HONG KONG ( REUTERS ) - Cathay Pacific Airways said on Wednesday ( Oct 24 ) that data of about 9.4 million passengers of Cathay and its unit Hong Kong Dragon Airlines had been accessed Attack.Databreach without authorisation . Cathay said 860,000 passport numbers , about 245,000 Hong Kong identity card numbers , 403 expired credit card numbers and 27 credit card numbers with no card verification value ( CVV ) were accessed Attack.Databreach in the breach Attack.Databreach . `` We are very sorry for any concern this data security event may cause our passengers , '' Cathay Pacific chief executive Rupert Hogg said in a statement . `` We acted immediately to contain the event , commence a thorough investigation with the assistance of a leading cyber-security firm , and to further strengthen our IT security measures . '' Mr Hogg said no passwords were compromised Attack.Databreach in the breach Attack.Databreach and the company was contacting affected passengers to give them information on how to protect themselves . Cathay Pacific was not immediately available for additional comment outside normal business hours . The company said it initially discovered suspicious activity on its network in March this year , and investigations in early May confirmed that certain personal data had been accessed Attack.Databreach . News of Cathay 's passenger data breach Attack.Databreach comes weeks after British Airways revealed that credit card details of hundreds of thousands of its customers were stolen Attack.Databreach over a two-week period . Cathay said in a statement that accessed Attack.Databreach data includes names of passengers , their nationalities , dates of birth , telephone numbers , e-mail and physical addresses , passport numbers , identity card numbers and historical travel information . It added that the Hong Kong Police had been notified about the breach Attack.Databreach and that there is no evidence any personal information has been misused .

HONG KONG ( REUTERS ) - Cathay Pacific Airways said on Wednesday ( Oct 24 ) that data of about 9.4 million passengers of Cathay and its unit Hong Kong Dragon Airlines had been accessed Attack.Databreach without authorisation . Cathay said 860,000 passport numbers , about 245,000 Hong Kong identity card numbers , 403 expired credit card numbers and 27 credit card numbers with no card verification value ( CVV ) were accessed Attack.Databreach in the breach Attack.Databreach . `` We are very sorry for any concern this data security event may cause our passengers , '' Cathay Pacific chief executive Rupert Hogg said in a statement . `` We acted immediately to contain the event , commence a thorough investigation with the assistance of a leading cyber-security firm , and to further strengthen our IT security measures . '' Mr Hogg said no passwords were compromised Attack.Databreach in the breach Attack.Databreach and the company was contacting affected passengers to give them information on how to protect themselves . Cathay Pacific was not immediately available for additional comment outside normal business hours . The company said it initially discovered suspicious activity on its network in March this year , and investigations in early May confirmed that certain personal data had been accessed Attack.Databreach . News of Cathay 's passenger data breach Attack.Databreach comes weeks after British Airways revealed that credit card details of hundreds of thousands of its customers were stolen Attack.Databreach over a two-week period . Cathay said in a statement that accessed Attack.Databreach data includes names of passengers , their nationalities , dates of birth , telephone numbers , e-mail and physical addresses , passport numbers , identity card numbers and historical travel information . It added that the Hong Kong Police had been notified about the breach Attack.Databreach and that there is no evidence any personal information has been misused .

VILLAGE OF NASHOTAH - The village recently paid Attack.Ransom an unidentified hacker a $ 2,000 ransom Attack.Ransom to decrypt its computer system after a hack Attack.Databreach in late November that left some residents ' personal information exposed Attack.Databreach . Village President Richard Lartz said Thursday , Dec 7 , that the hack `` totally encrypted '' Nashotah 's computer files , making them inaccessible to staff . He said the only information that was exposed Attack.Databreach during the breach Attack.Databreach were citizens ' names and driver 's license numbers , and possibly their addresses . Social Security numbers and other sensitive information was not compromised Attack.Databreach . `` The only information that got out Attack.Databreach was voter rolls , '' Lartz said , emphasizing that neither he nor village staff know whether that information was used or dispersed Attack.Databreach by the hacker .

