. The data breachAttack.Databreachhappened at one DocuSign computer system location and has since been contained . While short-lived , the malware was able to obtainAttack.Databreachmany customer and user emails from the DocuSign database . Fortunately , the breachAttack.Databreachwas limited to email addresses ; no documents or further customer information was accessedAttack.Databreachin the attackAttack.Databreach. The attackers have begun sending outAttack.Phishingmalicious emails with the company ’ s branding to DocuSign customers and users . In an alert on the DocuSign website , the company shared that it is tracking these emails which carry a downloadable Microsoft Word document harboring malware to attack the user ’ s system . The email subject line has been known to read : “ Completed : docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature. ” How to protect yourself If you are not expecting an email via DocuSign , do not click on the link . If you are expecting a document , but are unsure of the source , you can access your document directly by visiting docusign.com . Every legitimate DocuSign email has a code which the user can enter on the website to access their document . DocuSign has asked that people forward suspicious emails to spam @ docusign.com then delete the email from their inboxes . It is important to remember that DocuSign will never request a customer or user to open a PDF , Microsoft Office document or ZIP file in an email .
City employees in Atlanta coming to work Friday morning were told not to turn on their computers and WiFi at the Atlanta airport was turned off due to a ransomware attackAttack.Ransomthat hitAttack.Ransommunicipal systems on Thursday . As employees walked into city hall for work , they were handed a printed notice telling them to not use their computers until they were cleared by the municipal IT group , the Atlanta Journal Constitution reported . At a news conference Friday afternoon , Atlanta chief operating officer Richard Cox said that the WiFi at Hartsfield–Jackson Atlanta International Airport had been disabled out of `` an abundance of caution . '' The city is still working on mitigating the ransomware and Mayor Keisha Lance Bottoms did not answer questions from reporters as to whether the attack had ended . `` What we want to make sure of is that we aren ’ t putting a Band-Aid on a gaping wound . We want to make sure that we take the appropriate steps , '' she said . Atlanta doesn ’ t know who is behind the attack , the mayor said . The good news is that while “ this is a massive inconvenience to the city , it is not life and death , ” she said . Police , fire and other vital services are still fully functional , Cox said . The attack hit early Thursday morning . Bottoms has repeatedly told employees they should monitor their bank accounts because city officials don ’ t yet know what information was compromisedAttack.Databreachin the attackAttack.Databreach. `` Let 's just assume that if your personal information is housed by the City of Atlanta , whether it be because you are a customer who goes online and pays your bills or any employee or even a retiree , we do n't know the extent , so we just ask that you be vigilant , '' Bottoms said . The ransomware is affecting applications that customers use to pay bills and access court-related information among other things , Bottoms said . The attackers demandedAttack.Ransomthe equivalent of $ 51,000 in digital currency to unlock the system . The city is working with the FBI and local law enforcement to investigate the attack , Cox said . While it has been a difficult two days , Atlanta will in the end prevail , he said . `` The city was around before computers were around , said Cox . `` We ’ ll rise from the ashes , '' he added
The Onslow Water and Sewer Authority 's internal computer system , including servers and personal computers , was hit by a ransomware attackAttack.RansomSaturday . The utility said customer information was not compromisedAttack.Databreachin the attackAttack.Databreach, but many of databases will have to be recreated in their entirety . OWNASA said it is coordinating with the FBI , the Department of Homeland Security , the state of North Carolina , and several technology security companies in response to the attack . The safety of the public ’ s water supply and the area ’ s environment are not in danger , the utility said . ONWASA began experiencing persistent virus attacks from a polymorphic malware known as EMOTET on October 4 . The virus was thought to be under control , but when it persisted ONWASA brought in outside security specialists . The