because the company does not store that information online . Eurostar has yet to confirm how many people have been affected by this data breachAttack.Databreachor whether any data has been takenAttack.Databreach. The company has reported the data breachAttack.Databreachto the Information Commissioner 's Office . `` We have taken this action as a precaution because we identified what we believe to be an unauthorised automated attempt to accessAttack.Databreacheurostar.com accounts using your email address and password , '' the company told customers . `` We 've since carried out an investigation which shows that your account was logged into between the 15 and 19 October . If you did n't log in during this period , there 's a possibility your account was accessedAttack.Databreachby this unauthorised attempt . '' Customers were told to check their accounts for `` anything unusual '' and update login details on any other site where they use the same password . A Eurostar spokesman said : `` This email was sent after we identified what we believe to be an unauthorised automated attempt to access customer accounts , so as a precaution , we asked all account holders to reset their password . We deliberately never store any payment details or bank card information , so there is no possibility of those being compromisedAttack.Databreach. '' An ICO spokesman said : “ We ’ ve received data breachAttack.Databreachreport from Eurostar and are making enquiries. ” Last week , British Airways revealed that almost 200,000 further passengers may have had their personal data stolenAttack.Databreachby hackers in the September attackAttack.Databreachin what experts described as one of the biggest breachesAttack.Databreachof consumer data the UK had ever seen .
DocuSign , with over 100 million users , is one of the world ’ s largest providers of electronic signature technology and digital transaction management . Recently , DocuSign acknowledged that they have been the victim of a malware phishing attackAttack.Phishing. The data breachAttack.Databreachhappened at one DocuSign computer system location and has since been contained . While short-lived , the malware was able to obtainAttack.Databreachmany customer and user emails from the DocuSign database . Fortunately , the breachAttack.Databreachwas limited to email addresses ; no documents or further customer information was accessedAttack.Databreachin the attackAttack.Databreach. The attackers have begun sending outAttack.Phishingmalicious emails with the company ’ s branding to DocuSign customers and users . In an alert on the DocuSign website , the company shared that it is tracking these emails which carry a downloadable Microsoft Word document harboring malware to attack the user ’ s system . The email subject line has been known to read : “ Completed : docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature. ” How to protect yourself If you are not expecting an email via DocuSign , do not click on the link . If you are expecting a document , but are unsure of the source , you can access your document directly by visiting docusign.com . Every legitimate DocuSign email has a code which the user can enter on the website to access their document . DocuSign has asked that people forward suspicious emails to spam @ docusign.com then delete the email from their inboxes . It is important to remember that DocuSign will never request a customer or user to open a PDF , Microsoft Office document or ZIP file in an email .
Officials at a medical practice in Blue Springs say they are taking steps to strengthen privacy protections after a ransomware attackAttack.Ransomaffected nearly 45,000 patients . Blue Springs Family Care discovered in May that hackers had installed malware and ransomware encryption programs on its computer system , giving them full accessAttack.Databreachto patient records . Ransomware is a kind of malware that locks up a computer . The attackers typically demand a ransomAttack.Ransom, often in Bitcoin or other cryptocurrencies , as a condition of unlocking the computer and allowing access to the system . Melanie Peterson , Blue Springs Family Care ’ s privacy officer , says the medical practice did not pay a ransomAttack.Ransom. Rather , it was able to use backups to regain computer access . In a letter to patients , Blue Springs Family Care said it had no evidence patients ’ information had been used by unauthorized individuals . But it said it had taken steps to strengthen its defenses against similar attacks in the future . Peterson says the family medical practice has essentially rebuilt its computer system from scratch “ to make sure that no traces of any kind of virus were left in the system. ” The number of affected patients was as large as it was because the medical practice is required to keep medical records going back 10 years . Peterson says both the FBI and Blue Springs Police Department were notified of the attack . So far , the hackers have not been identified , she says . Blue Springs Family Care ’ s computer vendor discovered the ransomware attackAttack.Ransomon May 12 . In its letter to patients , Blue Springs Family Care said it hired a forensic IT company to help quarantine the affected systems and to install software to monitor whether any