A former Chicago Public Schools worker faces several felony charges after officials allege the worker stole Attack.Databreach personal information on about 80,000 employees , volunteers and vendors from a CPS database . The former worker , Kristi Sims , was arrested Thursday ; officers recovered the stolen files after executing search warrants , according to CPS and Chicago police officials . Sims , 28 , is a former contractor who handled administrative tasks for the Office of Safety and Security . Sims was ordered released on her own recognizance at a bond hearing Friday at the Leighton Criminal Court Building by Judge Sophia Atcherson ; Sims also was ordered not to access to the internet while the case continues . In a letter to employees Thursday evening , CPS Chief Operating Officer Arnie Rivera said the district learned of the massive data breach Attack.Databreach Wednesday , the day after the information was stolen Attack.Databreach . Among the data stolen Attack.Databreach were names , employee ID numbers , phone numbers , addresses , dates of birth , criminal arrest histories and DCFS findings . Social Security numbers were not taken Attack.Databreach , Rivera said . “ There was no indication that the information , which was in the individual ’ s possession for approximately 24 hours , was used or disseminated to anyone in any way , ” Rivera added . A CPS spokesman referred questions about the criminal charges to Chicago police , but Rivera said “ CPS will work to ensure the individual is prosecuted to the fullest extent of the law. ” CPD spokesman Anthony Guglielmi said Sims is also suspected of deleting the targeted files from the CPS database after they were stolen Attack.Databreach . The digital equipment seized in the warrant is being analyzed , and a search warrant is underway for Sims ’ s email account , Guglielmi said . Though police say they don ’ t believe anyone other than Sims was in possession of the data , they hope to learn more about what might have been done with the information . This latest CPS data breach Attack.Databreach comes only a few months after the school district mistakenly sent a mass email that linked to the private information of thousands of students and families . The email invited families to submit supplemental applications to selective enrollment schools . Attached at the bottom of the email was a link to a spreadsheet with the personal data of more than 3,700 students and families . In that incident , CPS apologized for the “ unacceptable breach Attack.Databreach of both student information and your trust ” and asked recipients of the email to delete the sensitive information . The data included children ’ s names , home and cellphone numbers , email addresses and ID numbers .

The Federal Bureau of Investigation has issued a warning to healthcare organizations using File Transfer Protocol ( FTP ) servers . Medical and dental organizations have been advised to ensure FTP servers are configured to require users to be properly authenticated before access to stored data can be gained . Many FTP servers are configured to allow anonymous access using a common username such as ‘ FTP ’ or ‘ anonymous ’ . In some cases , a generic password is required , although security researchers have discovered Vulnerability-related.DiscoverVulnerability that in many cases , FTP servers can be accessed without a password . The FBI warning Vulnerability-related.DiscoverVulnerability cites research conducted by the University of Michigan in 2015 that revealed Vulnerability-related.DiscoverVulnerability more than 1 million FTP servers allowed anonymous access to stored data The FBI warns that hackers are targeting these anonymous FTP servers to gain access Attack.Databreach to the protected health information of patients . PHI carries a high value on the black market as it can be used for identity theft and fraud . Healthcare organizations could also be blackmailed Attack.Ransom if PHI is stolen Attack.Databreach . Last year , the hacker operating under the name TheDarkOverlord conducted a number of attacks Attack.Databreach on healthcare organizations . The protected health information of patients was stolen Attack.Databreach and organizations were threatened with the publication of data if a sizable ransom payment Attack.Ransom was not made . In some cases , patient data were published online when payment was not received Attack.Ransom . There are reasons why IT departments require FTP servers to accept anonymous requests ; however , if that is the case , those servers should not be used to store any protected health information of patients . If PHI must be stored on the servers , they can not be configured to run in anonymous mode . The FBI suggests all healthcare organizations should instruct their IT departments to check the configuration of their FTP servers to ensure they are not running in anonymous mode and to take immediate action to secure those servers and reduce risk if they are .

The email-borne attack locked the city ’ s servers and many of the daily business functions , officials said . ( TNS ) -- SPRING HILL , Tenn. — The city was the victim of a recent cyber-attack Attack.Ransom , which caused its computer system to lock with a ransom Attack.Ransom of $ 250,000 . Spring Hill was one of several other local government agencies who were victim to the attack Attack.Ransom , and city officials say they do not believe any citizen or customer account information was stolen Attack.Databreach or compromised Attack.Databreach . It did , however , temporarily halt any online credit or debit card payments . `` We received a ransomware attack Attack.Ransom Friday evening that ended up going in and locking our servers . It affected all of our departments , and we have been in recovery mode ever since [ Sunday ] , '' City Administrator Victor Lay said . `` We 've now been able to , at least minimally , conduct business , although the manual system of paper and pencil seems to work pretty well against those kinds of things . '' Lay added that the `` appropriate government authorities '' have been contacted about the incident , which will meet later this week to discuss an investigation into the incident . He said it was not a `` hack '' per se , but a virus created from a downloadable email attachment , locking the system using an encryption key . `` We 're working through it . Obviously , we chose not to pay the ransom Attack.Ransom . We 're working through the system and it 's going to take us a few days to get things all back to normal , but we 're getting there . ''

