personal information on about 80,000 employees , volunteers and vendors from a CPS database . The former worker , Kristi Sims , was arrested Thursday ; officers recovered the stolen files after executing search warrants , according to CPS and Chicago police officials . Sims , 28 , is a former contractor who handled administrative tasks for the Office of Safety and Security . Sims was ordered released on her own recognizance at a bond hearing Friday at the Leighton Criminal Court Building by Judge Sophia Atcherson ; Sims also was ordered not to access to the internet while the case continues . In a letter to employees Thursday evening , CPS Chief Operating Officer Arnie Rivera said the district learned of the massive data breachAttack.DatabreachWednesday , the day after the information was stolenAttack.Databreach. Among the data stolenAttack.Databreachwere names , employee ID numbers , phone numbers , addresses , dates of birth , criminal arrest histories and DCFS findings . Social Security numbers were not takenAttack.Databreach, Rivera said . “ There was no indication that the information , which was in the individual ’ s possession for approximately 24 hours , was used or disseminated to anyone in any way , ” Rivera added . A CPS spokesman referred questions about the criminal charges to Chicago police , but Rivera said “ CPS will work to ensure the individual is prosecuted to the fullest extent of the law. ” CPD spokesman Anthony Guglielmi said Sims is also suspected of deleting the targeted files from the CPS database after they were stolenAttack.Databreach. The digital equipment seized in the warrant is being analyzed , and a search warrant is underway for Sims ’ s email account , Guglielmi said . Though police say they don ’ t believe anyone other than Sims was in possession of the data , they hope to learn more about what might have been done with the information . This latest CPS data breachAttack.Databreachcomes only a few months after the school district mistakenly sent a mass email that linked to the private information of thousands of students and families . The email invited families to submit supplemental applications to selective enrollment schools . Attached at the bottom of the email was a link to a spreadsheet with the personal data of more than 3,700 students and families . In that incident , CPS apologized for the “ unacceptable breachAttack.Databreachof both student information and your trust ” and asked recipients of the email to delete the sensitive information . The data included children ’ s names , home and cellphone numbers , email addresses and ID numbers .
The Federal Bureau of Investigation has issued a warning to healthcare organizations using File Transfer Protocol ( FTP ) servers . Medical and dental organizations have been advised to ensure FTP servers are configured to require users to be properly authenticated before access to stored data can be gained . Many FTP servers are configured to allow anonymous access using a common username such as ‘ FTP ’ or ‘ anonymous ’ . In some cases , a generic password is required , although security researchers have discoveredVulnerability-related.DiscoverVulnerabilitythat in many cases , FTP servers can be accessed without a password . The FBI warningVulnerability-related.DiscoverVulnerabilitycites research conducted by the University of Michigan in 2015 that revealedVulnerability-related.DiscoverVulnerabilitymore than 1 million FTP servers allowed anonymous access to stored data The FBI warns that hackers are targeting these anonymous FTP servers to gain accessAttack.Databreachto the protected health information of patients . PHI carries a high value on the black market as it can be used for identity theft and fraud . Healthcare organizations could also be blackmailedAttack.Ransomif PHI is stolenAttack.Databreach. Last year , the hacker operating under the name TheDarkOverlord conducted a number of attacksAttack.Databreachon healthcare organizations . The protected health information of patients was stolenAttack.Databreachand organizations were threatened with the publication of data if a sizable ransom paymentAttack.Ransomwas not made . In some cases , patient data were published online when payment was not receivedAttack.Ransom. There are reasons why IT departments require FTP servers to accept anonymous requests ; however , if that is the case , those servers should not be used to store any protected health information of patients . If PHI must be stored on the servers , they can not be configured to run in anonymous mode . The FBI suggests all healthcare organizations should instruct their IT departments to check the configuration of their FTP servers to ensure they are not running in anonymous mode and to take immediate action to secure those servers and reduce risk if they are .
The email-borne attack locked the city ’ s servers and many of the daily business functions , officials said . ( TNS ) -- SPRING HILL , Tenn. — The city was the victim of a recent cyber-attackAttack.Ransom, which caused its computer system to lock with a ransomAttack.Ransomof $ 250,000 . Spring Hill was one of several other local government agencies who were victim to the attackAttack.Ransom, and city officials say they do not believe any citizen or customer account information was stolenAttack.Databreachor compromisedAttack.Databreach. It did , however , temporarily halt any online credit or debit card payments . `` We received a ransomware attackAttack.RansomFriday evening that ended up going in and locking our servers . It affected all of our departments , and we have been in recovery mode ever since [ Sunday ] , '' City Administrator Victor Lay said . `` We 've now been able to , at least minimally , conduct business , although the manual system of paper and pencil seems to work pretty well against those kinds of things . '' Lay added that the `` appropriate government authorities '' have been contacted about the incident , which will meet later this week to discuss an investigation into the incident . He said it was not a `` hack '' per se , but a virus created from a downloadable email attachment , locking the system using an encryption key . `` We 're working through it . Obviously , we chose not to pay the ransomAttack.Ransom. We 're working through the system and it 's going to take us a few days to get things all back to normal , but we 're getting there . ''
A Vermont business 's computer system was attackedAttack.Ransomby hackers and held for ransomAttack.Ransom. It may sound like a movie plot but ransomware attacksAttack.Ransomlike these are on the rise . According to their 2017 Internet Crime report , last year the FBI received 1,783 complaints identified as ransomware . The adjusted losses from the attacks was over $ 2.3 million . An example of a ransomware attackAttack.Ransomis software that downloads to your computer , encrypts your data and then demands moneyAttack.Ransomto get it back . It 's technological extortion , essentially . And that 's what happened to Wendell 's Furniture in Colchester at the end of last month . `` Our servers crashed and when our IT guy came to take care of the problem , I asked him how the patient was doing and he just got kind of an ashen look on his face and he just shook his head and I knew we were in trouble , '' said Ryan Farrell , the vice president of Wendell 's Furniture . Farrell says in their nearly 20 years of business , they 've never had this type of cybersecurity attack . `` I honestly do n't think I believed it to begin with . It 's something you see in the movies , something you see on TV but it 's never something that I thought would happen to us , especially here in Vermont , '' Farrell said . The company 's sales information from the last 5-10 years was stolenAttack.Databreach, including customers ' names , addresses , phone numbers and email addresses . However , no credit card numbers were part of the breach . `` My message to customers is not to panic , do n't be worried about your information , '' Farrell said . `` Just know that it 's going to take us just a little bit more time to get your sofa to you but we 're open for business . '' Wendell 's was able to recover most of the data but not all of it . They are still missing several months ' worth of data . `` Everything that used to be easy is now really hard , '' Farrell said . A McAfee report shows that ransomware attacksAttack.Ransomare up more than 100 percent in the second quarter of 2018 over that same time frame in 2016 . Duane Dunston teaches cybersecurity at Champlain College and says these attacks can be hard to count . `` It 's not really clear because many organizations may not report it , '' he said . `` It may be easier for them to give them the money and just move on . '' Wendell 's ended up paying thousands of dollars but Dunston says that can have repercussions . `` One of the dangers is that they can come back and ask for more money at a later time , '' he explained . `` There really is no way to know whether they are going to delete the data or whatever they are demanding . '' Dunston says there is lots of public information on how to protect your data but to make sure you are backing it up and updating your security systems . Wendell 's has now reinforced its computer firewalls and replaced parts of its infrastructure that are susceptible to attack . `` We 're getting back on our feet , '' Farrell said . Customers who financed their purchase with Synchrony Financial may have had their account numbers compromised , but according to Wendell 's that threat is low . The business has sent out about 500 letters notifying customers and says they are doing their best to get the word out .