specialist continued to work the problem with ONWASA Information Technology ( IT ) staff . At what ONWASA officials said may have been a timed event , the malware launched a sophisticated virus known as RYUK at 3 a.m. on Saturday . An ONWASA IT staffer saw the attack and immediately disconnected ONWASA from the internet . However , the crypto-virus spread quickly along the network , encrypting databases and files . The attack is similar in nature to those experienced by Atlanta , Georgia and Mecklenburg County . lONWASA said it had mulitple layers of computer protection in place , including firewalls and malware/anti-virus software . The defenses of the computer systems at the main office were penetrated . ONWASA has received one email from the cybercriminals , who it said may be based in a foreign country . The email is consistent with ransomware attacksAttack.Ransomof other governments and corporations . OWNASA officials said ransom monies “ would be used to fund criminal , and perhaps terrorist activities in other countries . Furthermore , there is no expectation that payment of a ransomAttack.Ransomwould forestall repeat attacks . ONWASA will not negotiate with criminals nor bow to their demands . The FBI agrees that ransoms should not be paidAttack.Ransom. ONWASA will undertake the painstaking process of rebuilding its databases and computer systems from the ground up. ” The lack of computing ability will affect the timeliness of service from ONWASA for several weeks to come . Initially , the utility will operate manually at all plant and office locations . Water and wastewater service to homes and businesses will not be interrupted , the utility said . Customers may continue to make credit card payments by phone , at ONWASA 's kiosk locations ( by check , cash , or credit card ) , and in person at the main office at 228 Georgetown Road , Jacksonville . Satellite Offices in Holly Ridge , Swansboro , and Richlands have the capability of processing credit card payments by phone and very limited other services . Service orders , account creation , connections , disconnections , development review , backflow program , engineering , and human resources will utilize manual processes until the computer systems are restored . While phone service remains , email service has been interrupted for most of the utility . ONWASA said a team of local , state , and federal agencies are cooperating to restore the utility and bring the criminals to justice .
In the wake of Hurricane Florence disaster , ONWASA , a water utility company has been specifically targeted by cyber criminals . ONWASA provides water and sewer service to all of Onslow County except Jacksonville residents . According to a press release , ONWASA 's internal computer system , including servers and personal computers , have been subjected to a sophisticated ransomware attackAttack.Ransom. The attack has left the utility with limited computer capabilities . CEO Jeffrey Hudson said customer information was not compromisedAttack.Databreachin the attackAttack.Databreach. However , many other databases must be recreated in their entirety . ONWASA is working with the FBI , the Department of Homeland Security , the state of North Carolina and several technology security companies . They are also receiving help from N.C . Senator Harry Brown and N.C . Senator Thom Tillis . Hudson said he believes the attack was a targeted one because the hackers chose a local government that has recently been ransacked by a natural disaster . The hackers struck at 3 a.m. on Saturday -- a time Hudson says was their most vulnerable . The attack is similar in nature to the one experienced in Mecklenburg County last year . Hudson said the damage the attack caused could take weeks or even months to fix . According to ONWASA , the company had multiple layers of computer protection in place , including firewalls and malware/anti-virus software . The defenses of the computer systems at the main office were penetrated . ONWASA has received one email from the cyber criminals , who may be based in a foreign country . The email is consistent with ransomware attacksAttack.Ransomof other governments and corporations . Ransom monies would be used to fund criminal , and perhaps terrorist activities in other countries . There is no expectation that a ransom paymentAttack.Ransomwould stop future attacks . The cyber attackers are demanding paymentAttack.Ransomto decrypt everything that was stolen . ONWASA said it will not `` negotiate with criminals nor bow to their demandsAttack.Ransom. '' Instead , ONWASA will rebuild its databases and computer systems from the ground up .