A Vermont business 's computer system was attacked Attack.Ransom by hackers and held for ransom Attack.Ransom . It may sound like a movie plot but ransomware attacks Attack.Ransom like these are on the rise . According to their 2017 Internet Crime report , last year the FBI received 1,783 complaints identified as ransomware . The adjusted losses from the attacks was over $ 2.3 million . An example of a ransomware attack Attack.Ransom is software that downloads to your computer , encrypts your data and then demands money Attack.Ransom to get it back . It 's technological extortion , essentially . And that 's what happened to Wendell 's Furniture in Colchester at the end of last month . `` Our servers crashed and when our IT guy came to take care of the problem , I asked him how the patient was doing and he just got kind of an ashen look on his face and he just shook his head and I knew we were in trouble , '' said Ryan Farrell , the vice president of Wendell 's Furniture . Farrell says in their nearly 20 years of business , they 've never had this type of cybersecurity attack . `` I honestly do n't think I believed it to begin with . It 's something you see in the movies , something you see on TV but it 's never something that I thought would happen to us , especially here in Vermont , '' Farrell said . The company 's sales information from the last 5-10 years was stolen Attack.Databreach , including customers ' names , addresses , phone numbers and email addresses . However , no credit card numbers were part of the breach . `` My message to customers is not to panic , do n't be worried about your information , '' Farrell said . `` Just know that it 's going to take us just a little bit more time to get your sofa to you but we 're open for business . '' Wendell 's was able to recover most of the data but not all of it . They are still missing several months ' worth of data . `` Everything that used to be easy is now really hard , '' Farrell said . A McAfee report shows that ransomware attacks Attack.Ransom are up more than 100 percent in the second quarter of 2018 over that same time frame in 2016 . Duane Dunston teaches cybersecurity at Champlain College and says these attacks can be hard to count . `` It 's not really clear because many organizations may not report it , '' he said . `` It may be easier for them to give them the money and just move on . '' Wendell 's ended up paying thousands of dollars but Dunston says that can have repercussions . `` One of the dangers is that they can come back and ask for more money at a later time , '' he explained . `` There really is no way to know whether they are going to delete the data or whatever they are demanding . '' Dunston says there is lots of public information on how to protect your data but to make sure you are backing it up and updating your security systems . Wendell 's has now reinforced its computer firewalls and replaced parts of its infrastructure that are susceptible to attack . `` We 're getting back on our feet , '' Farrell said . Customers who financed their purchase with Synchrony Financial may have had their account numbers compromised , but according to Wendell 's that threat is low . The business has sent out about 500 letters notifying customers and says they are doing their best to get the word out .

Forrester , one of the world 's leading market research and investment advisory firms , admitted late Friday afternoon to a security breach that took place during the past week . The company says that a yet to be identified attacker ( or attackers ) has gained access Attack.Databreach to the infrastructure hosting its website — Forrester.com . Forrester is using this website to allow customers to log in and download research specific to their contracts . The company provides statistics , trends , and other market research , which clients use to take decisions before launching new products or business endeavors . Attacker stole Attack.Databreach site credentials and stole Attack.Databreach proprietary research Steven Peltzman , Forrester 's Chief Business Technology Officer , says the attacker stole Attack.Databreach valid Forrester.com user credentials that gave him access to Forrester.com accounts . `` The hacker used that access to steal Attack.Databreach research reports made available to our clients , '' he said . `` There is no evidence that confidential client data , financial information , or confidential employee data was accessed or exposed Attack.Databreach as part of the incident , '' Peltzman clarified . Even if no sensitive customer data was stolen Attack.Databreach , the market research information to which hackers had access Attack.Databreach is very valuable in the hands of an economic espionage hacker group , allowing it to determine what technologies are Forrester 's customers working on , or what products they 're ready to launch . This information could then be resold on dark markets or competitors , or hackers could also use it to select future targets — companies that are ready to launch valuable products . `` We recognize that hackers will attack attractive targets — in this case , our research IP . We also understand there is a tradeoff between making it easy for our clients to access our research and security measures , '' said George F. Colony , Chairman and Chief Executive Officer of Forrester . `` We feel that we have taken a common-sense approach to those two priorities ; however , we will continuously look at that balance to respond to changing cybersecurity risk . '' Forrester is the fourth major financial and business entity that suffered or announced a security incident in the past month . The other three include credit rating and reporting firm Equifax , the US Securities and Exchange Commission ( SEC ) , and accounting , auditing , and corporate finance consulting firm Deloitte .