The Intercontinental Hotels Group data breach Attack.Databreach previously announced in February as affecting 12 hotels in the chain has proven to have been far more extensive than was first thought . Last week the group announced that the breach Attack.Databreach affected guests that used their credit cards to pay at franchisee hotels across the United States and in Puerto Rico between September 29 , 2016 and December 29 , 2016 . According to the chain ’ s website , the Intercontinental Hotels Group data breach Attack.Databreach potentially affected guests who stayed at its Holiday Inn , Holiday Inn Express , Crowne Plaza , Staybridge Suites , Candlewood Suites , Hotel Indigo , and InterContinental Hotels . The full list of hotels that have potentially been affected by the malware incident has been listed on the IHG website . In total , 1,184 of the group ’ s hotels have potentially been affected . The Intercontinental Hotels Group data breach Attack.Databreach involved malware that had been downloaded onto its systems , which was capable of monitoring payment card systems and exfiltrating Attack.Databreach payment card data . It does not appear that any other information other than card details and cardholders ’ names were stolen Attack.Databreach by the attackers . The hotel group does not believe the data breach Attack.Databreach extended past December 29 , 2016 , although that can not be entirely ruled out as it took until February/March for all of the affected hotels to be investigated and for confirmation to be received that the malware had been removed . Prior to the malware being installed , IHG had started installing the OHG Secure Payment Solution ( SPS ) , which provides point to point encryption to prevent incidents such as this from resulting in the theft of clients ’ data . Had the process started sooner , the Intercontinental Hotel Group data breach Attack.Databreach could have been prevented . Hotels that had implemented the SPS prior to September 29 , 2016 were not affected and those that had implemented the solution between September 29 , 2016 and December 29 , 2016 stopped the malware from being able to locate and steal Attack.Databreach credit card data . In those cases , only clients that used their credit cards at affected hotels between September 29 , 2016 and when the SPS system was installed were affected . Intercontinental Hotels Group Data Breach One of Many Affecting the Hospitality Sector The Intercontinental Hotels Group data breach Attack.Databreach stands out due to the extent to which the group was affected , with well over 1,100 hotels affected . However , this is far from the only hotel group to have been affected by POS malware . Previous incidents have also been reported by Hard Rock Hotels , Hilton Hotels , Omni Hotels & Resorts and Trump Hotels . Hotels , in particular hotel chains , are big targets for cybercriminals due to the size of the prize . Many hotel guests choose to pay for their rooms and services on credit cards rather than in cash , and each hotel services many thousands – often tens of thousands – of guests each year . Globally , IHG hotels service more than 150 million guests every year , which is a tremendous number of credit and debit cards . Such a widespread malware infection would be highly lucrative for the attackers . Credit card numbers may only sell for a couple of dollars a time , but with that number of guests , an attack Attack.Databreach such as this would be a huge pay day for the attackers .

JobStreet is informing clients by email whether they were caught up in a Malaysia-based data breach Attack.Databreach that affected 19 different companies . “ We are writing to notify you that we recently identified a post claiming that personal information from the databases of 19 corporations and associations had been made public , including ours , ” the email says . According to website haveibeenpwned.com , 3,883,455 JobStreet accounts were affected by the breach Attack.Databreach . It says the information was freely downloadable on a Tor hidden service . The breach Attack.Databreach also affected more than 46 million Malaysian users and several telecommunications companies . Telecommunications providers caught by the breach Attack.Databreach include Altel , Celcom , DiGi , EnablingAsia , Friendi , Maxis , Merchantrade Asia , PLDT , Redtone , Tunetalk , Umobile and XoX , reports suggest . It also affected organisations such as the Academy of Medicine Malaysia , the Malaysian Dental Association , the Malaysian Medical Association , and the National Specialist Register of Malaysia . Reports speculate that more than 81,000 records were stolen Attack.Databreach from these organisations . “ Our investigations established that some personal candidate information pertaining to accounts created before July 2012 has been exposed Attack.Databreach . To help protect our customers , the team is continuously enhancing our security measures for all user information stored with JobStreet.com , ” JobStreet CEO Suresh Thiru says in an email . According to media reports , that personal information includes identity card numbers , addresses , login IDs , passwords , names , emails and phone numbers . Haveibeenpwned.com also notes that on JobStreet , dates of birth , genders , geographic locations , marital statuses , nationalities and usernames were also compromised Attack.Databreach . The Malaysian Communications and Multimedia Commission ( MCMC ) may have discovered the possible source of the data leaks Attack.Databreach , according to Malaysian Communications Minister Salleh Said Keruak . `` We have identified several potential sources of the leak and we should be able to complete the probe soon , '' he announced .

JobStreet is informing clients by email whether they were caught up in a Malaysia-based data breach Attack.Databreach that affected 19 different companies . “ We are writing to notify you that we recently identified a post claiming that personal information from the databases of 19 corporations and associations had been made public , including ours , ” the email says . According to website haveibeenpwned.com , 3,883,455 JobStreet accounts were affected by the breach Attack.Databreach . It says the information was freely downloadable on a Tor hidden service . The breach Attack.Databreach also affected more than 46 million Malaysian users and several telecommunications companies . Telecommunications providers caught by the breach Attack.Databreach include Altel , Celcom , DiGi , EnablingAsia , Friendi , Maxis , Merchantrade Asia , PLDT , Redtone , Tunetalk , Umobile and XoX , reports suggest . It also affected organisations such as the Academy of Medicine Malaysia , the Malaysian Dental Association , the Malaysian Medical Association , and the National Specialist Register of Malaysia . Reports speculate that more than 81,000 records were stolen Attack.Databreach from these organisations . “ Our investigations established that some personal candidate information pertaining to accounts created before July 2012 has been exposed Attack.Databreach . To help protect our customers , the team is continuously enhancing our security measures for all user information stored with JobStreet.com , ” JobStreet CEO Suresh Thiru says in an email . According to media reports , that personal information includes identity card numbers , addresses , login IDs , passwords , names , emails and phone numbers . Haveibeenpwned.com also notes that on JobStreet , dates of birth , genders , geographic locations , marital statuses , nationalities and usernames were also compromised Attack.Databreach . The Malaysian Communications and Multimedia Commission ( MCMC ) may have discovered the possible source of the data leaks Attack.Databreach , according to Malaysian Communications Minister Salleh Said Keruak . `` We have identified several potential sources of the leak and we should be able to complete the probe soon , '' he announced .