unauthorized person was accessing the system . The attack on Blue Springs Family Care was not an anomaly . Health care businesses in particular have been targeted by ransomware attacksAttack.Ransom. According to Beazly , a cybersecurity insurance company , 45 percent of ransomware attacksAttack.Ransomin 2017 targeted the health care industry . Financial services , which accounted for 12 percent of ransomware attacksAttack.Ransom, were a distant second . Last month , Cass Regional Medical Center in Harrisonville , Missouri , reported a ransomware attackAttack.Ransomhad briefly cut off access to its electronic health record system on July 9 . Hospital officials said there was no indication patient data was accessedAttack.Databreach. Cass Regional was just the latest of many Missouri health care institutions targeted in the last few months by cyber-attackers . Others include Children ’ s Mercy Hospital in Kansas City , Barnes Jewish Hospital in St. Louis , Barnes-Jewish St. Peters Hospital in St. Peters and John J. Pershing VA Medical Center in Poplar Bluff . In Kansas , the Cerebral Palsy Research Foundation of Kansas , the Kansas Department for Aging and Disability Services , Atchison Hospital Association and a private medical practice in McPherson have all been hit with cyberattacks since March . “ If you think about what ’ s in a health or medical record , there ’ s a lot of information that could be used to create or falsify documents on an individual , ” says Madeline Allen , an assistant vice president in the cybertech practice at Lockton Companies , a Kansas City-based insurance broker . “ So think about your medical record that contains not only your health information but also your name and address , your social security number , your date of birth , oftentimes a driver ’ s license number . “ All of those things can be used to impersonate you , whether it be to open a line of credit , apply for a loan , file a tax return – all of those things . Pretty much everything you need would be found in your health record , '' Allen says . `` If you can get a full health record on someone , it ’ s pretty valuable information to the bad guys as they ’ re looking to monetize that information. ” For health care institutions , Allen says , it ’ s not so much a question of whether they will be attacked as when . As such , she says , apart from instituting technical measures , the most important thing they can do to ward off cyberattacks is to educate their employees . “ Let them know that people are constantly trying to attack from all angles and the attacks are pretty sophisticated , ” she says . “ It ’ s very easy to click on a link thinking it ’ s legitimate or respond to an email that looks legitimate when in fact it ’ s not . So I think the education of employees and staff is perhaps the biggest step that health care facilities can take . ”
E-Sports Entertainment Association ( ESEA ) , one of the largest competitive video gaming communities on the planet , was hacked last December . As a result , a database containing 1.5 million player profiles was compromised . On Sunday , ESEA posted a message to Twitter , reminding players of the warning issued on December 30 , 2016 , three days after they were informed of the hack . Sunday ’ s message said the leak of player informationAttack.Databreachwas expected , but they ’ ve not confirmed if the leaked recordsAttack.Databreachcame from their systems . Late Saturday evening , breach notification service LeakedSource announced the addition of 1,503,707 ESEA records to their database . When asked for additional information by Salted Hash , a LeakedSource spokesperson shared the database schema , as well as sample records pulled at random from the database . Learn about top security certifications : Who they 're for , what they cost , and which you need . However , in all , there are more than 90 fields associated with a given player record in the ESEA database . While the passwords are safe , the other data points in the leaked records could be used to construct a number of socially-based attacks , including PhishingAttack.Phishing. Players on Reddit have confirmed their information was discovered in the leaked data . A similar confirmation was made Twitch ’ s Jimmy Whisenhunt on Twitter . The LeakedSource spokesperson said that the ESEA hack was part of a ransom schemeAttack.Ransom, as the hacker responsible demandedAttack.Ransom$ 50,000 in paymentAttack.Ransom. In exchange for meeting their demands , the hacker would keep silent about the ESEA hack and help the organization address the security flaw that made it possible . In their previous notification , ESEA said they learned about the incidentAttack.Databreachon December 27 , but make no mention of any related extortion attemptsAttack.Ransom. The organization reset passwords , multi-factor authentication tokens , and security questions as part of their recovery efforts . We ’ ve reached out to confirm the extortion attemptAttack.Ransomclaims made by the hacker , as well as the total count for players affected by the data breachAttack.Databreach. In an emailed statement , a spokesperson for ESL Gaming ( parent company to Turtle Entertainment ) confirmed that the hacker did in fact attempt to extort moneyAttack.Ransom, but