Hong Kong might just have experienced its biggest ever data breach Attack.Databreach after the personal details of the Special Administrative Region ( SAR ) ’ s 3.7 million voters were stolen Attack.Databreach on two laptops . The details are said to have included ID card numbers , addresses and mobile phone numbers . They were stored on two laptops in a locked room at the AsiaWorld-Expo conference center near the airport . The center is said to be the “ back-up venue ” for the region ’ s chief executive elections , which took place over the weekend . The Registration and Electoral Office has reported the theft to police and told the South China Morning Post that the details of voters were encrypted – although it ’ s unclear how strong that encryption is . It ’ s also unclear why the details of 3.7m voters were stored on the laptops when only an Election Committee of 1194 specially chosen business and political leaders is allowed to pick Hong Kong ’ s CEO . The SAR ’ s privacy watchdog said in a statement that it is launching an investigation into the matter . Over a three-year period from 2013 to 2016 , the privacy commissioner ’ s office is said to have received 253 data breach Attack.Databreach notifications . Eduard Meelhuysen , EMEA boss at Bitglass , argued that public sector breaches stand out as particularly concerning . `` Whether it ’ s the NHS or the Hong Kong Registration and Electoral Office , these organizations need to remember their duty of care , not to mention legal obligations , to protect citizens ' and employees ' data , ” he said . “ This means not only keeping sensitive data encrypted , but also controlling where it goes using tools like access control and data leakage prevention . Is it really a business necessity to store the information of millions of citizens on a laptop ? '' In a separate incident , a laptop was stolen Attack.Databreach from Queen Mary Hospital last year , containing the personal details of nearly 4000 patients

In a statement , Sanrio said they didn ’ t believe any data was stolen Attack.Databreach . Now , over a year later , the database has surfaced online . Its resurrection places 3.3 million Hello Kitty fans in the hot seat . On December 19 , 2015 , Salted Hash broke the news that a MongoDB installation for Sanrio , the company behind Hello Kitty , was exposed to the public . The database was discovered by security researcher Chris Vickery . Learn about top security certifications : Who they 're for , what they cost , and which you need . At the time , Sanrio speculated the exposure was due to maintenance conducted several weeks prior , on November 20 , 2015 . The database contained just over 3.3 million records from sanriotown.com , including 186,261 records assigned to people under the age of 18 . Three days after the story broke , on December 22 , 2015 , Sanrio said they investigated the problem and fixed it . “ In addition , new security measures have been applied on the server ( s ) ; and we are conducting an internal investigation and security review into this incident . To the Company ’ s current knowledge , no data was stolen or exposed Attack.Databreach , ” the statement concluded . Unfortunately , someone did copy Attack.Databreach the database before the configuration error was fixed . On Sunday , Salted Hash learned that the Sanrio database was added to the LeakedSource index . Examining the LeakedSource records and comparing the field names to the screenshots shared by Vickery in 2015 , the data is a match . For example , both sets of data use the “ _createdFrom ” field , as well as “ dateOfBirth ” , “ gender ” , “ firstName ” , “ lastName ” , etc . In both databases , the records contain the account holder ’ s first and last name , birthday ( encoded , but easily reversed ) , gender , country of origin , email addresses , user name , password ( unsalted SHA-1 hash ) , password hint question , and the corresponding answer . However , there is a field in the LeakedSource records that is new to this story , “ incomeRange ” with values running from 0 to 150 . It isn ’ t clear what these values represent , but not every record has them . As was the case previously , the fear is that the exposed database could cause problems for those registered , especially the children . It ’ s hard enough to deal with ID theft related issues as an adult . Such issues are only compounded for children , as the problems might not materialize for several years . This is true today as well , but there ’ s no telling who followed the advice . Also , there is no way to track who had access to this database , as it ’ s been circulating out of the public eye for a least a year before it was shared with LeakedSource . Salted Hash has reached out to Sanrio for comment . Anyone with concerns about the information exposed can checkout Consumer.gov for advice on recovering from identity theft . In it , they briefly recap the events from 2015 , including their previous alert . The statement goes on to dismiss the latest news , despite sample records matching the previously exposed database . `` Recently , reports have surfaced claiming that the 2015 data breach Attack.Databreach was not corrected . At this time , there is no evidence to support this claim . The original data breach Attack.Databreach from SanrioTown.com users in 2015 did not include credit card information or other payment information . Users ’ passwords are encrypted with the cryptographic hash function SHA-1 . `` SanrioTown and Sanrio Digital notified users about the incident , advising them to change their passwords . It should be noted that this current Sanrio database currently circulating online Attack.Databreach does n't have any financial data , and there have been no claims otherwise . Salted Hash has asked additional questions surrounding the sample data shared Attack.Databreach with Sanrio . After reviewing the sample data sets shared Attack.Databreach by Salted Hash , Sanrio has confirmed that the data indexed by LeakedSource `` looks real '' and likely originated from the exposed database in 2015 . However , the company stopped short of confirming that LeakedSource 's records and the records exposed two years ago are one in the same . “ Sanrio Digital recently received evidence that a 2015 data breach Attack.Databreach of the SanrioTown web site involved some user data theft Attack.Databreach , ” the company said in a statement . “ At the time , we had no evidence of data theft Attack.Databreach , however we have now learned from reporter Steve Ragan of CSO Online that personal information of SanrioTown.com users was stolen Attack.Databreach during the 2015 data breach Attack.Databreach . According to Mr. Ragan , a database containing information of 3,345,168 SanrioTown users has been circulating Attack.Databreach since the time of the incident . “ He received the sample records from LeakedSource containing information of 30 SanrioTown users . We have verified that these sample records appear to be real . We can not , however , relate the source of such sample records to the 2015 data breach Attack.Databreach and we are unable to verify whether the database of LeakedSource contains information of 3,345,168 SanrioTown users stolen Attack.Databreach during the 2015 SanrioTown data breach Attack.Databreach ”