Around 50 % of the impacted accounts never posted on the forum which leads to the conclusion that they weren ’ t real users but bots . The stolen data contains email addresses , hashed passwords , and salts but none of the usernames were taken Attack.Databreach . However , good news is that all passwords have been reset . Therefore it ’ s too early to assume what happened or how attackers were able to access Attack.Databreach the database . Nevertheless , the administrators believe that it could be because of a phishing attack Attack.Phishing . It must be noted that one of the forum ’ s staff members was also impacted Attack.Databreach by the breach Attack.Databreach which is not surprising since hackers are successfully cracking passwords from previous data breaches Attack.Databreach and using them for further attacks . More : 21 Million Decrypted Gmail , 5 Million Yahoo Accounts Being Sold on Dark Web The forum is implementing new security measures including site-wide HTTPS support , 2-step authentication requirement for their staff and passwords randomizing of inactive accounts . This is not the first time when Android Forums was security issues . In 2012 , the forum suffered a massive data breach Attack.Databreach in which user credentials of 1 million users were stolen Attack.Databreach . At the time of publishing Attack.Phishing this article , the Android Forums was down for scheduled maintenance but you can still go through the security notice through Google Cache

The Internal Revenue Service ( IRS ) has said that personal data of nearly 100,000 taxpayers may have been compromised Attack.Databreach by a breach Attack.Databreach of its tool to apply for student financial aid , The Chronicle of Higher Education reports . The Free Application for Federal Student Aid ( FAFSA ) tool was taken offline in March after discovery of suspicious activity , and will be operational only in October . In a statement to the Senate Finance Committee , IRS chief John Koskinen said 35,000 affected people had been notified of the breach Attack.Databreach and $ 30 million been paid for around 8,000 fraudulent tax refunds . The IRS has come under fire for cutting off the tool and Senator Lamar Alexander of Tennessee , urged authorities to “ continue to prioritize getting the helpful data-retrieval tool back online quickly with adequate protection for users ’ data ” . The agency admits being made aware in September last year that FAFSA could be misused by hackers . “ To shut it down without a clear indication of criminals actually using it seemed to us that it was going to unnecessarily disadvantage millions of people who used it , ” Koskinen clarified , says The Wall Street Journal

The Internal Revenue Service ( IRS ) has said that personal data of nearly 100,000 taxpayers may have been compromised Attack.Databreach by a breach Attack.Databreach of its tool to apply for student financial aid , The Chronicle of Higher Education reports . The Free Application for Federal Student Aid ( FAFSA ) tool was taken offline in March after discovery of suspicious activity , and will be operational only in October . In a statement to the Senate Finance Committee , IRS chief John Koskinen said 35,000 affected people had been notified of the breach Attack.Databreach and $ 30 million been paid for around 8,000 fraudulent tax refunds . The IRS has come under fire for cutting off the tool and Senator Lamar Alexander of Tennessee , urged authorities to “ continue to prioritize getting the helpful data-retrieval tool back online quickly with adequate protection for users ’ data ” . The agency admits being made aware in September last year that FAFSA could be misused by hackers . “ To shut it down without a clear indication of criminals actually using it seemed to us that it was going to unnecessarily disadvantage millions of people who used it , ” Koskinen clarified , says The Wall Street Journal