the sum demandedAttack.Ransomwas `` substantially higher '' than the $ 50,000 previously mentioned . The company refused to give into the extortion demandsAttack.Ransom, and went public with details before the hacker could publish anything . The statement also confirms the affected user count of 1.5 million , and stressed the point that ESEA passwords were hashed with bcrypt . When it comes to the profile fields , where more than 90 data points are listed , ESL Gaming says those are optional data points for profile settings . `` We take the security and integrity of customer details very seriously and we are doing everything in our power to investigate this incident , establish precisely what has been taken , and make changes to our systems to mitigate any further breaches . The authorities ( FBI ) were also informed and we will do everything possible to facilitate the investigation of this attack , '' the message from ESL Gaming concluded . `` Based on the proof provided to us by the threat actor of possessionAttack.Databreachof the stolen data , we were able to identify the scope of the data that was accessedAttack.Databreach. While the primary concern and focus was on personal data , some of ESEA ’ s internal infrastructure including configuration settings of game server hardware specifications , as well as game server IPs was also accessibleAttack.Databreach. Due to the ongoing investigation , we prioritized customer user data first , '' the statement explains . In the days that followed that initial contact , ESEA worked to secure their systems , and the hacker kept making demands . On January 7 , ESEA learned the hacker also exfiltratedAttack.Databreachintellectual property from the compromised servers
Personal and financial data of some 270,000 customers of UK payday loan firm Wonga have likely been pilferedAttack.Databreachin a data breachAttack.Databreach. The data that was accessedAttack.Databreachby the attackers includes the name , e-mail address , home address , and phone number of around 245,000 customers in the UK and 25,000 customers in Poland , as well as the last four digits of their payment card number and/or their bank account number and sort code . “ We do not believe your Wonga account password was compromisedAttack.Databreachand believe your [ loan ] account should be secure , however if you are concerned you should change your account password . We also recommend that you look out for any unusual activity across any bank accounts and online portals , ” the company advised users . “ We will be alerting financial institutions about this issue and any individuals impacted as soon as possible , but we recommend that you also contact your bank and ask them to look out for any suspicious activity. ” They ’ ve also warned users to be on the lookout for scammers looking to leverage the stolen information to gain more information or money directly from the users . According to the BBC , the company noticed that something was amiss last week , but it took them until Friday to discover that customer data may have been compromisedAttack.Databreach. The company started to inform customers of the breachAttack.Databreachon Saturday . “ Wonga ’ s stock with the general public has never been particularly high , but this breach will see it fall even further . It is simply the latest name in a long list of data breach victims that will come to realise that the reputational impact of a breach is more damaging than anything the ICO can do to them , or the cybercriminals themselves for that matter , ” commented Marc Agnew , Vice President , ViaSat Europe . “ The stakes are so high that organisations need to treat cyber-attack not only as a threat , but as an inevitability . Organisations must therefore ensure that all customer data is encrypted , not just the passwords and card details , so that any stolen data is essentially worthless . Inadequately protecting customer data can create massive problems for enterprises and consumers alike . Reacting to an attack appropriately is vital ; from isolating and identifying the origin , to taking stock of what has been stolenAttack.Databreachor affected and making sure those who have been put at risk are notified and protected as soon as possible . By the looks of it , Wonga ’ s customers were alerted in a timely manner and should be well informed enough to take action . This is all Wonga can do at this stage , but it ’ ll be interesting to see what happens next and how serious an attack this turns out to be. ” “ While the organisation has stated that affected customers are unlikely to be at risk of theft , the fact remains that private personal information was compromisedAttack.Databreach– posing a risk to customers , ” André Stewart , VP EMEA at Netskope , pointed out . “ Data loss prevention needs to be a key priority for all businesses . The EU General Data Protection Regulation ( GDPR ) – set to come into effect in just over a year – will hold organisations accountable for their data practices . As a result , companies will be forced to take active measures to mitigate any threats to personal privacy , whether that data is stored on-premises or in the cloud . Any companies falling short of these standards could face hefty fines , ” he also noted .