In a statement , Sanrio said they didn ’ t believe any data was stolen Attack.Databreach . Now , over a year later , the database has surfaced online . Its resurrection places 3.3 million Hello Kitty fans in the hot seat . On December 19 , 2015 , Salted Hash broke the news that a MongoDB installation for Sanrio , the company behind Hello Kitty , was exposed to the public . The database was discovered by security researcher Chris Vickery . Learn about top security certifications : Who they 're for , what they cost , and which you need . At the time , Sanrio speculated the exposure was due to maintenance conducted several weeks prior , on November 20 , 2015 . The database contained just over 3.3 million records from sanriotown.com , including 186,261 records assigned to people under the age of 18 . Three days after the story broke , on December 22 , 2015 , Sanrio said they investigated the problem and fixed it . “ In addition , new security measures have been applied on the server ( s ) ; and we are conducting an internal investigation and security review into this incident . To the Company ’ s current knowledge , no data was stolen or exposed Attack.Databreach , ” the statement concluded . Unfortunately , someone did copy Attack.Databreach the database before the configuration error was fixed . On Sunday , Salted Hash learned that the Sanrio database was added to the LeakedSource index . Examining the LeakedSource records and comparing the field names to the screenshots shared by Vickery in 2015 , the data is a match . For example , both sets of data use the “ _createdFrom ” field , as well as “ dateOfBirth ” , “ gender ” , “ firstName ” , “ lastName ” , etc . In both databases , the records contain the account holder ’ s first and last name , birthday ( encoded , but easily reversed ) , gender , country of origin , email addresses , user name , password ( unsalted SHA-1 hash ) , password hint question , and the corresponding answer . However , there is a field in the LeakedSource records that is new to this story , “ incomeRange ” with values running from 0 to 150 . It isn ’ t clear what these values represent , but not every record has them . As was the case previously , the fear is that the exposed database could cause problems for those registered , especially the children . It ’ s hard enough to deal with ID theft related issues as an adult . Such issues are only compounded for children , as the problems might not materialize for several years . This is true today as well , but there ’ s no telling who followed the advice . Also , there is no way to track who had access to this database , as it ’ s been circulating out of the public eye for a least a year before it was shared with LeakedSource . Salted Hash has reached out to Sanrio for comment . Anyone with concerns about the information exposed can checkout Consumer.gov for advice on recovering from identity theft . In it , they briefly recap the events from 2015 , including their previous alert . The statement goes on to dismiss the latest news , despite sample records matching the previously exposed database . `` Recently , reports have surfaced claiming that the 2015 data breach Attack.Databreach was not corrected . At this time , there is no evidence to support this claim . The original data breach Attack.Databreach from SanrioTown.com users in 2015 did not include credit card information or other payment information . Users ’ passwords are encrypted with the cryptographic hash function SHA-1 . `` SanrioTown and Sanrio Digital notified users about the incident , advising them to change their passwords . It should be noted that this current Sanrio database currently circulating online Attack.Databreach does n't have any financial data , and there have been no claims otherwise . Salted Hash has asked additional questions surrounding the sample data shared Attack.Databreach with Sanrio . After reviewing the sample data sets shared Attack.Databreach by Salted Hash , Sanrio has confirmed that the data indexed by LeakedSource `` looks real '' and likely originated from the exposed database in 2015 . However , the company stopped short of confirming that LeakedSource 's records and the records exposed two years ago are one in the same . “ Sanrio Digital recently received evidence that a 2015 data breach Attack.Databreach of the SanrioTown web site involved some user data theft Attack.Databreach , ” the company said in a statement . “ At the time , we had no evidence of data theft Attack.Databreach , however we have now learned from reporter Steve Ragan of CSO Online that personal information of SanrioTown.com users was stolen Attack.Databreach during the 2015 data breach Attack.Databreach . According to Mr. Ragan , a database containing information of 3,345,168 SanrioTown users has been circulating Attack.Databreach since the time of the incident . “ He received the sample records from LeakedSource containing information of 30 SanrioTown users . We have verified that these sample records appear to be real . We can not , however , relate the source of such sample records to the 2015 data breach Attack.Databreach and we are unable to verify whether the database of LeakedSource contains information of 3,345,168 SanrioTown users stolen Attack.Databreach during the 2015 SanrioTown data breach Attack.Databreach ”