Forrester , one of the world 's leading market research and investment advisory firms , admitted late Friday afternoon to a security breach that took place during the past week . The company says that a yet to be identified attacker ( or attackers ) has gained accessAttack.Databreachto the infrastructure hosting its website — Forrester.com . Forrester is using this website to allow customers to log in and download research specific to their contracts . The company provides statistics , trends , and other market research , which clients use to take decisions before launching new products or business endeavors . Attacker stoleAttack.Databreachsite credentials and stoleAttack.Databreachproprietary research Steven Peltzman , Forrester 's Chief Business Technology Officer , says the attacker stoleAttack.Databreachvalid Forrester.com user credentials that gave him access to Forrester.com accounts . `` The hacker used that access to stealAttack.Databreachresearch reports made available to our clients , '' he said . `` There is no evidence that confidential client data , financial information , or confidential employee data was accessed or exposedAttack.Databreachas part of the incident , '' Peltzman clarified . Even if no sensitive customer data was stolenAttack.Databreach, the market research information to which hackers had accessAttack.Databreachis very valuable in the hands of an economic espionage hacker group , allowing it to determine what technologies are Forrester 's customers working on , or what products they 're ready to launch . This information could then be resold on dark markets or competitors , or hackers could also use it to select future targets — companies that are ready to launch valuable products . `` We recognize that hackers will attack attractive targets — in this case , our research IP . We also understand there is a tradeoff between making it easy for our clients to access our research and security measures , '' said George F. Colony , Chairman and Chief Executive Officer of Forrester . `` We feel that we have taken a common-sense approach to those two priorities ; however , we will continuously look at that balance to respond to changing cybersecurity risk . '' Forrester is the fourth major financial and business entity that suffered or announced a security incident in the past month . The other three include credit rating and reporting firm Equifax , the US Securities and Exchange Commission ( SEC ) , and accounting , auditing , and corporate finance consulting firm Deloitte .
Hong Kong might just have experienced its biggest ever data breachAttack.Databreachafter the personal details of the Special Administrative Region ( SAR ) ’ s 3.7 million voters were stolenAttack.Databreachon two laptops . The details are said to have included ID card numbers , addresses and mobile phone numbers . They were stored on two laptops in a locked room at the AsiaWorld-Expo conference center near the airport . The center is said to be the “ back-up venue ” for the region ’ s chief executive elections , which took place over the weekend . The Registration and Electoral Office has reported the theft to police and told the South China Morning Post that the details of voters were encrypted – although it ’ s unclear how strong that encryption is . It ’ s also unclear why the details of 3.7m voters were stored on the laptops when only an Election Committee of 1194 specially chosen business and political leaders is allowed to pick Hong Kong ’ s CEO . The SAR ’ s privacy watchdog said in a statement that it is launching an investigation into the matter . Over a three-year period from 2013 to 2016 , the privacy commissioner ’ s office is said to have received 253 data breachAttack.Databreachnotifications . Eduard Meelhuysen , EMEA boss at Bitglass , argued that public sector breaches stand out as particularly concerning . `` Whether it ’ s the NHS or the Hong Kong Registration and Electoral Office , these organizations need to remember their duty of care , not to mention legal obligations , to protect citizens ' and employees ' data , ” he said . “ This means not only keeping sensitive data encrypted , but also controlling where it goes using tools like access control and data leakage prevention . Is it really a business necessity to store the information of millions of citizens on a laptop ? '' In a separate incident , a laptop was stolenAttack.Databreachfrom Queen Mary Hospital last year , containing the personal details of nearly 4000 patients
In a statement , Sanrio said they didn ’ t believe any data was stolenAttack.Databreach. Now , over a year later , the database has surfaced online . Its resurrection places 3.3 million Hello Kitty fans in the hot seat . On December 19 , 2015 , Salted Hash broke the news that a MongoDB installation for Sanrio , the company behind Hello Kitty , was exposed to the public . The database was discovered by security researcher Chris Vickery . Learn about top security certifications : Who they 're for , what they cost , and which you need . At the time , Sanrio speculated the exposure was due to maintenance conducted several weeks prior , on November 20 , 2015 . The database contained just over 3.3 million records from sanriotown.com , including 186,261 records assigned to people under the age of 18 . Three days after the story broke , on December 22 , 2015 , Sanrio said they investigated the problem and fixed it . “ In addition , new security measures have been applied on the server ( s ) ; and we are conducting an internal investigation and security review into this incident . To the Company ’ s current knowledge , no data was stolen or exposedAttack.Databreach, ” the statement concluded . Unfortunately , someone did copyAttack.Databreachthe database before the configuration error was fixed . On Sunday , Salted Hash learned that the Sanrio database was added to the LeakedSource index . Examining the LeakedSource records and comparing the field names to the screenshots shared by Vickery in 2015 , the data is a match . For example , both sets of data use the “ _createdFrom ” field , as well as “ dateOfBirth ” , “ gender ” , “ firstName ” , “ lastName ” , etc . In both databases , the records contain the account holder ’ s first and last name , birthday ( encoded , but easily reversed ) , gender , country of origin , email addresses , user name , password ( unsalted SHA-1 hash ) , password hint question , and the corresponding answer . However , there is a field in the LeakedSource records that is new to this story , “ incomeRange ” with values running from 0 to 150 . It isn ’ t clear what these values represent , but not every record has them . As was the case previously , the fear is that the exposed database could cause problems for those