Personal and financial data of some 270,000 customers of UK payday loan firm Wonga have likely been pilfered Attack.Databreach in a data breach Attack.Databreach . The data that was accessed Attack.Databreach by the attackers includes the name , e-mail address , home address , and phone number of around 245,000 customers in the UK and 25,000 customers in Poland , as well as the last four digits of their payment card number and/or their bank account number and sort code . “ We do not believe your Wonga account password was compromised Attack.Databreach and believe your [ loan ] account should be secure , however if you are concerned you should change your account password . We also recommend that you look out for any unusual activity across any bank accounts and online portals , ” the company advised users . “ We will be alerting financial institutions about this issue and any individuals impacted as soon as possible , but we recommend that you also contact your bank and ask them to look out for any suspicious activity. ” They ’ ve also warned users to be on the lookout for scammers looking to leverage the stolen information to gain more information or money directly from the users . According to the BBC , the company noticed that something was amiss last week , but it took them until Friday to discover that customer data may have been compromised Attack.Databreach . The company started to inform customers of the breach Attack.Databreach on Saturday . “ Wonga ’ s stock with the general public has never been particularly high , but this breach will see it fall even further . It is simply the latest name in a long list of data breach victims that will come to realise that the reputational impact of a breach is more damaging than anything the ICO can do to them , or the cybercriminals themselves for that matter , ” commented Marc Agnew , Vice President , ViaSat Europe . “ The stakes are so high that organisations need to treat cyber-attack not only as a threat , but as an inevitability . Organisations must therefore ensure that all customer data is encrypted , not just the passwords and card details , so that any stolen data is essentially worthless . Inadequately protecting customer data can create massive problems for enterprises and consumers alike . Reacting to an attack appropriately is vital ; from isolating and identifying the origin , to taking stock of what has been stolen Attack.Databreach or affected and making sure those who have been put at risk are notified and protected as soon as possible . By the looks of it , Wonga ’ s customers were alerted in a timely manner and should be well informed enough to take action . This is all Wonga can do at this stage , but it ’ ll be interesting to see what happens next and how serious an attack this turns out to be. ” “ While the organisation has stated that affected customers are unlikely to be at risk of theft , the fact remains that private personal information was compromised Attack.Databreach – posing a risk to customers , ” André Stewart , VP EMEA at Netskope , pointed out . “ Data loss prevention needs to be a key priority for all businesses . The EU General Data Protection Regulation ( GDPR ) – set to come into effect in just over a year – will hold organisations accountable for their data practices . As a result , companies will be forced to take active measures to mitigate any threats to personal privacy , whether that data is stored on-premises or in the cloud . Any companies falling short of these standards could face hefty fines , ” he also noted .

A few months ago we exclusively reported on a Dark Web vendor selling 1 Billion user accounts stolen Attack.Databreach from the Chinese Internet giants . Now , another vendor going by the handle of CosmicDark is selling Attack.Databreach a database containing 100,759,591 user accounts stolen Attack.Databreach from of Youku Inc. , a popular video service in China . The database according to vendor ’ s listing was leaked Attack.Databreach in 2016 and leaked Attack.Databreach on the Internet this year . Although it is unclear how the database was stolen Attack.Databreach CosmicDark is selling Attack.Databreach the whole package for USD 300 ( BTC 0.2559 ) . The data contains emails and passwords decrypted with MD5 & SHA1 hashes . According to the sample data ( 552 accounts ) provided by CosmicDark , most of the emails are based on @ 163.com , @ qq.com , and @ xiaonei.com . It must be noted that based on HackRead ’ s research the encrypted passwords provided in the sample data have already been decrypted and publically available on the Internet . Also , HaveIbeenpwned , a platform where you can check if your account has been compromised Attack.Databreach has also confirmed the breach Attack.Databreach . It is unclear whether Youku Inc. is aware of the breach or has notified its users , however it is evident that it poses a massive privacy threat to their users . Furthermore , vendors in the same marketplace are selling Attack.Databreach 21 million Gmail and Yahoo accounts , 640,000 decrypted PlayStation accounts , millions of accounts from 11 hacked Bitcoin forums and millions of accounts stolen Attack.Databreach from 25 hacked vBulletin forums .