In what ’ s becoming a familiar refrain to guests , InterContinental Hotels Group , said late last week that payment card systems at more than 1,000 of its hotels had been breachedAttack.Databreach. It ’ s the second breach that IHG , a multinational hotel conglomerate that counts Holiday Inn and Crowne Plaza among its chains , has disclosed this year . The company acknowledged in February that a credit card breachAttack.Databreachaffected 12 of its hotels and restaurants . In a notice published to its site on Friday the company said a second breachAttack.Databreachoccurred at select hotels between Sept. 29 and Dec. 29 last year . IHG says there ’ s no evidence payment card data was accessedAttack.Databreachafter that point but can ’ t confirm the malware was eradicated until two to three months later , in February/March 2017 , when it began its investigation around the breach . Like most forms of payment card malware these days , IHG said the variant on their system siphoned track dataAttack.Databreach– customers ’ card number , expiration date , and internal verification code – from the magnetic strip of cards as they were routed through affected hotel servers . The hotelier said the first breachAttack.Databreachalso stemmed from malware found on servers used to process credit cards , but from August to December 2016 . That breachAttack.Databreachaffected hotels , along with bars and restaurants at hotels , such as Michael Jordan ’ s Steak House and Bar at InterContinental Chicago and the Copper Lounge at Intercontinental Los Angeles . IHG didn ’ t state exactly how many properties were affected by the second breachAttack.Databreachbut that customers can use a lookup tool the company has posted to its site to search for hotels in select states and cities . IHG gives a timeline for each property and says hotels listed on the tool “ may have been affected. ” A cursory review of hotels in the lookup tool suggests far more than a dozen – more than a thousand – hotels , were affected by the malware . IHG says that since the investigation is ongoing the tool may may be updated periodically . Some properties , for a reason not disclosed , elected to not participate in the investigation , IHG said . While the company operates 5,000 hotels worldwide this most recent breachAttack.Databreachaffects mostly U.S.-based chains . One hotel in Puerto Rico , a Holiday Inn Express in San Juan , is the only non-U.S. property that hit by malware this time around , IHG claims . The company said it began implementing a point-to-point encryption payment solution – technology that can reportedly prevent malware from scouring systems for payment card data last fall . The hotels that were hit by this particular strain of malware had not yet implemented the encryption technology , IHG claims . The news comes as an IHG subsidiary , boutique hotel chain Kimpton , is fighting a class action court case that alleges the company failed to take adequate and reasonable measures to protect guests payment card data . The chain said it was investigating a rash of unauthorized charges on cards used at its locations last summer . It eventually confirmed a breachAttack.Databreachin late August that involved cards used from Feb. 16 , 2016 and July 7 , 2016 at nearly all of its restaurants and hotels .
Northrop Grumman has admitted one of its internal portals was broken into , exposingAttack.Databreachemployees ' sensitive tax records to miscreants . In a letter [ PDF ] to workers and the California Attorney General 's office , the aerospace contractor said that between April 18 , 2016 and March 29 , 2017 , crooks infiltrated the website , allowing them to accessAttack.Databreachstaffers ' W-2 paperwork for the 2016 tax year . These W-2 forms can be used by identity thieves to claim tax rebates owed to employees , allowing the crims to pocket victims ' money . The corp sent out its warning letters on April 18 , the last day to file 2016 tax returns . `` The personal information that may have been accessedAttack.Databreachincludes your name , address , work email address , work phone number , Social Security number , employer identification number , and wage and tax information , as well as any personal phone number , personal email address , or answers to customized security questions that you may have entered on the W-2 online portal , '' the contractor told its employees . The Stealth Bomber maker says it will provide all of the exposed workers with three years of free identity-theft monitoring services . Northrop Grumman has also disabled access to the W-2 portal through any method other than its internal single sign-on tool . The aerospace giant said it farmed out its tax portal to Equifax Workforce Solutions , which was working with the defense giant to get to the bottom of the intrusion . `` Promptly after confirming the incident , we worked with Equifax to determine the details of the issue , '' Northrop told its teams . `` Northrop Grumman and Equifax are coordinating with law enforcement authorities to assist them in their investigation of recent incidentsAttack.Databreachinvolving unauthorized actors gaining accessAttack.Databreachto individuals ’ personal information through the W-2 online portal . '' According to Equifax , the portal was accessedAttack.Databreachnot by hackers but by someone using stolen login details . `` We are investigating alleged unauthorized accessAttack.Databreachto our online portal where a person or persons using stolen credentials accessedAttack.DatabreachW-2 information of a limited number of individuals , '' an Equifax spokesperson told El Reg on Monday . `` Based on the investigation to date , Equifax has no reason to believe that its systems were compromisedAttack.Databreachor that it was the source of the information used to gain accessAttack.Databreachto the online portal . ''