The IAAF said in a statement the hacking group known as Fancy Bear , which has been linked by western governments and security experts to a Russian spy agency blamed for some of the cyber operations that marred the 2016 U.S. election , was believed to be behind the attack of medical records in February . The hack targeted information concerning applications by athletics for Therapeutic Use Exemptions , the IAAF said . Athletes who had applied for TUEs since 2012 have been contacted and IAAF president , Sebastian Coe , apologized . ” Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential , ” Coe said in the statement . “ They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation ” . TUEs are issued by sports federations and national anti-doping organizations to allow athletes to take certain banned substances for verified medical needs . The IAAF said that data on athlete TUEs was “ collected Attack.Databreach from a file server and stored on a newly created file ” . “ The attack by Fancy Bear , also known as APT28 , was detected during a proactive investigation carried out by cyber incident response ( CIR ) firm Context Information Security , ” the IAAF said . Private security firms and U.S. officials have said Fancy Bear works primarily on behalf of the GRU , Russia ’ s military intelligence agency . Fancy Bear could not be immediately reached for comment . The group and other Russian hackers were behind the cyber attacks during the U.S. presidential election last year that were intended to discredit Democratic candidate Hillary Clinton and help Donald Trump , a Republican , win , according to U.S. intelligence agencies . It was not known if the information was stolen Attack.Databreach from the network , the IAAF said , but the incident was “ a strong indication of the attackers ’ interest and intent , and shows they had access Attack.Databreach and means to obtain Attack.Databreach content from this file at will ” . The attack was uncovered after British company Context Information Security conducted a investigation of the IAAF ’ s systems at the request of the athletics body . Context Information Security said in a separate statement that it was a “ sophisticated intrusion ” and that “ the IAAF have understood the importance and impact of the attack and have provided us comprehensive assistance ” . Last year , Fancy Bear hacked Attack.Databreach into the World Anti-Doping Agency ( WADA ) database and published Attack.Databreach the confidential medical records of several dozen athletes . Those included cyclist Bradley Wiggins , the 2012 Tour de France winner and Britain ’ s most decorated Olympian with eight medals , who was revealed to have used TUEs before some races . Wiggins retired last year under something of a cloud after it was revealed he took corticosteroid triamcinolone for asthma , although he broke no anti-doping rules . The IAAF banned Russia ’ s athletics federation after a WADA commission report found evidence of state-sponsored doping . Almost all Russia ’ s athletes missed the track and field events at the Rio Olympics last year and are likely to also miss the world athletics championships in London in August