registered , especially the children . It ’ s hard enough to deal with ID theft related issues as an adult . Such issues are only compounded for children , as the problems might not materialize for several years . This is true today as well , but there ’ s no telling who followed the advice . Also , there is no way to track who had access to this database , as it ’ s been circulating out of the public eye for a least a year before it was shared with LeakedSource . Salted Hash has reached out to Sanrio for comment . Anyone with concerns about the information exposed can checkout Consumer.gov for advice on recovering from identity theft . In it , they briefly recap the events from 2015 , including their previous alert . The statement goes on to dismiss the latest news , despite sample records matching the previously exposed database . `` Recently , reports have surfaced claiming that the 2015 data breachAttack.Databreachwas not corrected . At this time , there is no evidence to support this claim . The original data breachAttack.Databreachfrom SanrioTown.com users in 2015 did not include credit card information or other payment information . Users ’ passwords are encrypted with the cryptographic hash function SHA-1 . `` SanrioTown and Sanrio Digital notified users about the incident , advising them to change their passwords . It should be noted that this current Sanrio database currently circulating onlineAttack.Databreachdoes n't have any financial data , and there have been no claims otherwise . Salted Hash has asked additional questions surrounding the sample data sharedAttack.Databreachwith Sanrio . After reviewing the sample data sets sharedAttack.Databreachby Salted Hash , Sanrio has confirmed that the data indexed by LeakedSource `` looks real '' and likely originated from the exposed database in 2015 . However , the company stopped short of confirming that LeakedSource 's records and the records exposed two years ago are one in the same . “ Sanrio Digital recently received evidence that a 2015 data breachAttack.Databreachof the SanrioTown web site involved some user data theftAttack.Databreach, ” the company said in a statement . “ At the time , we had no evidence of data theftAttack.Databreach, however we have now learned from reporter Steve Ragan of CSO Online that personal information of SanrioTown.com users was stolenAttack.Databreachduring the 2015 data breachAttack.Databreach. According to Mr. Ragan , a database containing information of 3,345,168 SanrioTown users has been circulatingAttack.Databreachsince the time of the incident . “ He received the sample records from LeakedSource containing information of 30 SanrioTown users . We have verified that these sample records appear to be real . We can not , however , relate the source of such sample records to the 2015 data breachAttack.Databreachand we are unable to verify whether the database of LeakedSource contains information of 3,345,168 SanrioTown users stolenAttack.Databreachduring the 2015 SanrioTown data breachAttack.Databreach”
In a statement , Sanrio said they didn ’ t believe any data was stolenAttack.Databreach. Now , over a year later , the database has surfaced online . Its resurrection places 3.3 million Hello Kitty fans in the hot seat . On December 19 , 2015 , Salted Hash broke the news that a MongoDB installation for Sanrio , the company behind Hello Kitty , was exposed to the public . The database was discovered by security researcher Chris Vickery . Learn about top security certifications : Who they 're for , what they cost , and which you need . At the time , Sanrio speculated the exposure was due to maintenance conducted several weeks prior , on November 20 , 2015 . The database contained just over 3.3 million records from sanriotown.com , including 186,261 records assigned to people under the age of 18 . Three days after the story broke , on December 22 , 2015 , Sanrio said they investigated the problem and fixed it . “ In addition , new security measures have been applied on the server ( s ) ; and we are conducting an internal investigation and security review into this incident . To the Company ’ s current knowledge , no data was stolen or exposedAttack.Databreach, ” the statement concluded . Unfortunately , someone did copyAttack.Databreachthe database before the configuration error was fixed . On Sunday , Salted Hash learned that the Sanrio database was added to the LeakedSource index . Examining the LeakedSource records and comparing the field names to the screenshots shared by Vickery in 2015 , the data is a match . For example , both sets of data use the “ _createdFrom ” field , as well as “ dateOfBirth ” , “ gender ” , “ firstName ” , “ lastName ” , etc . In both databases , the records contain the account holder ’ s first and last name , birthday ( encoded , but easily reversed ) , gender , country of origin , email addresses , user name , password ( unsalted SHA-1 hash ) , password hint question , and the corresponding answer . However , there is a field in the LeakedSource records that is new to this story , “ incomeRange ” with values running from 0 to 150 . It isn ’ t clear what these values represent , but not every record has them . As was the case previously , the fear is that the exposed database could cause problems for those registered , especially the children . It ’ s hard enough to deal with ID theft related issues as an adult . Such issues are only compounded for children , as the problems might not materialize for several years . This is true today as well , but there ’ s no telling who followed the advice . Also , there is no way to track who had access to this database , as it ’ s been circulating out of the public eye for a least a year before it was shared with LeakedSource . Salted Hash has reached out to Sanrio for comment . Anyone with concerns about the information exposed can checkout Consumer.gov for advice on recovering from identity theft . In it , they briefly recap the events from 2015 , including their previous alert . The statement goes on to dismiss the latest news , despite sample records matching the previously exposed database . `` Recently , reports have surfaced claiming that the 2015 data breachAttack.Databreachwas not corrected . At this time , there is no evidence to support this claim . The original data breachAttack.Databreachfrom SanrioTown.com users in 2015 did not include credit card information or other payment information . Users ’ passwords are encrypted with the cryptographic hash function SHA-1 . `` SanrioTown and Sanrio Digital notified users about the incident , advising them to change their passwords . It should be noted that this current Sanrio database currently circulating onlineAttack.Databreachdoes n't have any financial