Researchers said good social engineering and users ’ trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday ’ s Google Docs phishing attacksAttack.Phishingwould spread quickly . Google said that up to 1 million Gmail users were victimized by yesterday ’ s Google Docs phishing scamAttack.Phishingthat spread quickly for a short period of time . In a statement , Google said that fewer than 0.1 percent of Gmail users were affected ; as of last February , Google said it had one billion active Gmail users . Google took measures to protect its users by disabling offending accounts , and removing phony pages and malicious applications involved in the attacks . Other security measures were pushed out in updates to Gmail , Safe Browsing and other in-house systems . “ We were able to stop the campaign within approximately one hour , ” a Google spokesperson said in a statement . “ While contact information was accessedAttack.Databreachand used by the campaign , our investigations show that no other data was exposedAttack.Databreach. There ’ s no further action users need to take regarding this event. ” The messages were a convincingAttack.Phishingmix of social engineering and abuse of users ’ trust in the convenience of mechanisms that share account access with third parties . Many of the phishing messages came fromAttack.Phishingcontacts known to victims since part of the attack includes gaining access to contact lists . The messages claimedAttack.Phishingthat someone wanted to share a Google Doc with the victim , and once the “ Open in Docs ” button in the email is clicked , the victim is redirectedAttack.Phishingto a legitimate Google OAUTH consent screen where the attacker ’ s application , called “ Google Docs ” asks for access to victim ’ s Gmail and contacts through Google ’ s OAUTH2 service implementation . While the ruse was convincingAttack.Phishingin its simplicity , there were a number of red flags , including the fact that a Google service was asking for access to Gmail , and that the “ To ” address field was to an odd Mailinator account . Google also quickly updated Safe Browsing and Gmail with warnings about the phishing emails and attempts to stealAttack.Databreachpersonal information . The phishing emails spreadAttack.Phishingquickly on Wednesday and likely started with journalists and public relations professionals , each of whom are likely to have lengthy contact lists ensuring the messages would continue to spreadAttack.Phishingin an old-school worm-like fashion . OAUTH ’ s open nature allows anyone to develop similar apps . The nature of the standard and interaction involved makes it difficult to safely ask for permission without giving the users a lot of information to validate whether an app is malicious , said Duo ’ s Sokley . “ There are many pitfalls in implementing OAUTH 2.0 , for example cross site request forgery protection ( XSRF ) . Imagine if the user doesn ’ t have to click on the approve button , but if the exploit would have done this for you , ” said SANS ’ Ullrich . “ OAUTH 2.0 also inherits all the security issues that come with running anything in a web browser . A user may have multiple windows open at a time , the URL bar isn ’ t always very visible and browser give applications a lot of leeway in styling the user interface to confuse the user . ”
DocuSign , a major provider of electronic signature technology , acknowledged today that a series of recent malware phishing attacksAttack.Phishingtargeting its customers and users was the result of a data breachAttack.Databreachat one of its computer systems . The company stresses that the data stolenAttack.Databreachwas limited to customer and user email addresses , but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign . San Francisco-based DocuSign warned on May 9 that it was trackingAttack.Phishinga malicious email campaign where the subject line reads , “ Completed : docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature. ” The missives contained a link to a downloadable Microsoft Word document that harbored malware . The company said at the time that the messages were not associated with DocuSign , and that they were sent fromAttack.Phishinga malicious third-party using DocuSign branding in the headers and body of the email . But in an update late Monday , DocuSign confirmed that this malicious third party was able to sendAttack.Phishingthe messages to customers and users because it had broken in and stolenAttack.DatabreachDocuSign ’ s list of customers and users . “ As part of our ongoing investigation , today we confirmed that a malicious third party had gained temporary accessAttack.Databreachto a separate , non-core system that allows us to communicate service-related announcements to users via email , ” DocuSign wrote in an alert posted to its site . “ A complete forensic analysis has confirmed that only email addresses were accessedAttack.Databreach; no names , physical addresses , passwords , social security numbers , credit card data or other information was accessedAttack.Databreach. No content or any customer documents sent through DocuSign ’ s eSignature system was accessedAttack.Databreach; and DocuSign ’ s core eSignature service , envelopes and customer documents and data remain secure. ” The company is asking people to forward any suspicious emails related to DocuSign to spam @ docusign.com , and then to delete the missives . “ They may appear suspicious because you don ’ t recognize the sender , weren ’ t expecting a document to sign , contain misspellings ( like “ docusgn.com ” without an ‘ i ’ or @ docus.com ) , contain an attachment , or direct you to a link that starts with anything other than https : //www.docusign.com or https : //www.docusign.net , ” reads the advisory . If you have reason to expect a DocuSign document via email , don ’ t respond to an email that looks likeAttack.Phishingit ’ s from DocuSign by clicking a link in the message . When in doubt , access your documents directly by visiting docusign.com , and entering the unique security code included at the bottom of every legitimate DocuSign email . DocuSign says it will never ask recipients to open a PDF , Office document or ZIP file in an email . DocuSign was already a perennial target for phishers and malware writers , but this incident is likely to intensify attacks against its users and customers . DocuSign says it has more than 100 million users , and it seems all but certain that the criminals who stoleAttack.Databreachthe company ’ s customer email list are going to be putting it to nefarious use for some time to come .