The company acknowledged the investigation after being contacted by Brian Krebs , confirming that it received a “ notification from a third party ” saying that info from cards used at GameStop.com were being offered for sale Attack.Databreach on the Dark Web . Krebs had been tipped off to the situation by financial industry sources , who said the compromise was likely active between mid-September 2016 and the first week of February 2017 . GameStop however didn ’ t confirm these data points . “ If Brian Krebs ’ report is correct , the GameStop breach Attack.Databreach has the potential to be a huge payday for hackers , ” said Vishal Gupta , CEO of Seclore , via email . “ Compromised credit-card numbers aren ’ t always easy to monetize , but in this case hackers were able to intercept Attack.Databreach CVV2 numbers…There is a reason companies aren ’ t allowed to store this CVV2 data in their own databases , so the fact that the hackers were able to intercept Attack.Databreach these security codes elevates the severity of the incident significantly ” . The timing could also be a key factor in the payoff for the crooks . “ If the reports about the Gamestop.com breach Attack.Databreach are right , then it shows how business-minded the bad guys can be . Hitting them during the Christmas season—when tons of distant relatives buying kids they hardly know gift cards for the one thing they know every kid wants—is pretty savvy timing , ” said Jonathan Sander , CTO , STEALTHbits Technologies . “ It also means these are purchases that many will barely recall making , and consumers were exercising the least caution they ever do as they rushed to get all their online shopping done ” . For now , details are skimpy as to what was stolen Attack.Databreach , when and how—no attack vector has yet been public . However , the company is large and hugely popular in the United States , with a global presence , so the potential for consumer exposure at scale , if the timeframe given is correct , could be significant . `` You can imagine a future where attacks such as this become so sophisticated and frequent that no one but the largest retailers can afford to defend against them , ” said John Gunn , CMO , VASCO Data Security . “ This would give the Amazons and Walmarts of the world a real competitive advantage in winning consumers ’ business . '' GameStop shoppers are advised to comb their purchase histories

The UK 's Foreign Office was targeted by highly motivated and well-resourced hackers over several months in 2016 . The BBC understands the government has investigated the previously unreported attack that began in April last year . The UK 's National Cyber Security Centre would not say whether data was stolen Attack.Databreach . But a source told the BBC that the most sensitive Foreign Office information is not kept on the systems targeted by the hackers . Research published on Thursday by cybersecurity firm F-Secure suggested the attack Attack.Phishing was a "spear-phishing" campaign Attack.Phishing , in which people were sent Attack.Phishing targeted emails in attempts to fool Attack.Phishing them into clicking a rogue link or handing over their username and password . To do this , the attackers created a number of web addresses designed to resemble Attack.Phishing legitimate Foreign Office websites , including those used for accessing webmail . F-Secure does not know whether the attack was successful . The company says the domains were created by hackers that it calls the Callisto Group , which it says is still active . However the UK 's National Cyber Security Centre ( NCSC ) declined to say who was behind the attack on the Foreign Office . The targeted emails that were sent out Attack.Phishing tried to fool Attack.Phishing targets into downloading malware which was first developed for law enforcement by the Italian software company Hacking Team . Hacking Team 's surveillance tools were previously exposed in a cyberattack , first reported in 2015 . There is no suggestion that Hacking Team had any involvement in the attacks . F-Secure said that the use of the software should remind governments that they `` do n't have monopolies on these [ surveillance ] technologies '' , and that once created the software can fall into the hands of hackers . The BBC has not seen evidence conclusively identifying the origin of the attack . A cybersecurity expert at another company , who wished to remain anonymous , found a link to information uncovered in the investigation of Russian efforts to influence the US election . Two of the phishing domains used by the hackers were once linked to an IP address mentioned in a US government report into Grizzly Steppe . Grizzly Steppe is the name given by the US government to efforts by `` Russian civilian and military intelligence services to compromise and exploit networks and endpoints associated with the US election '' . However , the cybersecurity expert noted that this connection between the phishing domain and Grizzly Steppe may be a coincidence , as over 300 other domains - many of them not hacking-related - were linked to the same IP address . F-Secure told the BBC that it did notice some similarity between the Callisto Group 's hacking and previous attacks that have been linked to Russia . However , it said despite some similarities in the tactics , techniques , procedures and targets of the Callisto Group , and the Russia-linked group known as APT28 , it believed the two were `` operationally '' separate . It noted that the Callisto Group was also less `` technically capable '' than APT28 .

A few months ago we exclusively reported on a Dark Web vendor selling 1 Billion user accounts stolen Attack.Databreach from the Chinese Internet giants . Now , another vendor going by the handle of CosmicDark is selling Attack.Databreach a database containing 100,759,591 user accounts stolen Attack.Databreach from of Youku Inc. , a popular video service in China . The database according to vendor ’ s listing was leaked Attack.Databreach in 2016 and leaked Attack.Databreach on the Internet this year . Although it is unclear how the database was stolen Attack.Databreach CosmicDark is selling Attack.Databreach the whole package for USD 300 ( BTC 0.2559 ) . The data contains emails and passwords decrypted with MD5 & SHA1 hashes . According to the sample data ( 552 accounts ) provided by CosmicDark , most of the emails are based on @ 163.com , @ qq.com , and @ xiaonei.com . It must be noted that based on HackRead ’ s research the encrypted passwords provided in the sample data have already been decrypted and publically available on the Internet . Also , HaveIbeenpwned , a platform where you can check if your account has been compromised Attack.Databreach has also confirmed the breach Attack.Databreach . It is unclear whether Youku Inc. is aware of the breach or has notified its users , however it is evident that it poses a massive privacy threat to their users . Furthermore , vendors in the same marketplace are selling Attack.Databreach 21 million Gmail and Yahoo accounts , 640,000 decrypted PlayStation accounts , millions of accounts from 11 hacked Bitcoin forums and millions of accounts stolen Attack.Databreach from 25 hacked vBulletin forums .