Cloquet school district has been hit by a ransomware attackAttack.Ransomsecond time in the past three years . The ransomware is a virulent computer malware , which attacks by spreading from one computer to another and locking up the access to the network servers . The ransomware also encrypts the documents and then demands ransomAttack.Ransomfor providing a key to unlock encrypted files . In March 2016 , the previous occasion when the ransomware attacked , the district cancelled the school for one day so as to let the technology staff have time for recovering from the malware . During that attack , the district servers as well as over 600 computers got infected badly . The current attack took place during the summer vacation , and was not as harmful as of last time . As per staff report from T.J. Smith , Cloquet School District Technology Director , the virus has encrypted files available on all the servers except one , this included the network shared drives . However , the attackAttack.Databreachdoes not indicate stealingAttack.Databreachof any information . The virus only encrypted the files , so that the users were not able to open them . Board members of Cloquet School were explained by Smith on 13 Aug , 2018 , that the district only was left with two options other than succumbing to the demands of ransomAttack.Ransomby the hacker - one , trying to recover data with a probability that the data may not be retrieved and then it would be a complete waste of money and time . The second option was to plan out the way of recreating the data and rebuilding the affected servers . Smith , however , advocated for second option as the data lost was not so important and the insurance will help in paying out for recovering the infected servers . Unanimously , the board members also voted for second option , which is recreating the data and rebuilding the affected servers . Besides , the board members suggested hiring a `` forensic '' company to investigate on the ransomware attackAttack.Ransomand determine the source from where the virus has entered . On a brighter side , Smith revealed that the technology staffs have been able to recover some of the lost data , and they are also capable of recreating the data that is unrecoverable . He also commented that the process of recovery will not at any cost affect the commencement of the school session in the month of September .
Buzz60 A view of the Kremlin in Moscow on Jan. 6 , 2017 . Russia 's alleged use of computer hacking to interfere with the U.S. presidential election fits a pattern of similar incidents across Europe for at least a decade . Cyberattacks in Ukraine , Bulgaria , Estonia , Germany , France and Austria that investigators attributed to suspected Russian hackers appeared aimed at influencing election results , sowing discord and undermining faith in public institutions that included government agencies , the media and elected officials . Those investigations bolster U.S. intelligence findings of Russian meddling to help elect Donald Trump , a conclusion the president-elect has disputed — although he conceded Friday after a private intelligence briefing that Russia was among the possible hacking culprits . “ They ’ ve been very good at using the West ’ s weaknesses against itself , the open Internet to hack , the free media to sow discord , and to cause people to question the underpinnings of the systems under which they live , ” said Hannah Thoburn , a research fellow at the Hudson Institute , a Washington think tank . U.S. National Intelligence Director James Clapper told a Senate committee Thursday that Russian intelligence hackers , masquerading as third parties , have conducted attacks abroad that targeted critical infrastructure networks . “ Russia also has used cyber tactics and techniques to seek to influence public opinion across Europe and Eurasia , ” Clapper said . A declassified intelligence report on the Russian hacking released Friday accused Russian President Vladimir Putin of ordering the effort to help elect Trump . It warned that Russia would use lessons learned from the effort to disrupt elections of U.S. allies . USA TODAY Intel chiefs : We 're certain that Russia tried to influence U.S. election In 2007 , Putin told the Munich Security Conference that the United States ’ effort to spread its form of democracy was an insidious threat to Russia and other nations and that his government would push back . Russian sabotage of Western computer systems started that same year . In 2007 , Estonia accused hackers using Russian IP addresses of a wide-scale denial of service attack that shut down the Internet in the former Soviet republic and one of NATO ’ s newest members . According to The Guardian newspaper , the attacks came in waves that coincided with riots on May 3 , 2007 , over the statue , whose removal drew objections from Russia and Russian-speaking Estonians , and