DocuSign , a major provider of electronic signature technology , acknowledged today that a series of recent malware phishing attacksAttack.Phishingtargeting its customers and users was the result of a data breachAttack.Databreachat one of its computer systems . The company stresses that the data stolenAttack.Databreachwas limited to customer and user email addresses , but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign . San Francisco-based DocuSign warned on May 9 that it was trackingAttack.Phishinga malicious email campaign where the subject line reads , “ Completed : docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature. ” The missives contained a link to a downloadable Microsoft Word document that harbored malware . The company said at the time that the messages were not associated with DocuSign , and that they were sent fromAttack.Phishinga malicious third-party using DocuSign branding in the headers and body of the email . But in an update late Monday , DocuSign confirmed that this malicious third party was able to sendAttack.Phishingthe messages to customers and users because it had broken in and stolenAttack.DatabreachDocuSign ’ s list of customers and users . “ As part of our ongoing investigation , today we confirmed that a malicious third party had gained temporary accessAttack.Databreachto a separate , non-core system that allows us to communicate service-related announcements to users via email , ” DocuSign wrote in an alert posted to its site . “ A complete forensic analysis has confirmed that only email addresses were accessedAttack.Databreach; no names , physical addresses , passwords , social security numbers , credit card data or other information was accessedAttack.Databreach. No content or any customer documents sent through DocuSign ’ s eSignature system was accessedAttack.Databreach; and DocuSign ’ s core eSignature service , envelopes and customer documents and data remain secure. ” The company is asking people to forward any suspicious emails related to DocuSign to spam @ docusign.com , and then to delete the missives . “ They may appear suspicious because you don ’ t recognize the sender , weren ’ t expecting a document to sign , contain misspellings ( like “ docusgn.com ” without an ‘ i ’ or @ docus.com ) , contain an attachment , or direct you to a link that starts with anything other than https : //www.docusign.com or https : //www.docusign.net , ” reads the advisory . If you have reason to expect a DocuSign document via email , don ’ t respond to an email that looks likeAttack.Phishingit ’ s from DocuSign by clicking a link in the message . When in doubt , access your documents directly by visiting docusign.com , and entering the unique security code included at the bottom of every legitimate DocuSign email . DocuSign says it will never ask recipients to open a PDF , Office document or ZIP file in an email . DocuSign was already a perennial target for phishers and malware writers , but this incident is likely to intensify attacks against its users and customers . DocuSign says it has more than 100 million users , and it seems all but certain that the criminals who stoleAttack.Databreachthe company ’ s customer email list are going to be putting it to nefarious use for some time to come .
Barts Health Trust , which runs The Royal London , St Bartholomew 's , Whipps Cross , Mile End and Newham hospitals , is investigating the breach . The trust said it could now rule out ransomware , in which email recipients are trickedAttack.Phishinginto opening attachments which contain viruses , as the cause . It has not confirmed how much of its system was affected but said there was no sign that patient data was accessedAttack.Databreach. In a statement said : `` We are urgently investigating this matter and have taken a number of drives offline as a precautionary measure . `` We have tried and tested contingency plans in place and are making every effort to ensure that patient care will not be affected . '' The incidentAttack.Ransomfollows a similar attackAttack.Ransomon the Northern Lincolnshire and Goole Foundation Trust in October , when malware was used to encrypt files on the trust 's system and demand a ransomAttack.Ransomin order to access them again . The trust did not pay outAttack.Ransom, but was forced to cancel patient appointments while its systems were shut down to remove the virus
Anonymous hackers have stolen and leakedAttack.Databreach1.9 million email addresses and some 1,700 names and active phone numbers of Bell Canada customers . The company has not shared where the stolen information was stored and how they attackers managed to accessAttack.Databreachit , because the Royal Canadian Mounted Police cyber crime unit ’ s investigation into the matter is still ongoing . But , according to a brief statement , the affected systems have been secured , the Office of the Privacy Commissioner of Canada informed , and affected users notified directly ( either via email or phone ) . “ There is no indication that any financial , password or other sensitive personal information was accessedAttack.Databreach, ” the company noted , and added that the incident is not connected to the recent global WannaCry malware attacksAttack.Ransom. They ’ ve also warned customers to be on the lookout for phishing emails or calls impersonatingAttack.Phishingthe company and asking the customers for credit card or personal information . According to The Globe and Mail , the attackers are threatening to release more of the stolen data , if the telecom company doesn ’ t co-operate with them . It ’ s unclear what they mean by co-operating , but it ’ s more than likely that they ’ ve asked to be paidAttack.Ransomin order not to release the stolen information . Bell Canada has known about the breachAttack.Databreachsince at least last Wednesday , when they notified the commissioner ’ s office of it .
