In recent news , millions of records containing personal information were made available to the public in a sizable data leak Attack.Databreach , providing potential scammers with plenty of information to utilize in their schemes . These records were all part of a 53 GB database that was available for purchase from Dun & Bradstreet , a business service firm . The database contained information that could be of great use to hackers and marketers alike , as it outlined corporate data for businesses within the United States , providing professional details and contact information for members at every level of the businesses included . Dun & Bradstreet released a statement via email in an attempt to remove the firm from any responsibility . According to the firm , there was no evidence of a breach Attack.Databreach on their systems . The email also pointed out that the leaked data was sold to “ thousands ” of other companies , and that the leaked data seemed to be six months old . In essence , Dun & Bradstreet ’ s position was “ not our fault. , ” and that there was little cause for worry , as the list only contained “ generally publicly available business contact data. ” However , not everyone feels that the responsibility for this event can be passed off so easily , especially considering the nature of the data found on the database . Troy Hunt manages Have I Been Pwned , a data leak Attack.Databreach alert site that allows a user to reference one of their accounts to determine if their credentials have been compromised Attack.Databreach . He offered up his own take after reviewing the database for himself . Hunt ’ s analysis revealed that the organizations with the most records in the database were : The United States Department Of Defense : 101,013 The United States Postal Service : 88,153 AT & T Inc. : 67,382 Wal-Mart Stores , Inc. : 55,421 CVS Health Corporation : 40,739 The Ohio State University : 38,705 Citigroup Inc. : 35,292 Wells Fargo Bank , National Association : 34,928 Kaiser Foundation Hospitals : 34,805 International Business Machines Corporation : 33,412 If this list alarms you , you have the right idea . In his comments , Hunt brought up a few concerns that he had with the contents of the database out in public . First of all , this list is essentially a guidebook for someone running a phishing campaign Attack.Phishing . A resourceful scammer could easily use the information contained in this list ( including names , titles , and contact information ) to create a very convincing and effective campaign . Furthermore , the most common records in the leaked database were those of government officials and employees . Hunt went so far as to mention which personnel records could be found in the database for the Department of Defense : while “ Soldier ” was the most common , the list also included “ Chemical Engineer ” and “ Intelligence Analyst ” entries . In his response , Hunt asked a very important question : `` How would the U.S. military feel about this data - complete with PII [ personally identifiable information ] and job title - being circulated ? '' With the very real threat of state-sponsored hacking and other international cyber threats in mind , Hunt brought up the value this list would have to a foreign power that isn ’ t fond of the U.S . Finally , Hunt cited the chances of this data being recovered to be at a firm “ zero ” percent . In short , despite the reassurances from Dun & Bradstreet , this database going public could present some very real dangers to any businesses included in it .