on May 8 and 9 , when Russia celebrated its victory over Nazi Germany . They blamed the attacks on a pro-Russia group called CyberBerkut . Hudson analyst Thoburn , who was working as an election observer in Ukraine at the time , said the Ukrainians were able to get around it by deleting their entire system and restoring it from a backup that was not contaminated . Ukrainian officials have also accused Russia of being behind a power grid attack in December 2015 that cut power to 80,000 in western Ukraine . In overt actions against Ukraine , Russia seized the province of Crimea in 2014 and helped armed separatists launch a rebellion in eastern Ukraine . German intelligence in 2015 accused Russia of hackingAttack.Databreachat least 15 computers belonging to members of Germany ’ s lower house of parliament , the Bundestag , and stealing dataAttack.Databreach. Germany ’ s Federal Office for the Protection of the Constitution ( BfV ) said the attackAttack.Databreachwas conducted by a group called Sofacy , which “ is being steered by the Russian state . '' BfV chief Hans-Georg Maassen told Reuters in November that Moscow has tried to manipulate the media and public opinion through various means , including planting false stories . One in 2015 by Russian media was about a German-Russian girl kidnapped and raped by migrants in Berlin . German Chancellor Angela Merkel said she could not rule out Russian interference in Germany 's 2017 federal election through Internet attacks and disinformation campaigns . The country 's Central Election Commission had been hacked during a referendum and local elections in 2015 that was almost certainly linked to Russia and a group that had hacked NATO headquarters in Brussels in 2013 , then-President Rosen Plevneliev told the BBC in November . `` The same organization that has attackedAttack.Databreachthe ( German Parliament ) — stealingAttack.Databreachall the emails of German members of Parliament — the same institution that has attackedAttack.DatabreachNATO headquarters , and that is the same even that has tried to influence American elections lately and so in a very high probability you could point east from us ” ( to Moscow ) , Plevneliev said . A pro-Russian political novice was elected in November to replace Plevneliev . The Vienna-based Organization for Security and Cooperation in Europe , whose tasks include monitoring elections across Europe and the conflict in eastern Ukraine , was attacked in “ a major information security incident ” in November , spokeswoman Mersiha Causevic Podzic said . The incident “ compromised the confidentiality ” of the organization ’ s IT networks , Podzic said . The French daily Le Monde , which first reported the incident , cited a Western intelligence agency attributing the attack to the Russia-linked group APT28 , aka Fancy Bear , and Sofacy . Russia , a member of the OSCE , has objected to the group ’ s criticism of Russian-backed forces battling the Ukrainian government in eastern Ukraine . Russian hackers posing as the “ Cyber Caliphate ” were suspected of attacking France ’ s TV5Monde television channel in 2014 , causing extensive damage to the company ’ s computer systems , FireEye , a cyber security firm that examined the attack , told BuzzFeed . The attack involved posting of Islamic State propaganda , but appeared to use the same servers and have other similarities with Russian-linked APT28 , the group that is a suspect in attacks on the Democratic National Committee , the OSCE and several other European countries . “ APT28 focuses on collecting intelligence that would be most useful to a government , ” FireEye said . “ Specifically , since at least 2007 , APT28 has been targeting privileged information related to governments , militaries and security organizations that would likely benefit the Russian government ” . The security chief of France 's ruling Socialist Party recently warned that the country 's presidential election this spring is at risk of being hacked . Hackers in 2014 attackedAttack.Databreachthe Warsaw Stock Exchange and at least 36 other Polish sites , stealing dataAttack.Databreachand posting graphic images from the Holocaust . The group that claimed responsibility , CyberBerkut , is the same Russian-linked group that attacked Ukrainian sites . The group , posing as Islamic radicals , stoleAttack.Databreachdata and releasedAttack.Databreachdozens of client log-in data , causing mayhem for the exchange , according to Bloomberg News . Dan Wallach , a computer scientist at Rice University who testified about election computer security on Capitol Hill in September , said definitive proof of who conducted an attack would reveal methods and sources who would be lost or killed if exposed . “ You ’ re never going to have definitive attribution , ” Wallach said in an interview . “ The proof is some crazy top secret thing and not for public dissemination ” .