The exposed data includes names , Social Security numbers , birthdates , contact details , medical record numbers and/or clinical information . On December 21 , 2016 , Children 's Hospital Los Angeles learned that an unencrypted laptop containing patient data was stolenAttack.Databreachfrom the locked vehicle of a Children 's Hospital Los Angeles Medical Group physician on October 18 , 2016 . The laptop may have held approximately 3,600 patients ' names , birthdates , addresses , medical record numbers and some clinical information , SC Magazine reports . `` We are taking action to prevent this type of thing in the future by enhancing the encryption levels of all laptops that physicians use in the provision of care for patients , '' the hospital stated in a notification letter [ PDF ] to those affected . Separately , Delaware Insurance Commissioner Trinidad Navarro recently announced that a security breach impacted Summit Reinsurance Services and BCS Financial Corporation , both of which are subcontractors of Highmark Blue Cross Blue Shield of Delaware ( h/t Internet Health Management ) . On August 8 , 2016 , Summit discovered that a server containing customer data , including names , Social Security numbers , health insurance information , provider names and/or diagnosis and clinical information , was infected with ransomware . An investigation determined that the server was first accessed on March 12 , 2016 . The breach affects approximately 19,000 Highmark Blue Cross Blue Shield members . `` I would like to ensure Delaware consumers that the Department of Insurance takes this matter seriously and is currently investigating how this occurred , '' Navarro said in a statement . While Summit sent notification letters to those affected , Navarro noted that many customers may have discarded the letter assuming it was a sales pitch , since they were customers of Highmark Blue Cross Blue Shield , not Summit . And CoPilot Provider Support Services recently announced that one of its databases used by healthcare professionals to determine whether treatments will be covered by insurance was accessedAttack.Databreachin October 2015 , potentially exposing approximately 220,000 patients ' names , genders , birthdates , addresses , phone numbers , health insurers , and in some cases Social Security numbers . It 's not clear why it took the company more than a year to notify those affected . `` We are taking steps to address the situation and to further protect against a similar incident in the future , including utilizing enhanced verification , enhanced encryption and implementing increased security audit activity , '' CoPilot said in a notification letter [ PDF ] to those affected . Last spring , a Ponemon Institute survey found that 79 percent of healthcare organizations experienced two or more data breachesAttack.Databreachin the past two years , and 45 percent experienced five or more breaches . Over the past two years , the survey found , the average cost of a data breachAttack.Databreachto a healthcare organization was more than $ 2.2 million . `` In the last six years of conducting this study , it 's clear that efforts to safeguard patient data are not improving , '' Ponemon Institute chairman and founder Dr. Larry Ponemon said at the time .