The Fancy Bear hackers , believed to be sponsored by Russia 's main intelligence arm , the GRU , are back at it and have successfully breached the International Association of Athletics Federations . The IAAF is the world governing body for track and field . Just as with the 2016 attacks Attack.Databreach on the World Anti-Doping Agency ( WADA ) , also allegedly perpetrated Attack.Databreach by Kremlin-backed hackers , data on Therapeutic Use Exemption ( TUE ) applications were targeted . TUEs allow athletes to take normally-prohibited substances where they 're required , such as when they suffer from an illness . Sebastian Coe , an Olympic champion and current IAAF president , said the organization apologized to athletes affected by the hack , which dated back to at least February 21 . It was only this weekend , however , that the IAAF and partner organizations carried out a `` complex remediation across all systems and servers in order to remove the attackers ' access to the network , '' according to the official statement . On first inspection , it appeared data on TUEs was collected Attack.Databreach from a file server and stored in a newly created file , though it was n't clear if the information had been taken Attack.Databreach outside the network . `` Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential , '' said Coe . The IAAF 's contractor , Context Information Security , discovered the breach . The find came after the security firm was asked by the IAAF in January to `` conduct a proactive and thorough technical investigation across its systems , which led to the discovery of a sophisticated intrusion , '' a Context spokesperson told Forbes via email . The company was confident Fancy Bear , also known as APT28 , was responsible . `` The threat intelligence team at Context Information Security has tracked the tools , techniques and procedures of Fancy Bear/APT28 for a number of years , through our own investigations and through collaboration with many other cyber security researchers [ and ] organizations . Our findings in this investigation give us a high degree of confidence that this cyber attack can be attributed to Fancy Bear/APT28 . '' In response to a question about the time it took from discovery in February to throwing the hackers off the network at the start of April , the spokesperson said the parties needed to collect forensic images to `` better understand how the attacks were carried out , what information may have been compromised Attack.Databreach . '' `` By taking the time to fully investigate the attack , the IAAF was able to remove the attackers ' access to the network as effectively as possible , '' the spokesperson added . If IAAF had gone public with this before the investigation was complete and before the attackers ' access was removed , the attackers may have been tipped off to the investigation and performed further malicious actions . The Facebook page for the WADA hackers , who posted under the pluralized name Fancy Bears , has not been updated since December 2016 . Though the TUEs show athletes legally use normally-banned substances , the Fancy Bear hacks still caused trouble for some athletes . Those affected by last year 's attacks on WADA and the USADA hit huge names across a range of sports , including tennis giants Serena and Venus Williams , and Rafael Nadal , as well as cycling superstar Bradley Wiggins , who continues to contest rumors about Team Sky 's operations . The Fancy Bear group was accused by multiple security companies , the DHS and the FBI of being sponsored by the Russian government and of carrying out the significant breach of the Democratic National Committee ( DNC ) .

WASHINGTON — The Internal Revenue Service said on Thursday that the personal data of as many as 100,000 taxpayers could have been compromised Attack.Databreach through a scheme in which hackers posed as Attack.Phishing students using an online tool to apply for financial aid . The breach may be the most extensive since 2015 , when thieves gained access Attack.Databreach to the tax returns of over 300,000 people by using stolen data and filed fraudulent returns to get refunds . The possibility of an attack became known in early March after the I.R.S . shut down its Data Retrieval Tool , which families used to import tax information to Fafsa , the Free Application for Federal Student Aid , on the Education Department ’ s website . The shutdown , at the height of financial aid application season , caused outrage among parents and students trying to fill out the complicated Fafsa forms . The I.R.S . has been struggling to overhaul its defenses against increasingly sophisticated cyberthreats as its budget shrinks and its staff dwindles . The agency became concerned last fall when it realized that it was possible for criminals to take advantage of the student loan tool that allows aid applicants to automatically populate the applications with their and their parents ’ tax information . The worry was that thieves might use the stolen data to file fraudulent returns and steal refunds , as they did two years ago . “ Fortunately we caught this at the front end , ” John Koskinen , the I.R.S . commissioner , said Thursday at a Senate Finance Committee hearing . The I.R.S . does not expect the tool to be secure and operational again until October . “ Our highest priority is making sure that we protect taxpayers and their identity , ” he said . But the breadth of the breach remains unknown , and Mr. Koskinen faced tough questions during the hearing as to why he did not act sooner . Senator Orrin G. Hatch of Utah , the Republican chairman of the committee , wondered why Mr. Koskinen had waited several months to shut down the tool after realizing that it might be vulnerable . Mr. Koskinen said he did not want to cut off a tool that millions of financial aid applicants use before the evidence of foul play was clear . After monitoring activity in the system , the I.R.S . noticed an unusual spike of unfinished applications in February that suggested criminals were at work . The commissioner , who in the past has faced calls from many Republican lawmakers to resign , said that the agency had already sent out 35,000 letters to taxpayers and that it was planning to contact 100,000 people to alert them that they might be at risk . The agency believes that fewer than 8,000 fraudulent returns were filed and processed , resulting in refunds issued . The questions about the security of data at the I.R.S . came less than two weeks before tax day and amid new calls from Republicans that Mr. Koskinen resign before his term ends in November . The commissioner has been a boogeyman for Republicans for years , because many in the party think that he has misled them over accusations that the agency overzealously audited certain conservative nonprofit groups .