The world governing body of track and field says it has become the victim of a cyberattack by a Russian hacking group linked to other incidents , including the hacking of the World Anti-Doping Agency and the U.S. Democratic Party . In an April 3 statement , the International Association of Athletics Federations ( IAAF ) attributed the attack to the Fancy Bear group . It said it believed the attackAttack.Databreach`` has compromisedAttack.Databreachathletes ' Therapeutic Use Exemption ( TUE ) applications stored on IAAF servers '' during an unauthorized remote accessAttack.Databreachto its network on February 21 . Fancy Bear began postingAttack.Databreachmedical records of Olympians online last year , with U.S. and British athletes making up a large proportion of those targeted . Only selected records were releasedAttack.DatabreachThe IAAF said it contacted Context Information Security , a British security company , in January to undertake a technical investigation of its systems . The company says that investigation `` led to the discovery of a sophisticated intrusion . '' IAAF President Sebastian Coe said his organization will continue to do all it can to `` to remedy the situation and work with the world 's best organizations to create as safe an environment as we can . '' Fancy Bear gained widespread notoriety last year when cyber-researchers identified it and another group -- and they appeared to be linked to Russian intelligence services . They were also said to be behind the hack of the U.S. Democratic Party 's computer systems .
TORONTO , April 19 ( Reuters ) - Global hotel chain InterContinental Hotels Group Plc said 1,200 of its franchised hotels in the United States , including Holiday Inn and Crowne Plaza , were victims of a three-month cyber attackAttack.Databreachthat sought to stealAttack.Databreachcustomer payment card data . The company declined to say how many payment cards were stolenAttack.Databreachin the attackAttack.Databreach, the latest in a hacking spreeAttack.Databreachon prominent hospitality companies including Hyatt Hotels Corp , Hilton , and Starwood Hotels , now owned by Marriott International Inc . The breachAttack.Databreachlasted from September 29 to December 29 , InterContinental spokesman Neil Hirsch said on Wednesday . He declined to say if losses were covered by insurance or what financial impact the hackingAttack.Databreachmight have on the hotels that were compromisedAttack.Databreach, which also included Hotel Indigo , Candlewood Suites and Staybridge Suites properties . The malware searched for track dataAttack.Databreachstored on magnetic stripes , which includes name , card number , expiration date and internal verification code , the company said . Hotel operators have become popular targets because they are easier to breachAttack.Databreachthan other businesses that store credit card numbers as they have limited knowledge in defending themselves against hackers , said Itay Glick , chief executive of Israeli cyber-security company Votiro . `` They do n't have massive data centers like banks which have very secure systems to protect themselves , '' said Glick . InterContinental declined to say how many franchised properties it has in the United States , which is part of its business unit in the Americas with 3,633 such properties . In February , InterContinental said it had been victim of a cyber attack , but at that time said that only 12 of its 286 managed properties in the Americas were infected with malware .
Online gaming company Reality Squared Games ( R2Games ) has been compromisedAttack.Databreachfor the second time in two years , according to records obtainedAttack.Databreachby the for-profit notification service LeakBase . The hacker who shared the data with LeakBase says the attackAttack.Databreachhappened earlier this month . Headquartered in Shenzhen , China , R2Games operates a number of free-to-play , micropayment-driven games on iOS and Android , as well as modern browsers . The company currently supports 19 online games , and claims over 52 million players . In December of 2015 , stretching into July of 2016 , more than 22 million R2Games accounts were compromisedAttack.Databreach, exposingAttack.DatabreachIP addresses , easily cracked passwords , email addresses , and usernames . The company denied the breach reports , telling one customer that `` R2Games is safe and secured , and far from being hackedAttack.Databreach. '' The hacker claims all forums were compromisedAttack.Databreach, in addition to the Russian version of r2games.com . The latest record set includes usernames , passwords , email addresses , IP addresses , and other optional record fields , such as instant messenger IDs , birthday , and Facebook related details ( ID , name , access token ) . LeakBase shared the most recent records with Troy Hunt , a security