A California financing company exposed Attack.Databreach up to 1 million records online that contained names , addresses , fragments of Social Security numbers and data related to vehicle loans , according to a researcher 's report . The data comes from Alliance Direct Lending , which is based in Orange , California , writes Bob Diachenko , who works with the security research team at Kromtech Alliance Corp. of Germany . Alliance Direct Lending specializes in refinancing auto loans at a lower interest rate , and it also has partnerships with dealers across the country . `` It is unclear if anyone other than security researchers accessed it or how long the data was exposed Attack.Databreach , '' Diachenko writes in a blog post . Security researchers , as well as hackers , have had a field day lately exposing configuration mistakes organizations have made when setting up databases . Despite a string of well-publicized findings , the errors are still being made , or at least , not being caught . Aside from breaches Attack.Databreach , other organizations have seen their data erased and held for ransom Attack.Ransom , with notes left inside the databases asking for bitcoins Attack.Ransom ( see Database Hijackings : Who 's Next ? ) . Kromtech notified Alliance , which has since taken the data offline , Diachenko writes . Information Security Media Group 's efforts to reach Alliance officials were not immediately successful . Under California 's mandatory data breach Attack.Databreach notification law , Alliance would be required to report the breach Attack.Databreach . `` The IT administrator claimed that it had only recently been leaked Attack.Databreach and was not was not up for long , '' Diachenko writes . `` He thanked us for the notification and the data was secured very shortly after the notification call . '' Researchers came across the data while looking into Amazon Web Services Simple Storage Service ( S3 ) `` buckets , '' which is the term for storage instances on the popular cloud hosting service . They were specifically hunting for buckets that had been left online but required no authentication . The bucket contained 1,000 items , of which 210 were public . The leaked data included .csv files listed by dealerships located around the country . The number of consumer details leaked ranges between 550,000 up to 1 million , Diachenko writes . A screenshot posted on Kromtech 's blog shows a sampling of the dealerships affected . Kromtech shared with ISMG a data sample pertaining to a dealership in Michigan . It shows full names , addresses , ZIP codes , what appear to be FICO credit scores , an annual percentage rate and the last four digits of Social Security numbers . `` The danger of this information being leaked Attack.Databreach is that cybercriminals would have enough to engage in identity theft , obtain Attack.Databreach credit cards or even file a false tax return , '' Diachenko writes . While full Social Security numbers weren't exposed Attack.Databreach , there 's still a risk in leaking Attack.Databreach the last four digits . When trying to verify customers ' identities , companies will sometimes ask for a fragment of data . So for fraudsters compiling dossiers , every bit , however incomplete , helps . Also exposed Attack.Databreach were 20 phone call recordings with customers who were negotiating auto loan deals . `` These consent calls were the customers agreeing that they understood they were getting an auto loan , confirming that the information was correct and true , '' Diachenko writes . `` They included the customer 's name , date of birth , social security numbers , and phone numbers . '' The bucket was last modified on Dec. 29 , 2016 , Kromtech writes . Amazon has strong security built around S3 storage , so it would appear that whomever created the bucket might have disabled its controls . According to Amazon 's guidance , `` only the bucket and object owners originally have access to Amazon S3 resources they created . '' Amazon also has identity and access management controls that can be used to carefully restrict who can access and change data . Buckets can also be made off-limits based on HTTP referrers and IP addresses . Managing Editor , Security and Technology , ISMG Kirk is a veteran journalist who has reported from more than a dozen countries . Based in Sydney , he is Managing Editor for Security and Technology for Information Security Media Group . Prior to ISMG , he worked from London and Sydney covering computer security and privacy for International Data Group . Further back , he covered military affairs from Seoul , South Korea , and general assignment news for his hometown paper in Illinois .

Anonymous hackers have stolen and leaked Attack.Databreach 1.9 million email addresses and some 1,700 names and active phone numbers of Bell Canada customers . The company has not shared where the stolen information was stored and how they attackers managed to access Attack.Databreach it , because the Royal Canadian Mounted Police cyber crime unit ’ s investigation into the matter is still ongoing . But , according to a brief statement , the affected systems have been secured , the Office of the Privacy Commissioner of Canada informed , and affected users notified directly ( either via email or phone ) . “ There is no indication that any financial , password or other sensitive personal information was accessed Attack.Databreach , ” the company noted , and added that the incident is not connected to the recent global WannaCry malware attacks Attack.Ransom . They ’ ve also warned customers to be on the lookout for phishing emails or calls impersonating Attack.Phishing the company and asking the customers for credit card or personal information . According to The Globe and Mail , the attackers are threatening to release more of the stolen data , if the telecom company doesn ’ t co-operate with them . It ’ s unclear what they mean by co-operating , but it ’ s more than likely that they ’ ve asked to be paid Attack.Ransom in order not to release the stolen information . Bell Canada has known about the breach Attack.Databreach since at least last Wednesday , when they notified the commissioner ’ s office of it .

INDIANAPOLIS , Ind.– Officials at Scotty ’ s Brewhouse are working to inform thousands of employees across the company about an email data breach Attack.Databreach , leaking Attack.Databreach employees ’ W-2 forms to an unknown suspect . Company officials called IMPD Monday afternoon to report the breach Attack.Databreach , which apparently resulted from an email phishing scam Attack.Phishing . According to the police report , an individual posing as Attack.Phishing company CEO Scott Wise sent Attack.Phishing an email to a payroll account employee . The email requested the employee to send all 4,000 employees W-2 forms in PDF form . Chris Martin , director of HR/Payroll for the company , told police the email did not really come from Wise . However , the payroll account employee did email all 4,000 W-2 forms to the unknown individual . The report says Martin contacted the IRS to inform the agency of the breach . The IRS recommended Martin also file a report with IMPD . Scotty ’ s Brewhouse officials are now in the process of informing all employees , and providing them with precautionary measures to take in order to protect their financial and personal information . The company says it will offer one year of credit monitoring at no cost to employees , in addition to providing information regarding available resources for its employees to monitor their credit . Scotty ’ s says no customer information was obtained Attack.Databreach during the phishing scam Attack.Phishing . The company is working with law enforcement and the credit bureaus to limit any potential misuse of the information that was obtained Attack.Databreach and to identify and apprehend the scammers . Scott Wise , CEO of Scotty ’ s Holdings , LLC , issued the following statement : “ Unfortunately , Scotty ’ s was the target of and fell victim to scammers , as so many other companies have , ” said Wise . “ Scotty ’ s employees and customers are of tremendous importance to the company and Scotty ’ s regrets any inconvenience to its employees that may result from this scamming incident . Scotty ’ s will continue to work with federal and local law enforcement , the Internal Revenue Service and credit bureaus to bring the responsible party or parties to justice ” . The incident appears to match the description of an email phishing Attack.Phishing scheme the IRS issued warnings about last year . This scheme involves scammers posing as Attack.Phishing company executives to request financial and personal information on employees . The IRS has online tutorials on the proper steps to take if you have become the victim of identity theft or your personal information has been leaked Attack.Databreach