Fraudulent emails are being received Attack.Phishing by individuals and/or companies with the subject title similar to `` Reinstate Your Account '' or `` [ Audit ] Reinstate Your Account '' . This email appears to be Attack.Phishing from UVA Community Credit Union telling them that an account is dormant and needs to be reinstated . The email includes a link that redirects the individual to a fraudulent web page and may contain a virus or malicious software , or solicit password information . If you receive Attack.Phishing an email like this , do not click on the link as doing so may open your system to damage from viruses . If you clicked through to this fraudulent website , you may be at risk for subsequent fraud . Change passwords to your Online Banking and Email accounts . You should ensure that you have the latest updates from your anti-virus vendor and run a full system scan . Please note that not all anti-virus vendors receive or update the latest virus signatures at the same time . Best practices are to configure your anti-virus software to automatically update and scan your computer on a regular basis . As always , you should closely monitor your accounts for suspicious activity . Visit our Security Center to learn more about protecting your computer , or if you believe you have been a victim of identity theft . UVA Community Credit Union will never contact you by email , cell phone , text message , or telephone asking for your personal information . If you have been a victim of a scam and think your UVA Community Credit Union account information may have been compromised Attack.Databreach , contact us immediately at 434-964-2001 or toll-free , 1-888-887-9136 .

Award-winning cooking tools company OXO revealed that it has suffered data breaches Attack.Databreach over the last two years that may have compromised Attack.Databreach customer and credit card information . In a breach disclosure letter filed with the State of California , OXO said that the data security incident involved “ sophisticated criminal activity that may have exposed Attack.Databreach some of your personal information. ” The attacker is believed to have accessed Attack.Databreach credit card information , along with names and billing and shipping addresses , though the letter does not state the scope of impact . “ On December 17 , 2018 , OXO confirmed through our forensic investigators that the security of certain personal information that you entered into our e-commerce website ( https : //www.oxo.com ) may have been compromised Attack.Databreach . We currently believe that information entered in the customer order form between June 9 , 2017 – November 28 , 2017 , June 8 , 2018 – June 9 , 2018 , July 20 , 2018 – October 16 , 2018 may have been compromised Attack.Databreach . While we believe the attempt to compromise Attack.Databreach your payment information may have been ineffective , we are notifying you out of an abundance of caution. ” OXO is currently working with security consultants and forensic investigators , who are looking Vulnerability-related.DiscoverVulnerability at past vulnerabilities in the website as part of an ongoing investigation of the incident . Additionally , the company has taken measures to secure its site to prevent future incidents . “ This latest breach underscores the importance of 24/7 security monitoring , ” said Matan Or-El , CEO of Panorays . “ With the new year upon us , companies should perform an in-depth review of all their digital assets to ensure that they and their third parties have not been compromised . We expect that future hacks will be targeted towards entire industries so as to maximize the payout for cyber-criminals. ” OXO has also secured the services of risk mitigation and response firm Kroll in order to extend identify monitoring services to its customers .

Award-winning cooking tools company OXO revealed that it has suffered data breaches Attack.Databreach over the last two years that may have compromised Attack.Databreach customer and credit card information . In a breach disclosure letter filed with the State of California , OXO said that the data security incident involved “ sophisticated criminal activity that may have exposed Attack.Databreach some of your personal information. ” The attacker is believed to have accessed Attack.Databreach credit card information , along with names and billing and shipping addresses , though the letter does not state the scope of impact . “ On December 17 , 2018 , OXO confirmed through our forensic investigators that the security of certain personal information that you entered into our e-commerce website ( https : //www.oxo.com ) may have been compromised Attack.Databreach . We currently believe that information entered in the customer order form between June 9 , 2017 – November 28 , 2017 , June 8 , 2018 – June 9 , 2018 , July 20 , 2018 – October 16 , 2018 may have been compromised Attack.Databreach . While we believe the attempt to compromise Attack.Databreach your payment information may have been ineffective , we are notifying you out of an abundance of caution. ” OXO is currently working with security consultants and forensic investigators , who are looking Vulnerability-related.DiscoverVulnerability at past vulnerabilities in the website as part of an ongoing investigation of the incident . Additionally , the company has taken measures to secure its site to prevent future incidents . “ This latest breach underscores the importance of 24/7 security monitoring , ” said Matan Or-El , CEO of Panorays . “ With the new year upon us , companies should perform an in-depth review of all their digital assets to ensure that they and their third parties have not been compromised . We expect that future hacks will be targeted towards entire industries so as to maximize the payout for cyber-criminals. ” OXO has also secured the services of risk mitigation and response firm Kroll in order to extend identify monitoring services to its customers .