data , and there have been no claims otherwise . Salted Hash has asked additional questions surrounding the sample data sharedAttack.Databreachwith Sanrio . After reviewing the sample data sets sharedAttack.Databreachby Salted Hash , Sanrio has confirmed that the data indexed by LeakedSource `` looks real '' and likely originated from the exposed database in 2015 . However , the company stopped short of confirming that LeakedSource 's records and the records exposed two years ago are one in the same . “ Sanrio Digital recently received evidence that a 2015 data breachAttack.Databreachof the SanrioTown web site involved some user data theftAttack.Databreach, ” the company said in a statement . “ At the time , we had no evidence of data theftAttack.Databreach, however we have now learned from reporter Steve Ragan of CSO Online that personal information of SanrioTown.com users was stolenAttack.Databreachduring the 2015 data breachAttack.Databreach. According to Mr. Ragan , a database containing information of 3,345,168 SanrioTown users has been circulatingAttack.Databreachsince the time of the incident . “ He received the sample records from LeakedSource containing information of 30 SanrioTown users . We have verified that these sample records appear to be real . We can not , however , relate the source of such sample records to the 2015 data breachAttack.Databreachand we are unable to verify whether the database of LeakedSource contains information of 3,345,168 SanrioTown users stolenAttack.Databreachduring the 2015 SanrioTown data breachAttack.Databreach”
The IAAF said in a statement the hacking group known as Fancy Bear , which has been linked by western governments and security experts to a Russian spy agency blamed for some of the cyber operations that marred the 2016 U.S. election , was believed to be behind the attack of medical records in February . The hack targeted information concerning applications by athletics for Therapeutic Use Exemptions , the IAAF said . Athletes who had applied for TUEs since 2012 have been contacted and IAAF president , Sebastian Coe , apologized . ” Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential , ” Coe said in the statement . “ They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation ” . TUEs are issued by sports federations and national anti-doping organizations to allow athletes to take certain banned substances for verified medical needs . The IAAF said that data on athlete TUEs was “ collectedAttack.Databreachfrom a file server and stored on a newly created file ” . “ The attack by Fancy Bear , also known as APT28 , was detected during a proactive investigation carried out by cyber incident response ( CIR ) firm Context Information Security , ” the IAAF said . Private security firms and U.S. officials have said Fancy Bear works primarily on behalf of the GRU , Russia ’ s military intelligence agency . Fancy Bear could not be immediately reached for comment . The group and other Russian hackers were behind the cyber attacks during the U.S. presidential election last year that were intended to discredit Democratic candidate Hillary Clinton and help Donald Trump , a Republican , win , according to U.S. intelligence agencies . It was not known if the information was stolenAttack.Databreachfrom the network , the IAAF said , but the incident was “ a strong indication of the attackers ’ interest and intent , and shows they had accessAttack.Databreachand means to obtainAttack.Databreachcontent from this file at will ” . The attack was uncovered after British company Context Information Security conducted a investigation of the IAAF ’ s systems at the request of the athletics body . Context Information Security said in a separate statement that it was a “ sophisticated intrusion ” and that “ the IAAF have understood the importance and impact of the attack and have provided us comprehensive assistance ” . Last year , Fancy Bear hackedAttack.Databreachinto the World Anti-Doping Agency ( WADA ) database and publishedAttack.Databreachthe confidential medical records of several dozen athletes . Those included cyclist Bradley Wiggins , the 2012 Tour de France winner and Britain ’ s most decorated Olympian with eight medals , who was revealed to have used TUEs before some races . Wiggins retired last year under something of a cloud after it was revealed he took corticosteroid triamcinolone for asthma , although he broke no anti-doping rules . The IAAF banned Russia ’ s athletics federation after a WADA commission report found evidence of state-sponsored doping . Almost all Russia ’ s athletes missed the track and field events at the Rio Olympics last year and are likely to also miss the world athletics championships in London in August
The company acknowledged the investigation after being contacted by Brian Krebs , confirming that it received a “ notification from a third party ” saying that info from cards used at GameStop.com were being offered for saleAttack.Databreachon the Dark Web . Krebs had been tipped off to the situation by financial industry sources , who said the compromise was likely active between mid-September 2016 and the first week of February 2017 . GameStop however didn ’ t confirm these data points . “ If Brian Krebs ’ report is correct , the GameStop breachAttack.Databreachhas the potential to be a huge payday for hackers , ” said Vishal Gupta , CEO of Seclore , via email . “ Compromised credit-card numbers aren ’ t always easy to monetize , but in this case hackers were able to interceptAttack.DatabreachCVV2 numbers…There is a reason companies aren ’ t allowed to store this CVV2 data in their own databases , so the fact that the hackers were able to interceptAttack.Databreachthese security codes elevates the severity of the incident significantly ” . The timing could also be a key factor in the payoff for the crooks . “ If the reports about the Gamestop.com breachAttack.Databreachare right , then it shows how business-minded the bad guys can be . Hitting them during the Christmas season—when tons of distant relatives buying kids they hardly know gift cards for the one thing they know every kid wants—is pretty savvy timing , ” said Jonathan Sander , CTO , STEALTHbits Technologies . “ It also means these are purchases that many will barely recall making , and consumers were exercising the least caution they ever do as they rushed to get all their online shopping done ” . For now , details are skimpy as to what was stolenAttack.Databreach, when and how—no attack vector has yet been public . However , the company is large and hugely popular in the United States , with a global presence , so the potential for consumer exposure at scale , if the timeframe given is correct , could be significant . `` You can imagine a future where attacks such as this become so sophisticated and frequent that no one but the largest retailers can afford to defend against them , ” said John Gunn , CMO , VASCO Data Security . “ This would give the Amazons and Walmarts of the world a real competitive advantage in winning consumers ’ business . '' GameStop shoppers are advised to comb their purchase histories