State officials are investigating the theft Attack.Databreach last week of equipment from a Cobb County precinct manager ’ s car that could make every Georgia voters ’ personal information vulnerable to theft Attack.Databreach . The equipment , used to check-in voters at the polls , was stolen Attack.Databreach Saturday evening , Secretary of State Brian Kemp said Monday . Cobb County elections director Janine Eveler said the stolen machine , known as an ExpressPoll unit , can not be used to fraudulently vote in Tuesday ’ s election but that it does contain a copy of Georgia ’ s statewide voter file . “ We have managed that so that what ’ s stolen could not impact the election , ” Eveler said . While the file includes drivers ’ license numbers , addresses and other data , it does not include Social Security numbers , Eveler said . But , she said , “ the poll book that was stolen Attack.Databreach did have a flash card with a voter list on it . But , it does require some knowledge or expertise to use machine to retrieve the information. ” Cobb County Police and the State Election Board are investigating . Kemp said it was “ unacceptable ” that Cobb officials waited two days to notify him of the theft Attack.Databreach . “ We have opened an investigation , and we are taking steps to ensure that it has no effect on the election tomorrow , ” Kemp said in a statement . “ I am confident that the results will not be compromised. ” Nearly 55,000 votes were cast in early voting ahead of Tuesday ’ s election , the culmination of a campaign that brought national attention to the state .

State officials are investigating the theft Attack.Databreach last week of equipment from a Cobb County precinct manager ’ s car that could make every Georgia voters ’ personal information vulnerable to theft Attack.Databreach . The equipment , used to check-in voters at the polls , was stolen Attack.Databreach Saturday evening , Secretary of State Brian Kemp said Monday . Cobb County elections director Janine Eveler said the stolen machine , known as an ExpressPoll unit , can not be used to fraudulently vote in Tuesday ’ s election but that it does contain a copy of Georgia ’ s statewide voter file . “ We have managed that so that what ’ s stolen could not impact the election , ” Eveler said . While the file includes drivers ’ license numbers , addresses and other data , it does not include Social Security numbers , Eveler said . But , she said , “ the poll book that was stolen Attack.Databreach did have a flash card with a voter list on it . But , it does require some knowledge or expertise to use machine to retrieve the information. ” Cobb County Police and the State Election Board are investigating . Kemp said it was “ unacceptable ” that Cobb officials waited two days to notify him of the theft Attack.Databreach . “ We have opened an investigation , and we are taking steps to ensure that it has no effect on the election tomorrow , ” Kemp said in a statement . “ I am confident that the results will not be compromised. ” Nearly 55,000 votes were cast in early voting ahead of Tuesday ’ s election , the culmination of a campaign that brought national attention to the state .

GREENVILLE , NC ( WITN ) - A dozen Eastern Carolina hotels are among the 1200 locations that were victims of a lengthy cyber attack Attack.Databreach last year . InterContinental Hotels Group says customer credit card information was stolen Attack.Databreach from franchised locations that include Holiday Inn , Holiday Inn Express , Candlewood Suites and Staybridge Suites . The hacking Attack.Databreach began on September 29th and continued at some locations for three months . Hackers used malware that searched for track data Attack.Databreach stored on magnetic stripes , which includes name , card number , expiration date and internal verification code , the company said . Those hotels in Eastern Carolina affected , and the dates of hacking were : Greenville - Holiday Inn at 203 Greenville Boulevard . Hacked from September 29 to December 29.Havelock - Holiday Inn Express . Hacked from September 29 to December 1.Jacksonville - Staybridge Suites on Cobia Court . Hacked from September 29 to December 29.Morehead City - Holiday Inn Express . Hacked from September 29 to November 4.Nags Head - Holiday Inn Express Oceanfront on South Virginia Dare Trail . Hacked from September 29 to December 29.New Bern - Holiday Inn Express on Dr. Martin Luther King Jr. Boulevard . Hacked from September 29 to December 12.New Bern - Candlewood Suites on Dr. Martin Luther King Jr. Bouvevard . Hacked from September 29 to December 29.Plymouth - Holiday Inn Express . Hacked from September 29 to December 29.Roanoke Rapids - Holiday Inn Express . Hacked from September 29 to December 15.Wilson - Holiday Inn Express at I-95 . Hacked from September 29 to December 29.Wilson - Holiday Inn Express Downtown . Hacked from September 29 to December 29.Wilson - Candlewood Suites . Hacked from September 29 to October 17 . IHG says it has since installed an encryption system that makes front desk payments more secure , while it is telling people who stayed at the hotels during that time that they should review their credit card statements for any fraudulent purchases .