The Internal Revenue Service ( IRS ) has said that personal data of nearly 100,000 taxpayers may have been compromised Attack.Databreach by a breach Attack.Databreach of its tool to apply for student financial aid , The Chronicle of Higher Education reports . The Free Application for Federal Student Aid ( FAFSA ) tool was taken offline in March after discovery of suspicious activity , and will be operational only in October . In a statement to the Senate Finance Committee , IRS chief John Koskinen said 35,000 affected people had been notified of the breach Attack.Databreach and $ 30 million been paid for around 8,000 fraudulent tax refunds . The IRS has come under fire for cutting off the tool and Senator Lamar Alexander of Tennessee , urged authorities to “ continue to prioritize getting the helpful data-retrieval tool back online quickly with adequate protection for users ’ data ” . The agency admits being made aware in September last year that FAFSA could be misused by hackers . “ To shut it down without a clear indication of criminals actually using it seemed to us that it was going to unnecessarily disadvantage millions of people who used it , ” Koskinen clarified , says The Wall Street Journal

The Internal Revenue Service ( IRS ) has said that personal data of nearly 100,000 taxpayers may have been compromised Attack.Databreach by a breach Attack.Databreach of its tool to apply for student financial aid , The Chronicle of Higher Education reports . The Free Application for Federal Student Aid ( FAFSA ) tool was taken offline in March after discovery of suspicious activity , and will be operational only in October . In a statement to the Senate Finance Committee , IRS chief John Koskinen said 35,000 affected people had been notified of the breach Attack.Databreach and $ 30 million been paid for around 8,000 fraudulent tax refunds . The IRS has come under fire for cutting off the tool and Senator Lamar Alexander of Tennessee , urged authorities to “ continue to prioritize getting the helpful data-retrieval tool back online quickly with adequate protection for users ’ data ” . The agency admits being made aware in September last year that FAFSA could be misused by hackers . “ To shut it down without a clear indication of criminals actually using it seemed to us that it was going to unnecessarily disadvantage millions of people who used it , ” Koskinen clarified , says The Wall Street Journal

Payday lender Wonga appears to be the latest big-name brand to suffer a damaging data breach Attack.Databreach , after admitting over the weekend “ there may have been illegal and unauthorized access Attack.Databreach ” to customers ’ personal details . The firm was tight-lipped on how many customers might have been affected , although reports suggest it is in the region of 270,000 , most of whom are based in the UK . The short-term loans company , which charges customers over 1200 % APR , was also short on details and hedged its bets somewhat as to the cause . The firm claimed in an FAQ on the incident that it is still trying to establish the details and contact those affected . What we do know is that customer names , e-mail addresses , home addresses and phone numbers may have been compromised Attack.Databreach , along with the last four digits of their card number and/or bank account number and sort code . It added : “ We do not believe your Wonga account password was compromised Attack.Databreach and believe your account should be secure , however if you are concerned you should change your account password . We also recommend that you look out for any unusual activity across any bank accounts and online portals ” . Wonga also advised customers to be on the lookout for follow-up scams , both online and over the phone . The kind of information that appears to have been compromised Attack.Databreach would certainly provide seasoned fraudsters with enough to socially engineer targets into divulging more details such as their full card numbers . This is just the latest in a long line of breaches at big-name companies . Data from over 130,000 customers of network operator Three was illegally obtained Attack.Databreach by fraudsters back in November . The impact to brand and reputation can be a serious blow to breached organizations . TalkTalk is said to have lost 100,000 customers and £60m as a result of a breach at the ISP . André Stewart , EMEA vice-president at Netskope , argued that coming European privacy laws will force organizations to be more accountable for their data practices . “ As a result , companies will be forced to take active measures to mitigate any threats to personal privacy , whether that data is stored on-premises or in the cloud . Any companies falling short of these standards could face hefty fines , ” he explained . “ Alongside demonstrating that they have coached employees on the GDPR and secure data handling , employers will also need to provide staff with the tools to do their jobs securely without sacrificing ease and convenience ” . Kevin Cunningham , president of SailPoint , added that staff from the board down need to be well-drilled in order to help protect sensitive customer information . “ In today ’ s market , it ’ s a matter of when , not if , a data breach Attack.Databreach will happen . So the most important factors are prevention , education , and rapid response , ” he argued . “ When a breach does happen , it ’ s important to quickly find out how and why it occurred , assess the damage and required response , and put IT controls in place to address future attacks ”