The UK 's Foreign Office was targeted by highly motivated and well-resourced hackers over several months in 2016 . The BBC understands the government has investigated the previously unreported attack that began in April last year . The UK 's National Cyber Security Centre would not say whether data was stolenAttack.Databreach. But a source told the BBC that the most sensitive Foreign Office information is not kept on the systems targeted by the hackers . Research published on Thursday by cybersecurity firm F-Secure suggested the attackAttack.Phishingwas a "spear-phishing" campaignAttack.Phishing, in which people were sentAttack.Phishingtargeted emails in attempts to foolAttack.Phishingthem into clicking a rogue link or handing over their username and password . To do this , the attackers created a number of web addresses designed to resembleAttack.Phishinglegitimate Foreign Office websites , including those used for accessing webmail . F-Secure does not know whether the attack was successful . The company says the domains were created by hackers that it calls the Callisto Group , which it says is still active . However the UK 's National Cyber Security Centre ( NCSC ) declined to say who was behind the attack on the Foreign Office . The targeted emails that were sent outAttack.Phishingtried to foolAttack.Phishingtargets into downloading malware which was first developed for law enforcement by the Italian software company Hacking Team . Hacking Team 's surveillance tools were previously exposed in a cyberattack , first reported in 2015 . There is no suggestion that Hacking Team had any involvement in the attacks . F-Secure said that the use of the software should remind governments that they `` do n't have monopolies on these [ surveillance ] technologies '' , and that once created the software can fall into the hands of hackers . The BBC has not seen evidence conclusively identifying the origin of the attack . A cybersecurity expert at another company , who wished to remain anonymous , found a link to information uncovered in the investigation of Russian efforts to influence the US election . Two of the phishing domains used by the hackers were once linked to an IP address mentioned in a US government report into Grizzly Steppe . Grizzly Steppe is the name given by the US government to efforts by `` Russian civilian and military intelligence services to compromise and exploit networks and endpoints associated with the US election '' . However , the cybersecurity expert noted that this connection between the phishing domain and Grizzly Steppe may be a coincidence , as over 300 other domains - many of them not hacking-related - were linked to the same IP address . F-Secure told the BBC that it did notice some similarity between the Callisto Group 's hacking and previous attacks that have been linked to Russia . However , it said despite some similarities in the tactics , techniques , procedures and targets of the Callisto Group , and the Russia-linked group known as APT28 , it believed the two were `` operationally '' separate . It noted that the Callisto Group was also less `` technically capable '' than APT28 .
A few months ago we exclusively reported on a Dark Web vendor selling 1 Billion user accounts stolenAttack.Databreachfrom the Chinese Internet giants . Now , another vendor going by the handle of CosmicDark is sellingAttack.Databreacha database containing 100,759,591 user accounts stolenAttack.Databreachfrom of Youku Inc. , a popular video service in China . The database according to vendor ’ s listing was leakedAttack.Databreachin 2016 and leakedAttack.Databreachon the Internet this year . Although it is unclear how the database was stolenAttack.DatabreachCosmicDark is sellingAttack.Databreachthe whole package for USD 300 ( BTC 0.2559 ) . The data contains emails and passwords decrypted with MD5 & SHA1 hashes . According to the sample data ( 552 accounts ) provided by CosmicDark , most of the emails are based on @ 163.com , @ qq.com , and @ xiaonei.com . It must be noted that based on HackRead ’ s research the encrypted passwords provided in the sample data have already been decrypted and publically available on the Internet . Also , HaveIbeenpwned , a platform where you can check if your account has been compromisedAttack.Databreachhas also confirmed the breachAttack.Databreach. It is unclear whether Youku Inc. is aware of the breach or has notified its users , however it is evident that it poses a massive privacy threat to their users . Furthermore , vendors in the same marketplace are sellingAttack.Databreach21 million Gmail and Yahoo accounts , 640,000 decrypted PlayStation accounts , millions of accounts from 11 hacked Bitcoin forums and millions of accounts stolenAttack.Databreachfrom 25 hacked vBulletin forums .
State officials are investigating the theftAttack.Databreachlast week of equipment from a Cobb County precinct manager ’ s car that could make every Georgia voters ’ personal information vulnerable to theftAttack.Databreach. The equipment , used to check-in voters at the polls , was stolenAttack.DatabreachSaturday evening , Secretary of State Brian Kemp said Monday . Cobb County elections director Janine Eveler said the stolen machine , known as an ExpressPoll unit , can not be used to fraudulently vote in Tuesday ’ s election but that it does contain a copy of Georgia ’ s statewide voter file . “ We have managed that so that what ’ s stolen could not impact the election , ” Eveler said . While the file includes drivers ’ license numbers , addresses and other data , it does not include Social Security numbers , Eveler said . But , she said , “ the poll book that was stolenAttack.Databreachdid have a flash card with a voter list on it . But , it does require some knowledge or expertise to use machine to retrieve the information. ” Cobb County Police and the State Election Board are investigating . Kemp said it was “ unacceptable ” that Cobb officials waited two days to notify him of the theftAttack.Databreach. “ We have opened an investigation , and we are taking steps to ensure that it has no effect on the election tomorrow , ” Kemp said in a statement . “ I am confident that the results will not be compromised. ” Nearly 55,000 votes were cast in early voting ahead of Tuesday ’ s election , the culmination of a campaign that brought national attention to the state .