Los Angeles Valley College in Valley Glen was subject to a cyber attack over the winter break but it is not known how large the breach Attack.Databreach was , officials said Tuesday . The attack was described as “ malicious cyber activity targeting Los Angeles Valley College , ” according to a statement from Los Angeles Community College District Chancellor Francisco Rodriguez . “ This attack is believed to have taken place over the holidays and we are working closely with local and federal authorities to learn more about its potential impact , ” Rodriguez said . “ Our top priority in resolving this incident is ensuring that the security and privacy of our students and employees is protected ” . Additional details about the attack Attack.Databreach were not made available and it was not immediately clear if anyone ’ s personal data was compromised Attack.Databreach . Los Angeles Sheriff ’ s cyber crimes unit was investigating , Deputy Caroline Rodriguez of the Sheriff ’ s Information Bureau said . The FBI did not immediately reply to emailed questions regarding the attack

News Corp is a network of leading companies in the worlds of diversified media , news , education , and information services . Addresses , names and phone numbers for staff were accessed Attack.Databreach in the data breach Attack.Databreach SPORTS Direct failed to tell its workers about a major data breach Attack.Databreach that saw personal information accessed Attack.Databreach by hackers . A cyber attacker gained access Attack.Databreach to internal systems containing details for phone numbers , names and home and email addresses of the retail giant's 30,000 staff members . But according to The Register , workers still have n't been told about the breach Attack.Databreach , which took place in September . Sports Direct discovered the attack Attack.Databreach three months later after a phone number was left Attack.Databreach on the company 's internal site with a message encouraging bosses to make contact . Chiefs filed a report with the Information Commissioner 's office after it became aware that personal information had been compromised Attack.Databreach . But as there was no evidence the data had been shared Attack.Databreach , Sports Direct did n't report the breach Attack.Databreach to staff . The blunder is the latest in a string of controversies surrounding the sporting goods retailer . Allegations also surfaced of some workers being promised permanent contracts in exchange for sexual favours . Committee chairman Iain Wright said evidence heard by MPs last year suggested Sports Direct 's working practices `` are closer to that of a Victorian workhouse than that of a modern , reputable High Street retailer '' . In November , six MPs from the Business and Skills Committee said attempts were made to record their private discussions when they visited Sport Direct to investigate working practices . A spokesman for Sports Direct said : `` We can not comment on operational matters in relation to cyber-security for obvious reasons .

News Corp is a network of leading companies in the worlds of diversified media , news , education , and information services . Addresses , names and phone numbers for staff were accessed Attack.Databreach in the data breach Attack.Databreach SPORTS Direct failed to tell its workers about a major data breach Attack.Databreach that saw personal information accessed Attack.Databreach by hackers . A cyber attacker gained access Attack.Databreach to internal systems containing details for phone numbers , names and home and email addresses of the retail giant's 30,000 staff members . But according to The Register , workers still have n't been told about the breach Attack.Databreach , which took place in September . Sports Direct discovered the attack Attack.Databreach three months later after a phone number was left Attack.Databreach on the company 's internal site with a message encouraging bosses to make contact . Chiefs filed a report with the Information Commissioner 's office after it became aware that personal information had been compromised Attack.Databreach . But as there was no evidence the data had been shared Attack.Databreach , Sports Direct did n't report the breach Attack.Databreach to staff . The blunder is the latest in a string of controversies surrounding the sporting goods retailer . Allegations also surfaced of some workers being promised permanent contracts in exchange for sexual favours . Committee chairman Iain Wright said evidence heard by MPs last year suggested Sports Direct 's working practices `` are closer to that of a Victorian workhouse than that of a modern , reputable High Street retailer '' . In November , six MPs from the Business and Skills Committee said attempts were made to record their private discussions when they visited Sport Direct to investigate working practices . A spokesman for Sports Direct said : `` We can not comment on operational matters in relation to cyber-security for obvious reasons .