Payday lender Wonga appears to be the latest big-name brand to suffer a damaging data breach Attack.Databreach , after admitting over the weekend “ there may have been illegal and unauthorized access Attack.Databreach ” to customers ’ personal details . The firm was tight-lipped on how many customers might have been affected , although reports suggest it is in the region of 270,000 , most of whom are based in the UK . The short-term loans company , which charges customers over 1200 % APR , was also short on details and hedged its bets somewhat as to the cause . The firm claimed in an FAQ on the incident that it is still trying to establish the details and contact those affected . What we do know is that customer names , e-mail addresses , home addresses and phone numbers may have been compromised Attack.Databreach , along with the last four digits of their card number and/or bank account number and sort code . It added : “ We do not believe your Wonga account password was compromised Attack.Databreach and believe your account should be secure , however if you are concerned you should change your account password . We also recommend that you look out for any unusual activity across any bank accounts and online portals ” . Wonga also advised customers to be on the lookout for follow-up scams , both online and over the phone . The kind of information that appears to have been compromised Attack.Databreach would certainly provide seasoned fraudsters with enough to socially engineer targets into divulging more details such as their full card numbers . This is just the latest in a long line of breaches at big-name companies . Data from over 130,000 customers of network operator Three was illegally obtained Attack.Databreach by fraudsters back in November . The impact to brand and reputation can be a serious blow to breached organizations . TalkTalk is said to have lost 100,000 customers and £60m as a result of a breach at the ISP . André Stewart , EMEA vice-president at Netskope , argued that coming European privacy laws will force organizations to be more accountable for their data practices . “ As a result , companies will be forced to take active measures to mitigate any threats to personal privacy , whether that data is stored on-premises or in the cloud . Any companies falling short of these standards could face hefty fines , ” he explained . “ Alongside demonstrating that they have coached employees on the GDPR and secure data handling , employers will also need to provide staff with the tools to do their jobs securely without sacrificing ease and convenience ” . Kevin Cunningham , president of SailPoint , added that staff from the board down need to be well-drilled in order to help protect sensitive customer information . “ In today ’ s market , it ’ s a matter of when , not if , a data breach Attack.Databreach will happen . So the most important factors are prevention , education , and rapid response , ” he argued . “ When a breach does happen , it ’ s important to quickly find out how and why it occurred , assess the damage and required response , and put IT controls in place to address future attacks ”

Regulators and medical-device-makers are bracing for an expected barrage of hacking attacks even as legal and technical uncertainties leave them in uncharted territory . Tens of millions of electronic health records have been compromised Attack.Databreach in recent years , a number that is growing and , some say , underreported . High-profile attacks have hit hospitals and health insurers , and now attention is turning to a new vulnerability : medical devices like pacemakers and insulin pumps . The Food and Drug Administration ( FDA ) has become increasingly concerned about the issue and is working to coordinate with other agencies on how to respond if a serious medical device hack were to occur . There have been rumblings over cybersecurity for years . More than 113 million personal health records were compromised Attack.Databreach in 2015 , according to provider data reported to the Department of Health and Human Services ( DHS ) , nine times as many as in 2014 . Last fall , Johnson & Johnson had to tell Vulnerability-related.DiscoverVulnerability its customers that its insulin pumps had a security vulnerability that hackers could use to access the device and cause a potentially fatal overdose of insulin . `` In just the last few years , we 've seen more than a hundred million health records of American citizens breached Attack.Databreach in a couple of well-publicized incidents , '' Terry Rice , vice president of IT risk management and chief information security officer at Merck & Company , told the Energy and Commerce Oversight and Investigations Subcommittee last week .