State officials are investigating the theftAttack.Databreachlast week of equipment from a Cobb County precinct manager ’ s car that could make every Georgia voters ’ personal information vulnerable to theftAttack.Databreach. The equipment , used to check-in voters at the polls , was stolenAttack.DatabreachSaturday evening , Secretary of State Brian Kemp said Monday . Cobb County elections director Janine Eveler said the stolen machine , known as an ExpressPoll unit , can not be used to fraudulently vote in Tuesday ’ s election but that it does contain a copy of Georgia ’ s statewide voter file . “ We have managed that so that what ’ s stolen could not impact the election , ” Eveler said . While the file includes drivers ’ license numbers , addresses and other data , it does not include Social Security numbers , Eveler said . But , she said , “ the poll book that was stolenAttack.Databreachdid have a flash card with a voter list on it . But , it does require some knowledge or expertise to use machine to retrieve the information. ” Cobb County Police and the State Election Board are investigating . Kemp said it was “ unacceptable ” that Cobb officials waited two days to notify him of the theftAttack.Databreach. “ We have opened an investigation , and we are taking steps to ensure that it has no effect on the election tomorrow , ” Kemp said in a statement . “ I am confident that the results will not be compromised. ” Nearly 55,000 votes were cast in early voting ahead of Tuesday ’ s election , the culmination of a campaign that brought national attention to the state .
GREENVILLE , NC ( WITN ) - A dozen Eastern Carolina hotels are among the 1200 locations that were victims of a lengthy cyber attackAttack.Databreachlast year . InterContinental Hotels Group says customer credit card information was stolenAttack.Databreachfrom franchised locations that include Holiday Inn , Holiday Inn Express , Candlewood Suites and Staybridge Suites . The hackingAttack.Databreachbegan on September 29th and continued at some locations for three months . Hackers used malware that searched for track dataAttack.Databreachstored on magnetic stripes , which includes name , card number , expiration date and internal verification code , the company said . Those hotels in Eastern Carolina affected , and the dates of hacking were : Greenville - Holiday Inn at 203 Greenville Boulevard . Hacked from September 29 to December 29.Havelock - Holiday Inn Express . Hacked from September 29 to December 1.Jacksonville - Staybridge Suites on Cobia Court . Hacked from September 29 to December 29.Morehead City - Holiday Inn Express . Hacked from September 29 to November 4.Nags Head - Holiday Inn Express Oceanfront on South Virginia Dare Trail . Hacked from September 29 to December 29.New Bern - Holiday Inn Express on Dr. Martin Luther King Jr. Boulevard . Hacked from September 29 to December 12.New Bern - Candlewood Suites on Dr. Martin Luther King Jr. Bouvevard . Hacked from September 29 to December 29.Plymouth - Holiday Inn Express . Hacked from September 29 to December 29.Roanoke Rapids - Holiday Inn Express . Hacked from September 29 to December 15.Wilson - Holiday Inn Express at I-95 . Hacked from September 29 to December 29.Wilson - Holiday Inn Express Downtown . Hacked from September 29 to December 29.Wilson - Candlewood Suites . Hacked from September 29 to October 17 . IHG says it has since installed an encryption system that makes front desk payments more secure , while it is telling people who stayed at the hotels during that time that they should review their credit card statements for any fraudulent purchases .
HipChat has reset all its users ' passwords after what it called a security incident that may have exposedAttack.Databreachtheir names , email addresses and hashed password information . In some cases , attackers may have accessedAttack.Databreachmessages and content in chat rooms , HipChat said in a Monday blog post . But this happened in no more than 0.05 percent of the cases , each of which involved a domain URL , such as company.hipchat.com . HipChat did n't say how many users may have been affected by the incident . The passwords that may have been exposedAttack.Databreachwould also be difficult to crack , the company said . The data is hashed , or obscured , with the bcrypt algorithm , which transforms the passwords into a set of random-looking characters . For added security , HipChat `` salted '' each password with a random value before hashing it . HipChat warned that chat room data including the room name and topic may have also been exposedAttack.Databreach. But no financial or credit information was takenAttack.Databreach, the company said . HipChat is a popular messaging service used among enterprises , and an attackAttack.Databreachthat exposedAttack.Databreachsensitive work-related chats could cause significant harm . The service , which is owned by Atlassian , said it detected the security incident last weekend . It affectedVulnerability-related.DiscoverVulnerabilitya server in the HipChat Cloud and was caused by a vulnerability in an unnamed , but popular , third-party library that HipChat.com used , the company said . No other Atlassian systems were affected , the company said . “ We are confident we have isolated the affected systems and closed any unauthorized access , ” HipChat said in its blog post . This is not the first time the messaging service has faced problems keeping accounts secure . In 2015 , HipChat reset user passwords after detecting and blocking suspicious activity in which account information was stolenAttack.Databreachfrom less than 2 percent of its users . When breaches occur , security experts advise users to change their passwords for any accounts where they used the same login information . Users can consider using a password manager to help them store complex , tough-to-memorize passwords . HipChat has already sent an email to affected users , informing them of the password reset . In 2015 , rival chat application Slack reported its own breach , and as a result rolled out two-factor authentication to beef up its account security . HipChat does not offer two-factor authentication .