A maker of Internet-connected stuffed animal toys has exposed Attack.Databreach more than 2 million voice recordings of children and parents , as well as e-mail addresses and password data for more than 800,000 accounts . He said searches using the Shodan computer search engine and other evidence indicated that , since December 25 and January 8 , the customer data was accessed Attack.Databreach multiple times by multiple parties , including criminals who ultimately held the data for ransom Attack.Ransom . The recordings were available on an Amazon-hosted service that required no authorization to access . The data was exposed Attack.Databreach by Spiral Toys , maker of the CloudPets line of stuffed animals . The toys record and play voice messages that can be sent over the Internet by parents and children . The MongoDB database of 821,296 account records was stored by a Romanian company called mReady , which Spiral Toys appears to have contracted with . Hunt said that , on at least four occasions , people attempted to notify the toy maker of the breach Attack.Databreach . In any event , evidence left behind by the ransom demanders made it almost certain company officials knew of the intrusions Attack.Ransom . Hunt wrote : It 's impossible to believe that CloudPets ( or mReady ) did not know that firstly , the databases had been left publicly exposed Attack.Databreach and secondly , that malicious parties had accessed Attack.Databreach them . Obviously , they 've changed the security profile of the system , and you simply could not have overlooked the fact that a ransom had been left Attack.Ransom . So both the exposed database Attack.Databreach and intrusion Attack.Ransom by those demanding the ransom Attack.Ransom must have been identified yet this story never made the headlines . Further ReadingInternet-connected Hello Barbie doll gets bitten by nasty POODLE crypto bugThe breach is the latest to stoke concerns about the privacy and security of Internet-connected toys . In November 2015 , tech news site Motherboard disclosed the hack Attack.Databreach of toy maker VTech in a breach Attack.Databreach that exposed Attack.Databreach the names , e-mail addresses , passwords , and home addresses of almost 5 million adults , as well as the first names , genders and birthdays of more than 200,000 kids . A month later , a researcher found Vulnerability-related.DiscoverVulnerability that an Internet-connected Barbie doll made by Mattel contained vulnerabilities that might allow hackers to intercept real-time conversations . In addition to storing the customer databases in a publicly accessible location , Spiral Toys also used an Amazon-hosted service with no authorization required to store the recordings , customer profile pictures , children 's names , and their relationships to parents , relatives , and friends . In Monday 's post , Hunt acknowledged the help of Motherboard reporter Lorenzo Franceschi-Bicchierai , who published this report . Oddly enough , for a product with such lax security , the service used the ultra-secure bcrypt hashing function to protect passwords . Unfortunately , CloudPets had one of the most permissive password policies ever . It allowed , for instance , a passcode of the single character `` a '' or the short keyboard sequence `` qwe . '' `` What this meant is that when I passed the bcrypt hashes into [ password cracking app ] hashcat and checked them against some of the world 's most common passwords ( 'qwerty , ' 'password , ' '123456 , ' etc . ) along with the passwords 'qwe ' and 'cloudlets , ' I cracked a large number in a very short time , '' Hunt wrote . Further ReadingHow to search the Internet of Things for photos of sleeping babiesThe lesson that emerged long ago is that the security of so-called Internet of things products is so poor that it often outweighs any benefit afforded by an Internet-connected appliance . As the CloudPets debacle underscores , the creep factor involved in Internet-connected toys makes the proposition even worse

The toys -- which can receive and send voice messages from children and parents -- have been involved in a data breach Attack.Databreach dealing with more than 800,000 user accounts . The breach Attack.Databreach , which grabbed headlines on Monday , is drawing concerns from security researchers because it may have given hackers access Attack.Databreach to voice recordings from the toy 's customers . But the company behind the products , Spiral Toys , is denying that any customers were hacked Attack.Databreach . Absolutely not , '' said Mark Meyers , CEO of the company . Security researcher Troy Hunt , who tracks data breaches Attack.Databreach , brought the incident Attack.Databreach to light on Monday . Hackers appear to have accessed Attack.Databreach an exposed CloudPets ' database , which contained email addresses and hashed passwords , and they even sought to ransom Attack.Ransom the information back in January , he said in a blog post . The incident Attack.Databreach underscores the danger with connected devices , including toys , and how data passing through them can be exposed Attack.Databreach , he added . In the case of CloudPets , the brand allegedly made the mistake of storing the customer information in a publicly exposed Attack.Databreach online MongoDB database that required no authentication to access . That allowed anyone , including hackers , to view and steal Attack.Databreach the data . On the plus side , the passwords exposed Attack.Databreach in the breach Attack.Databreach are hashed with the bcrypt algorithm , making them difficult to crack . Unfortunately , CloudPets placed no requirement on password strength , meaning that even a single character such as letter `` a '' was acceptable , according to Hunt , who was given a copy of the stolen data last week . As a result , Hunt was able to decipher a large number of the passwords , by simply checking them against common terms such as qwerty , 123456 , and cloudpets . `` Anyone with the data could crack a large number of passwords , log on to accounts and pull down the voice recordings , '' Hunt said in his blog post . Security researcher Victor Gevers from the GDI Foundation said he also discovered the exposed database from CloudPets and tried to contact the toy maker in late December . However , both Gevers and Hunt said the company never responded to their repeated warnings . On Monday , California-based Spiral Toys , which operates the CloudPets brand , claimed the company never received the warnings . `` The headlines that say 2 million messages were leaked Attack.Databreach on the internet are completely false , '' Meyers said . His company only became aware of the issue after a reporter from Vice Media contacted them last week . `` We looked at it and thought it was a very minimal issue , '' he said . A malicious actor would only be able to access Attack.Databreach a customer 's voice recording if they managed to guess the password , he said . `` We have to find a balance , '' Meyers said , when he addressed the toy maker 's lack of password strength requirements . He also said that Spiral Toys had outsourced its server management to a third-party vendor . In January , the company implemented changes MongoDB requested to increase the server 's security . Spiral Toys hasn ’ t been the only company targeted . In recent months , several hacking groups have been attacking Attack.Databreach thousands of publicly exposed MongoDB databases . They ’ ve done so by erasing the data , and then saying they can restore it , but only if victims pay a ransom fee Attack.Ransom . In the CloudPets incident , different hackers appear to have deleted the original databases , but left Attack.Ransom ransom notes on the exposed systems , Hunt said . Although the CloudPets ’ databases are no longer publicly accessible , it appears that the toy maker hasn ’ t notified customers about the breach Attack.Databreach , Hunt said . The danger is that hackers might be using the stolen information to break into customer accounts registered with the toys . But Meyers said the company found no evidence that any hackers broke into customer accounts . To protect its users , the company is planning on a password reset for all users . `` Maybe our solution is to put more complex passwords , '' he said .