researcher and owner of the non-profit breach notification website `` Have I Been Pwned ? '' ( HIBP ) . Hunt checked the data by testing a small sample of email addresses and usernames against the password reset function on R2Games . Every address checked was confirmed as an existing account . From there , Hunt did some number crunching . There were 5,191,898 unique email addresses in the data shared by LeakBase . However , 3,379,071 of those email addresses were using mail.ar.r2games.com or mail.r2games.com ; and another 789,361 looked generated , as they were all [ number ] @ vk.com addresses . LeakBase speculates that the r2games.com addresses are the result of registrations from third-party services . After stripping the questionable addresses Hunt was left with 1,023,466 unique email addresses to load into HIBP . Of this set , 482,074 have been seen before in other breaches , leaving 541,392 new entries for his index – and new notifications for 1,105 subscribers . When asked about the passwords , Hunt told Salted Hash many of them are MD5 with no salt , but a large number of them have a hash corresponding to the password `` admin '' and a few hundred thousand others are using the plain text word `` sync '' . `` The observation I 'd make here is that clearly , they do n't seem to be learning from previous failures . The prior incident should really have been a wake-up call and to see a subsequent breach not that long after is worrying . Perhaps the prior denials are evidence that they just do n't see the seriousness in security , '' Hunt said , when asked his opinion about the latest R2Games data breachAttack.Databreach. Salted Hash reached out to R2Games , but the company did n't respond to questions . Emails were sent to support , as well as recruiting and sales , on the off chance someone could direct them to the proper resources . For their part , LeakBase said since this data breachAttack.Databreachis n't in the public domain , they will not add the records to their service and it will not be searchable . However , they do plan to email impacted users and inform them of the incident . HIBP has been updated , and those changes are live now . If you 're an R2Games player , it might be wise to change your password and make sure the old password is n't used on any other websites . Also , keep an eye out for gaming related offers and emails , as well as `` notifications '' from domains that are n't related to R2Games itself - as those could be scammers looking to cash-in on the breach . While the hacked data is n't public yet , there 's nothing preventing the person who shared it with LeakBase from selling it or trading it .
The OurMine hackers are back in the news again . This time the group hacked and defaced the official domain of Unity 3D Forums leaving a deface page along with a note over the weekend . The hack which took place on 30th April allowed the Saudi Arabia-based OurMine hacking group to compromise the forum ’ s security and leave a note stating “ Hacked by OurMine , Your Security is low. ” Unity 3D administrators have acknowledged the hackAttack.Databreachbut stated that no password was stolenAttack.Databreachin the attackAttack.Databreachand that the 2FA Authentication will be introduced to the forums for better security . Furthermore , the administrators are also planning to bring Device Identification and Password Policy on the forums . According to the official statement from Unity 3D : Thanks to everyone that have reached out about our forums being compromised – we are on it ! — Unity ( @ unity3d ) April 30 , 2017 One of the team members from Unity stated on Reddit that : After the hack , the Unity 3D forums was down for maintenance though at the time of publishing this article the forums were online and reachable . However , if you have an account on Unity 3D forums it is advised that you change your password . Just in case if you are not familiar with the OurMine then this is the same group who conducted the biggest hack in YouTube ’ s history last month by taking over hundreds of popular YouTube accounts and defacing their titles with # OurMine signature . The same group was in the news for hacking Google ’ s CEO Sundar Pichai , Facebook ’ s CEO Mark Zuckerberg , Co-founder of Twitter Jack Dorsey and several other top media celebrities and news outlets . It is unclear how OurMine hacksAttack.Databreachits victims but researchers believe that the group uses passwords stolenAttack.Databreachfrom previous data breachesAttack.Databreachincluding LinkedIn and MySpace . The group is also working on establishing itself as an IT security firm to help companies against cyber attacks , however , it is unclear whether such tactics will give them clients or scare them away . DDoS attacks are increasing , calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator .
A cyber attack has compromisedAttack.Databreachthe personal data of up to 26,000 Debenhams customers . The breachAttack.Databreach, which is understood to have been malware-based , targeted the online portal for the retailer 's florist arm , Debenhams Flowers . Debenhams has stressed that the site is operated by Ecomnova , a third-party supplier , and that customers of other services have not been affected . Ecomnova also operates Debenhams ' websites for hampers , personalised gifts and wines . While all four sites have been suspended , the retailer has not announced whether the others were also breached . Debenhams confirmed to Sky News that customer payment details , names and addresses were accessed or stolenAttack.Databreachduring the attackAttack.Databreach. In a statement the company stressed that it was only the Ecomnova-run site that had been compromisedAttack.Databreach, and that customers of its main website Debenhams.com `` can be confident they are unaffected by this attack '' . `` All affected customers have been contacted by Debenhams to inform them of the incident , '' the firm told Sky News . `` We are working with Ecomnova to ask the banks of those affected to block payment cards of those customers affected and issue customers with new cards . '' Debenhams said the incident had been reported to the Information Commissioner 's Office ( ICO ) , the UK 's independent body for upholding the Data Protection Act . Following a cyber attack in October 2015 , the ICO fined TalkTalk a record £400,000 after 15,656 individuals ' bank account details and sort codes were stolenAttack.Databreach. An ICO spokesperson said it was aware of the `` potential incident '' involving Debenhams Flowers and that enquiries were being made . `` Businesses and organisations are required under the Data Protection Act to keep people 's personal data safe and secure , '' the spokesperson said . Debenhams chief executive Sergio Bucher said : `` As soon as we were informed that there had been a cyber attack , we suspended the Debenhams Flowers website and commenced a full investigation . `` We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk . '' Ecomnova did not immediately respond to Sky News for comment .
OneLogin has revealed more about the attackAttack.Databreachon its systems , confirming that a `` threat actor '' had accessedAttack.Databreachdatabase tables including `` information about users , apps , and various types of keys . '' It warned once again that the malefactor , who was able to rifle through OneLogin 's infrastructure for seven hours , may have been able to decrypt customer data . The company said : Our review has shown that a threat actor obtained accessAttack.Databreachto a set of AWS keys and used them to access the AWS API from an intermediate host with another , smaller service provider in the US . Evidence shows the attack started on May 31 , 2017 around 2 am PST . Through the AWS API , the actor created several instances in our infrastructure to do reconnaissance . OneLogin staff was alerted of unusual database activity around 9 am PST and within minutes shut down the affected instance as well as the AWS keys that were used to create it . One customer affected by the OneLogin attack told Ars that he was having to `` rebuild the whole authentication security system ... OUCH ! '' OneLogin told fretful customers in an internal notification that they would need to work through a number of steps to secure their accounts , including generation of new API credentials and OAuth tokens . Any users served by the firm 's US data centre have been hit by the breach , OneLogin said . `` While we encrypt certain sensitive data at rest , at this time we can not rule out the possibility that the threat actor also obtainedAttack.Databreachthe ability to decrypt data , '' OneLogin said . `` We are thus erring on the side of caution and recommending actions our customers should take , which we have already communicated to our customers . '' OneLogin has admitted that the single sign-on ( SSO ) and identity management firm has suffered a data breachAttack.Databreach. However its public statement is vague about the nature of the attack . An e-mail to customers provides a bit of detail—warning them that their data may have been exposed . And a support page that is only accessible to OneLogin account holders is even more worrying for customers . It apparently says that `` customer data was compromisedAttack.Databreach, including the ability to decrypt encrypted data . '' OneLogin—which claims to offer a service that `` secures connections across all users , all devices , and every application '' —said on Thursday that it had `` detected unauthorised access '' in the company 's US data region . It added in the post penned by OneLogin CISO Alvaro Hoyos : We have since blocked this unauthorised access , reported the matter to law enforcement , and are working with an independent security firm to determine how the unauthorised access happened and verify the extent of the impact of this incident . We want our customers to know that the trust they have placed in us is paramount . While our investigation is still ongoing , we have already reached out to impacted customers with specific recommended remediation steps and are actively working to determine how best to prevent such an incident from occurring in the future and will update our customers as these improvements are implemented . It has given customers a long list of actions to protect their accounts following the attack . It 's unclear why it is that OneLogin has provided three different sets of information to its customers . It 's possible the company was hoping to only disclose more detail to those directly affected by the attack to avoid revealing potential weaknesses that may have exposed the data in the first place . But that attempt to keep the information under wraps has clearly backfired as customers scramble to secure their accounts . This is the second data breachAttack.Databreachthat OneLogin has suffered within the past year . Last August it warned customers of a cleartext login bug on its Secure Notes service , after `` an unauthorised user gained access to one of our standalone systems , which we use for log storage and analytics . '' Hoyos apologised for that particular breach . `` We are making every effort to prevent any similar occurrence in the future , '' he said at the time .