Kmart has suffered another credit card breachAttack.Databreach, its second in three years . This time though , its chip-and-PIN card readers significantly contained the fallout . Kmart is not saying how many of its 750 stores in the US were affected by the point-of-sale ( PoS ) malware , but it stressed that no personal data , including names , addresses , Social Security Numbers or email addresses , was stolenAttack.Databreach. It also talked up its EMV reader implementation . Kmart has EMV-enabled terminals in its stores , forcing customers with chip cards to insert their cards instead of swiping their stripes , which minimized the impact of the infection . Still , as independent researcher Brian Krebs reported , those consumers without chip cards could feel significant effects : “ The malware copiesAttack.Databreachaccount data stored on the card ’ s magnetic stripe , ” he explained . “ Armed with that information , thieves can effectively clone the cards and use them to buy high-priced merchandise from electronics stores and big box retailers. ” Several financial institutions flagged the breach to Krebs , indicating that fraud is indeed occurring as a result of the attack , though again , no details are available as to how widespread the impact is . The incident has no relation to previous breaches , the bargain retailer said in an FAQ , noting that it ’ s confident that it was successful in eradicating any residual traces of malware or persistence left behind by earlier attacks . Instead , its payment systems were infected with malware that Kmart says was “ undetectable ” by its antivirus protections . “ Does this mean that we may be dealing with an entirely new family of malware or methods of infecting POS terminals , or that the solution they were using was unable to detect the threat ? ” said Richard Henderson , Global Security Strategist , Absolute , via email . “ If the former , then it will be absolutely critical for Kmart to get information about this attack to other retailers , antivirus companies and network security appliance vendors so that everyone can both look for indicators of compromise inside their own networks and bolster defenses against this new threat. ” If a hole was simply found in KMart 's defenses , it brings up the need for a defense-in-depth approach , he added . The incident was a passing test for the PCI DSS standard of payment security as well , some said . `` This is another example what cybersecurity experts are saying day by day : no IT systems can stay safe if they hold something valuable , ” said Csaba Krasznay , product evangelist at Balabit , in a note . “ More than 10 years ago , T.J.Maxx suffered a very similar data breachAttack.Databreachwhen approximately 100 million cards data was stolenAttack.Databreach. That incident helped the drive for credit-card companies to introduce PCI DSS as a mandatory security standard for everyone who manages card data . If Kmart was really able to avoid large scale data leakage , then we can be sure that PCI DSS is mature and useful enough in these circumstances , at this point . ''
Kmart has suffered another credit card breachAttack.Databreach, its second in three years . This time though , its chip-and-PIN card readers significantly contained the fallout . Kmart is not saying how many of its 750 stores in the US were affected by the point-of-sale ( PoS ) malware , but it stressed that no personal data , including names , addresses , Social Security Numbers or email addresses , was stolenAttack.Databreach. It also talked up its EMV reader implementation . Kmart has EMV-enabled terminals in its stores , forcing customers with chip cards to insert their cards instead of swiping their stripes , which minimized the impact of the infection . Still , as independent researcher Brian Krebs reported , those consumers without chip cards could feel significant effects : “ The malware copiesAttack.Databreachaccount data stored on the card ’ s magnetic stripe , ” he explained . “ Armed with that information , thieves can effectively clone the cards and use them to buy high-priced merchandise from electronics stores and big box retailers. ” Several financial institutions flagged the breach to Krebs , indicating that fraud is indeed occurring as a result of the attack , though again , no details are available as to how widespread the impact is . The incident has no relation to previous breaches , the bargain retailer said in an FAQ , noting that it ’ s confident that it was successful in eradicating any residual traces of malware or persistence left behind by earlier attacks . Instead , its payment systems were infected with malware that Kmart says was “ undetectable ” by its antivirus protections . “ Does this mean that we may be dealing with an entirely new family of malware or methods of infecting POS terminals , or that the solution they were using was unable to detect the threat ? ” said Richard Henderson , Global Security Strategist , Absolute , via email . “ If the former , then it will be absolutely critical for Kmart to get information about this attack to other retailers , antivirus companies and network security appliance vendors so that everyone can both look for indicators of compromise inside their own networks and bolster defenses against this new threat. ” If a hole was simply found in KMart 's defenses , it brings up the need for a defense-in-depth approach , he added . The incident was a passing test for the PCI DSS standard of payment security as well , some said . `` This is another example what cybersecurity experts are saying day by day : no IT systems can stay safe if they hold something valuable , ” said Csaba Krasznay , product evangelist at Balabit , in a note . “ More than 10 years ago , T.J.Maxx suffered a very similar data breachAttack.Databreachwhen approximately 100 million cards data was stolenAttack.Databreach. That incident helped the drive for credit-card companies to introduce PCI DSS as a mandatory security standard for everyone who manages card data . If Kmart was really able to avoid large scale data leakage , then we can be sure that PCI DSS is mature and useful enough in these circumstances , at this point . ''
GameStop customers received breachAttack.Databreachnotification warnings this week , cautioning them that their personal and financial information could have been compromisedAttack.Databreachnine months ago . According to postal letters sent to customers , GameStop said an undisclosed number of online customers had their credit card or bankcard data stolenAttack.Databreach, including the card numbers , expiration dates , names , addresses and the three-digit card verification values ( CVV2 ) . The breachAttack.Databreachoccurred between Aug 10 , 2016 to Feb 9 , 2017 , according to GameStop . In April , the company publicly acknowledged the breach . But , it wasn ’ t until last week that affected customers were individually notified that their cards were likely stolenAttack.Databreach. “ I ’ m pretty upset at GameStop . I should have been notified when they knew about it in April , ” said GameStop customer Ryan Duff , a former cyber operations tactician at U.S. Cyber Command . As a security professional , he said he expected better of GameStop when it came to notifying him of a possible breachAttack.Databreachof his credit card information . Subsequently , Duff said , the card used on GameStop.com back in November had been compromisedAttack.Databreach, according to his bank . “ There is no way it should have taken months to be notified , ” he said . Breach notification laws differ from state to state . But many states , such as Massachusetts , mandate victims be notified “ as soon as practicable and without unreasonable delay ” or the company may face civil penalties . The rules are there , in part , to allow for consumers to freeze accounts and avoid paying fees associated with having their card stolen . “ After receiving a report that data from payment card used on www.GameStop.com may have been obtainedAttack.Databreachby unauthorized individuals , we immediately began an investigation and hired a leading cybersecurity firm to assist us , ” wrote J. Paul Raines , chief executive officer of GameStop in a letter dated June 2 that was sent sent to impacted customers . “ Although the investigation did not identify evidence of unauthorized accessAttack.Databreachto payment card data , we determined on April 18 , 2017 that the potential for what to have occurred existed for certain transactions , ” he wrote . GameStop operates 7,500 retail stores and its consumer product network online includes GameStop.com , game site Kongregate.com and online retailer ThinkGeek . No retail customers were impacted by the breach , according to the company . “ GameStop identified and addressed a potential security incident that was related to transactions made on GameStop ’ s website during a specific period of time , ” the company said in a statement provided to Threatpost . “ GameStop mailed notification letters to customers who made purchases during that time frame advising them of the incident and providing information on steps they can take. ” Still unknown about the breachAttack.Databreachare how many customers may have been impacted , how was the data stolenAttack.Databreachand how was GameStop alerted to the fact the data had been stolenAttack.Databreach. In April , GameStop issued the statement : “ GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. ” Krebs on Security reported in April that GameStop had received an alert from a credit card processor stating that its website was potentially comprised . Originally , it was believed that the breachAttack.Databreachinvolved GameStop retail stores and that the company ’ s point-of-sale system may have been infected with malware . That was because the breachAttack.Databreachoccurred at the height of the holiday sales season and that stolen data included card verification values ( CVV2 ) . Online merchants are not supposed to store CVV2 codes on their e-commerce sites . However , since GameStop said no retail customers were impacted , it is now believed that GameStop.com was hacked and that the data was stolenAttack.Databreachthrough the use of malware . Over the past 12 months , there has been an unprecedented number of data breachesAttack.Databreach. Some of those impacted have been ecommerce sites running vulnerable versions of Magento and WordPress and ecommerce platforms Powerfront CMS and OpenCart . Criminals have used a number of techniques to siphonAttack.Databreachoff credit card data from these sites ranging from compromised ecommerce plugins that can perform reflected XSS ( cross-site scripting ) attacks , web-based keyloggers , and DOM-based XSS attacks . Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script .