The toys -- which can receive and send voice messages from children and parents -- have been involved in a data breach Attack.Databreach dealing with more than 800,000 user accounts . The breach Attack.Databreach , which grabbed headlines on Monday , is drawing concerns from security researchers because it may have given hackers access Attack.Databreach to voice recordings from the toy 's customers . But the company behind the products , Spiral Toys , is denying that any customers were hacked Attack.Databreach . Absolutely not , '' said Mark Meyers , CEO of the company . Security researcher Troy Hunt , who tracks data breaches Attack.Databreach , brought the incident Attack.Databreach to light on Monday . Hackers appear to have accessed Attack.Databreach an exposed CloudPets ' database , which contained email addresses and hashed passwords , and they even sought to ransom Attack.Ransom the information back in January , he said in a blog post . The incident Attack.Databreach underscores the danger with connected devices , including toys , and how data passing through them can be exposed Attack.Databreach , he added . In the case of CloudPets , the brand allegedly made the mistake of storing the customer information in a publicly exposed Attack.Databreach online MongoDB database that required no authentication to access . That allowed anyone , including hackers , to view and steal Attack.Databreach the data . On the plus side , the passwords exposed Attack.Databreach in the breach Attack.Databreach are hashed with the bcrypt algorithm , making them difficult to crack . Unfortunately , CloudPets placed no requirement on password strength , meaning that even a single character such as letter `` a '' was acceptable , according to Hunt , who was given a copy of the stolen data last week . As a result , Hunt was able to decipher a large number of the passwords , by simply checking them against common terms such as qwerty , 123456 , and cloudpets . `` Anyone with the data could crack a large number of passwords , log on to accounts and pull down the voice recordings , '' Hunt said in his blog post . Security researcher Victor Gevers from the GDI Foundation said he also discovered the exposed database from CloudPets and tried to contact the toy maker in late December . However , both Gevers and Hunt said the company never responded to their repeated warnings . On Monday , California-based Spiral Toys , which operates the CloudPets brand , claimed the company never received the warnings . `` The headlines that say 2 million messages were leaked Attack.Databreach on the internet are completely false , '' Meyers said . His company only became aware of the issue after a reporter from Vice Media contacted them last week . `` We looked at it and thought it was a very minimal issue , '' he said . A malicious actor would only be able to access Attack.Databreach a customer 's voice recording if they managed to guess the password , he said . `` We have to find a balance , '' Meyers said , when he addressed the toy maker 's lack of password strength requirements . He also said that Spiral Toys had outsourced its server management to a third-party vendor . In January , the company implemented changes MongoDB requested to increase the server 's security . Spiral Toys hasn ’ t been the only company targeted . In recent months , several hacking groups have been attacking Attack.Databreach thousands of publicly exposed MongoDB databases . They ’ ve done so by erasing the data , and then saying they can restore it , but only if victims pay a ransom fee Attack.Ransom . In the CloudPets incident , different hackers appear to have deleted the original databases , but left Attack.Ransom ransom notes on the exposed systems , Hunt said . Although the CloudPets ’ databases are no longer publicly accessible , it appears that the toy maker hasn ’ t notified customers about the breach Attack.Databreach , Hunt said . The danger is that hackers might be using the stolen information to break into customer accounts registered with the toys . But Meyers said the company found no evidence that any hackers broke into customer accounts . To protect its users , the company is planning on a password reset for all users . `` Maybe our solution is to put more complex passwords , '' he said .