Personal and financial data of some 270,000 customers of UK payday loan firm Wonga have likely been pilfered Attack.Databreach in a data breach Attack.Databreach . The data that was accessed Attack.Databreach by the attackers includes the name , e-mail address , home address , and phone number of around 245,000 customers in the UK and 25,000 customers in Poland , as well as the last four digits of their payment card number and/or their bank account number and sort code . “ We do not believe your Wonga account password was compromised Attack.Databreach and believe your [ loan ] account should be secure , however if you are concerned you should change your account password . We also recommend that you look out for any unusual activity across any bank accounts and online portals , ” the company advised users . “ We will be alerting financial institutions about this issue and any individuals impacted as soon as possible , but we recommend that you also contact your bank and ask them to look out for any suspicious activity. ” They ’ ve also warned users to be on the lookout for scammers looking to leverage the stolen information to gain more information or money directly from the users . According to the BBC , the company noticed that something was amiss last week , but it took them until Friday to discover that customer data may have been compromised Attack.Databreach . The company started to inform customers of the breach Attack.Databreach on Saturday . “ Wonga ’ s stock with the general public has never been particularly high , but this breach will see it fall even further . It is simply the latest name in a long list of data breach victims that will come to realise that the reputational impact of a breach is more damaging than anything the ICO can do to them , or the cybercriminals themselves for that matter , ” commented Marc Agnew , Vice President , ViaSat Europe . “ The stakes are so high that organisations need to treat cyber-attack not only as a threat , but as an inevitability . Organisations must therefore ensure that all customer data is encrypted , not just the passwords and card details , so that any stolen data is essentially worthless . Inadequately protecting customer data can create massive problems for enterprises and consumers alike . Reacting to an attack appropriately is vital ; from isolating and identifying the origin , to taking stock of what has been stolen Attack.Databreach or affected and making sure those who have been put at risk are notified and protected as soon as possible . By the looks of it , Wonga ’ s customers were alerted in a timely manner and should be well informed enough to take action . This is all Wonga can do at this stage , but it ’ ll be interesting to see what happens next and how serious an attack this turns out to be. ” “ While the organisation has stated that affected customers are unlikely to be at risk of theft , the fact remains that private personal information was compromised Attack.Databreach – posing a risk to customers , ” André Stewart , VP EMEA at Netskope , pointed out . “ Data loss prevention needs to be a key priority for all businesses . The EU General Data Protection Regulation ( GDPR ) – set to come into effect in just over a year – will hold organisations accountable for their data practices . As a result , companies will be forced to take active measures to mitigate any threats to personal privacy , whether that data is stored on-premises or in the cloud . Any companies falling short of these standards could face hefty fines , ” he also noted .

Ciphr , a company which offers encrypted communications for BlackBerry 10 and Samsung Knox smartphones , claims that a rival firm are behind a data dump Attack.Databreach of its customers ' email addresses and their device 's IMEI numbers . A website displaying the alleged leaked data claims that `` all Ciphr emails/servers have been compromised Attack.Databreach . '' Two sources that use Ciphr on their phones told Motherboard the leak Attack.Databreach includes their information as well as the data of other users . Specifically , the website lists users ' email addresses and IMEI numbers , data which law enforcement can leverage to expose Attack.Databreach a user . In a message provided to Motherboard from one of its sources , the privacy platform says the data dump Attack.Databreach was not the result of a data breach Attack.Databreach . Instead Ciphr blames a rival company for the incident : `` Our rapid growth has caught the attention of competitors seeking to slow us down by way of slander , blocking and DDOS [ distributed denial of service attacks ] .... We were shocked that any company in this industry would release information to the public under any circumstance . '' Ciphr 's management explains in a blog post that a rogue reseller who was granted access to its sales systems gave the information to SkySecure , which makes custom Blackberry devices . The company goes on to note that most of the information included in the data dump Attack.Databreach was already expired . But it does say a few active users ' email addresses and IMEI numbers were included in the leak Attack.Databreach .