HipChat has reset all its users ' passwords after what it called a security incident that may have exposed Attack.Databreach their names , email addresses and hashed password information . In some cases , attackers may have accessed Attack.Databreach messages and content in chat rooms , HipChat said in a Monday blog post . But this happened in no more than 0.05 percent of the cases , each of which involved a domain URL , such as company.hipchat.com . HipChat did n't say how many users may have been affected by the incident . The passwords that may have been exposed Attack.Databreach would also be difficult to crack , the company said . The data is hashed , or obscured , with the bcrypt algorithm , which transforms the passwords into a set of random-looking characters . For added security , HipChat `` salted '' each password with a random value before hashing it . HipChat warned that chat room data including the room name and topic may have also been exposed Attack.Databreach . But no financial or credit information was taken Attack.Databreach , the company said . HipChat is a popular messaging service used among enterprises , and an attack Attack.Databreach that exposed Attack.Databreach sensitive work-related chats could cause significant harm . The service , which is owned by Atlassian , said it detected the security incident last weekend . It affected Vulnerability-related.DiscoverVulnerability a server in the HipChat Cloud and was caused by a vulnerability in an unnamed , but popular , third-party library that HipChat.com used , the company said . No other Atlassian systems were affected , the company said . “ We are confident we have isolated the affected systems and closed any unauthorized access , ” HipChat said in its blog post . This is not the first time the messaging service has faced problems keeping accounts secure . In 2015 , HipChat reset user passwords after detecting and blocking suspicious activity in which account information was stolen Attack.Databreach from less than 2 percent of its users . When breaches occur , security experts advise users to change their passwords for any accounts where they used the same login information . Users can consider using a password manager to help them store complex , tough-to-memorize passwords . HipChat has already sent an email to affected users , informing them of the password reset . In 2015 , rival chat application Slack reported its own breach , and as a result rolled out two-factor authentication to beef up its account security . HipChat does not offer two-factor authentication .

Kmart has suffered another credit card breach Attack.Databreach , its second in three years . This time though , its chip-and-PIN card readers significantly contained the fallout . Kmart is not saying how many of its 750 stores in the US were affected by the point-of-sale ( PoS ) malware , but it stressed that no personal data , including names , addresses , Social Security Numbers or email addresses , was stolen Attack.Databreach . It also talked up its EMV reader implementation . Kmart has EMV-enabled terminals in its stores , forcing customers with chip cards to insert their cards instead of swiping their stripes , which minimized the impact of the infection . Still , as independent researcher Brian Krebs reported , those consumers without chip cards could feel significant effects : “ The malware copies Attack.Databreach account data stored on the card ’ s magnetic stripe , ” he explained . “ Armed with that information , thieves can effectively clone the cards and use them to buy high-priced merchandise from electronics stores and big box retailers. ” Several financial institutions flagged the breach to Krebs , indicating that fraud is indeed occurring as a result of the attack , though again , no details are available as to how widespread the impact is . The incident has no relation to previous breaches , the bargain retailer said in an FAQ , noting that it ’ s confident that it was successful in eradicating any residual traces of malware or persistence left behind by earlier attacks . Instead , its payment systems were infected with malware that Kmart says was “ undetectable ” by its antivirus protections . “ Does this mean that we may be dealing with an entirely new family of malware or methods of infecting POS terminals , or that the solution they were using was unable to detect the threat ? ” said Richard Henderson , Global Security Strategist , Absolute , via email . “ If the former , then it will be absolutely critical for Kmart to get information about this attack to other retailers , antivirus companies and network security appliance vendors so that everyone can both look for indicators of compromise inside their own networks and bolster defenses against this new threat. ” If a hole was simply found in KMart 's defenses , it brings up the need for a defense-in-depth approach , he added . The incident was a passing test for the PCI DSS standard of payment security as well , some said . `` This is another example what cybersecurity experts are saying day by day : no IT systems can stay safe if they hold something valuable , ” said Csaba Krasznay , product evangelist at Balabit , in a note . “ More than 10 years ago , T.J.Maxx suffered a very similar data breach Attack.Databreach when approximately 100 million cards data was stolen Attack.Databreach . That incident helped the drive for credit-card companies to introduce PCI DSS as a mandatory security standard for everyone who manages card data . If Kmart was really able to avoid large scale data leakage , then we can be sure that PCI DSS is mature and useful enough in these circumstances , at this point . ''