Los Angeles Valley College in Valley Glen was subject to a cyber attack over the winter break but it is not known how large the breachAttack.Databreachwas , officials said Tuesday . The attack was described as “ malicious cyber activity targeting Los Angeles Valley College , ” according to a statement from Los Angeles Community College District Chancellor Francisco Rodriguez . “ This attack is believed to have taken place over the holidays and we are working closely with local and federal authorities to learn more about its potential impact , ” Rodriguez said . “ Our top priority in resolving this incident is ensuring that the security and privacy of our students and employees is protected ” . Additional details about the attackAttack.Databreachwere not made available and it was not immediately clear if anyone ’ s personal data was compromisedAttack.Databreach. Los Angeles Sheriff ’ s cyber crimes unit was investigating , Deputy Caroline Rodriguez of the Sheriff ’ s Information Bureau said . The FBI did not immediately reply to emailed questions regarding the attack
News Corp is a network of leading companies in the worlds of diversified media , news , education , and information services . Addresses , names and phone numbers for staff were accessedAttack.Databreachin the data breachAttack.DatabreachSPORTS Direct failed to tell its workers about a major data breachAttack.Databreachthat saw personal information accessedAttack.Databreachby hackers . A cyber attacker gained accessAttack.Databreachto internal systems containing details for phone numbers , names and home and email addresses of the retail giant's 30,000 staff members . But according to The Register , workers still have n't been told about the breachAttack.Databreach, which took place in September . Sports Direct discovered the attackAttack.Databreachthree months later after a phone number was leftAttack.Databreachon the company 's internal site with a message encouraging bosses to make contact . Chiefs filed a report with the Information Commissioner 's office after it became aware that personal information had been compromisedAttack.Databreach. But as there was no evidence the data had been sharedAttack.Databreach, Sports Direct did n't report the breachAttack.Databreachto staff . The blunder is the latest in a string of controversies surrounding the sporting goods retailer . Allegations also surfaced of some workers being promised permanent contracts in exchange for sexual favours . Committee chairman Iain Wright said evidence heard by MPs last year suggested Sports Direct 's working practices `` are closer to that of a Victorian workhouse than that of a modern , reputable High Street retailer '' . In November , six MPs from the Business and Skills Committee said attempts were made to record their private discussions when they visited Sport Direct to investigate working practices . A spokesman for Sports Direct said : `` We can not comment on operational matters in relation to cyber-security for obvious reasons .
Get accessAttack.Databreachto essential strategic content , in-depth reports , industry intelligence , and exclusive data . Columbia Sportswear Co , is investigating an attackAttack.Databreachon one of its e-commerce sites . CEO Tim Boyle told analysts on Columbia ’ s fourth quarter 2016 earnings call that there was an unspecified cyber attackAttack.Databreachon its prAna brand ’ s online store . Columbia Sportswear acquired prAna in May 2014 for $ 190 million in cash . “ We immediately launched an investigation and engaged a leading third-party cyber security firm to assist us , ” he told analysts on the call , according to a transcript from Seeking Alpha . “ Protecting our customers ’ information is one of our top priorities and we are taking this very seriously . Until the investigation is completed , it ’ s difficult to characterize the scope or nature of the potential incident , but we are working vigilantly to address this issue ” . Boyle stressed that the attackAttack.Databreachwas limited to prAna ’ s site and did not affect Columbia ’ s other online stores . Online sales are growing fast for the outdoor apparel maker and retailer . Boyle told analysts the company generated about $ 220 million in online sales globally in 2016 .