundation said he also discovered the exposed database from CloudPets and tried to contact the toy maker in late December . However , both Gevers and Hunt said the company never responded to their repeated warnings . On Monday , California-based Spiral Toys , which operates the CloudPets brand , claimed the company never received the warnings . `` The headlines that say 2 million messages were leaked Attack.Databreach on the internet are completely false , '' Meyers said . His company only became aware of the issue after a reporter from Vice Media contacted them last week . `` We looked at it and thought it was a very minimal issue , '' he said . A malicious actor would only be able to access Attack.Databreach a customer 's voice recording if they managed to guess the password , he said . `` We have to find a balance , '' Meyers said , when he addressed the toy maker 's lack of password strength requirements . He also said that Spiral Toys had outsourced its server management to a third-party vendor . In January , the company implemented changes MongoDB requested to increase the server 's security . Spiral Toys hasn ’ t been the only company targeted . In recent months , several hacking groups have been attacking Attack.Databreach thousands of publicly exposed MongoDB databases . They ’ ve done so by erasing the data , and then saying they can restore it , but only if victims pay a ransom fee Attack.Ransom . In the CloudPets incident , different hackers appear to have deleted the original databases , but left Attack.Ransom ransom notes on the exposed systems , Hunt said . Although the CloudPets ’ databases are no longer publicly accessible , it appears that the toy maker hasn ’ t notified customers about the breach Attack.Databreach , Hunt said . The danger is that hackers might be using the stolen information to break into customer accounts registered with the toys . But Meyers said the company found no evidence that any hackers broke into customer accounts . To protect its users , the company is planning on a password reset for all users . `` Maybe our solution is to put more complex passwords , '' he said .