A maker of Internet-connected stuffed animal toys has exposedAttack.Databreachmore than 2 million voice recordings of children and parents , as well as e-mail addresses and password data for more than 800,000 accounts . He said searches using the Shodan computer search engine and other evidence indicated that , since December 25 and January 8 , the customer data was accessedAttack.Databreachmultiple times by multiple parties , including criminals who ultimately held the data for ransomAttack.Ransom. The recordings were available on an Amazon-hosted service that required no authorization to access . The data was exposedAttack.Databreachby Spiral Toys , maker of the CloudPets line of stuffed animals . The toys record and play voice messages that can be sent over the Internet by parents and children . The MongoDB database of 821,296 account records was stored by a Romanian company called mReady , which Spiral Toys appears to have contracted with . Hunt said that , on at least four occasions , people attempted to notify the toy maker of the breachAttack.Databreach. In any event , evidence left behind by the ransom demanders made it almost certain company officials knew of the intrusionsAttack.Ransom. Hunt wrote : It 's impossible to believe that CloudPets ( or mReady ) did not know that firstly , the databases had been left publicly exposedAttack.Databreachand secondly , that malicious parties had accessedAttack.Databreachthem . Obviously , they 've changed the security profile of the system , and you simply could not have overlooked the fact that a ransom had been leftAttack.Ransom. So both the exposed databaseAttack.Databreachand intrusionAttack.Ransomby those demanding the ransomAttack.Ransommust have been identified yet this story never made the headlines . Further ReadingInternet-connected Hello Barbie doll gets bitten by nasty POODLE crypto bugThe breach is the latest to stoke concerns about the privacy and security of Internet-connected toys . In November 2015 , tech news site Motherboard disclosed the hackAttack.Databreachof toy maker VTech in a breachAttack.Databreachthat exposedAttack.Databreachthe names , e-mail addresses , passwords , and home addresses of almost 5 million adults , as well as the first names , genders and birthdays of more than 200,000 kids . A month later , a researcher foundVulnerability-related.DiscoverVulnerabilitythat an Internet-connected Barbie doll made by Mattel contained vulnerabilities that might allow hackers to intercept real-time conversations . In addition to storing the customer databases in a publicly accessible location , Spiral Toys also used an Amazon-hosted service with no authorization required to store the recordings , customer profile pictures , children 's names , and their relationships to parents , relatives , and friends . In Monday 's post , Hunt acknowledged the help of Motherboard reporter Lorenzo Franceschi-Bicchierai , who published this report . Oddly enough , for a product with such lax security , the service used the ultra-secure bcrypt hashing function to protect passwords . Unfortunately , CloudPets had one of the most permissive password policies ever . It allowed , for instance , a passcode of the single character `` a '' or the short keyboard sequence `` qwe . '' `` What this meant is that when I passed the bcrypt hashes into [ password cracking app ] hashcat and checked them against some of the world 's most common passwords ( 'qwerty , ' 'password , ' '123456 , ' etc . ) along with the passwords 'qwe ' and 'cloudlets , ' I cracked a large number in a very short time , '' Hunt wrote . Further ReadingHow to search the Internet of Things for photos of sleeping babiesThe lesson that emerged long ago is that the security of so-called Internet of things products is so poor that it often outweighs any benefit afforded by an Internet-connected appliance . As the CloudPets debacle underscores , the creep factor involved in Internet-connected toys makes the proposition even worse
Spiral Toys , the parent company behind CloudPets , yesterday sent the California Attorney General a breach notification that on many fronts contradicts what experts have said about a database breachAttack.Databreachthat exposedAttack.Databreachuser data and private voice messages , many of which were made by children . The notification says that the company was not aware of a breach until Feb 22 when it received an inquiry from a Motherboard reporter who was informed by researchers Troy Hunt and Victor Gevers of a serious issue involving the toymaker ’ s customer data . This runs contrary to timelines provided by Hunt and Gevers showing both reached out to a number of Spiral Toys contacts , including its ZenDesk ticketing system , around Dec 30 . The data was copied and deleted from an exposed MongoDB instance found online . It ’ s unknown how many times the database was accessedAttack.Databreachbefore its contents were deleted and a ransom note left behindAttack.Ransom, symptomatic of other attacks against poorly protected MongoDB databases . The recordings were not stored in the database , but the database did contain references to file paths to the messages , which were stored on an Amazon Web Services AWS S3 storage bucket . The database , Spiral Toys said in its notification , did include emails and encrypted passwords , which Hunt counters were not encrypted , but were hashed with bcrypt . Combined with a nonexistent password strength rule on Spiral Toys ’ part , the hashed passwords could easily be cracked , Hunt said . The company meanwhile said it would notify 500,000 affected users , force a password reset , and implement new password strength requirements . Hunt and Gevers said there were actually more than 800,000 registered users exposed in the breachAttack.Databreach. “ The breach has been addressed and from our best knowledge no images or messages were leakedAttack.Databreachonto the internet , ” Spiral Toys said . “ A hacker could getAttack.Databreachto that data if they started ‘ guessing ’ simple passwords ” . Which is exactly what a hacker would do , Hunt said . “ This is what hash cracking is and it ’ s a highly automated process that ’ s particularly effective against databases that had no password rules , ” Hunt said . Hunt points out that simple passwords such as qwe—a sample password shown during a CloudPets setup video—combined with the stolen email addresses pose a serious privacy risk . CloudPets are teddy bears that can send and receive messages using Bluetooth Low Energy connectivity to a mobile app , which sends the messages . The most typical use case is where a child can remotely send a message to a parent or authorized adult through the bear . “ If this product was secure , it would have been a nice contribution to the IOT/gadget/toy market , ” Gevers said . The best thing is that they learn from this and start making a new secure product line ” .