The exposed data includes names , Social Security numbers , birthdates , contact details , medical record numbers and/or clinical information . On December 21 , 2016 , Children 's Hospital Los Angeles learned that an unencrypted laptop containing patient data was stolenAttack.Databreachfrom the locked vehicle of a Children 's Hospital Los Angeles Medical Group physician on October 18 , 2016 . The laptop may have held approximately 3,600 patients ' names , birthdates , addresses , medical record numbers and some clinical information , SC Magazine reports . `` We are taking action to prevent this type of thing in the future by enhancing the encryption levels of all laptops that physicians use in the provision of care for patients , '' the hospital stated in a notification letter [ PDF ] to those affected . Separately , Delaware Insurance Commissioner Trinidad Navarro recently announced that a security breach impacted Summit Reinsurance Services and BCS Financial Corporation , both of which are subcontractors of Highmark Blue Cross Blue Shield of Delaware ( h/t Internet Health Management ) . On August 8 , 2016 , Summit discovered that a server containing customer data , including names , Social Security numbers , health insurance information , provider names and/or diagnosis and clinical information , was infected with ransomware . An investigation determined that the server was first accessed on March 12 , 2016 . The breach affects approximately 19,000 Highmark Blue Cross Blue Shield members . `` I would like to ensure Delaware consumers that the Department of Insurance takes this matter seriously and is currently investigating how this occurred , '' Navarro said in a statement . While Summit sent notification letters to those affected , Navarro noted that many customers may have discarded the letter assuming it was a sales pitch , since they were customers of Highmark Blue Cross Blue Shield , not Summit . And CoPilot Provider Support Services recently announced that one of its databases used by healthcare professionals to determine whether treatments will be covered by insurance was accessedAttack.Databreachin October 2015 , potentially exposing approximately 220,000 patients ' names , genders , birthdates , addresses , phone numbers , health insurers , and in some cases Social Security numbers . It 's not clear why it took the company more than a year to notify those affected . `` We are taking steps to address the situation and to further protect against a similar incident in the future , including utilizing enhanced verification , enhanced encryption and implementing increased security audit activity , '' CoPilot said in a notification letter [ PDF ] to those affected . Last spring , a Ponemon Institute survey found that 79 percent of healthcare organizations experienced two or more data breachesAttack.Databreachin the past two years , and 45 percent experienced five or more breaches . Over the past two years , the survey found , the average cost of a data breachAttack.Databreachto a healthcare organization was more than $ 2.2 million . `` In the last six years of conducting this study , it 's clear that efforts to safeguard patient data are not improving , '' Ponemon Institute chairman and founder Dr. Larry Ponemon said at the time .
Unfortunately , Yahoo did n't , according to a new internal investigation . The internet pioneer , which reported a massive data breachAttack.Databreachinvolving 500 million user accounts in September , actually knew an intrusionAttack.Databreachhad occurred back in 2014 , but allegedly botched its response . The findings were made in a Yahoo securities exchange filing on Wednesday that offered more details about the 2014 breach , which the company has blamed on a state-sponsored hacker . That breachAttack.Databreach, which only became public last year , involved the theftAttack.Databreachof user account details such as email addresses , telephone numbers , and hashed passwords . After Yahoo went public with it , the company established an independent committee to investigate the matter . The committee found that Yahoo ’ s security team and senior executives actually knew that a state-sponsored actor had hacked certain user accounts back in 2014 , according to the filing . But even as the company took some remedial actions , such as notifying 26 users targeted in the hack and adding new security features , some senior executives allegedly failed to comprehend or investigate the incident further . For instance , in December 2014 , Yahoo 's security team knew the state-sponsored actor had stolenAttack.Databreachcopies of backup files that contained users ' personal data . But it 's unclear whether this information was ever `` effectively communicated and understood '' outside the security team , Wednesday 's filing said . No intentional suppression of information was found , although Yahoo 's legal team had enough reason to investigate the breaches further , the committee concluded . `` As a result , the 2014 security Incident was not properly investigated and analyzed at the time , '' the filing said . It was only about two years later when Yahoo publicly disclosed the breach . That came after a stolen database from the company allegedly went upAttack.Databreachfor sale on the black market . However , after Yahoo disclosed the breachAttack.Databreach, a few months later , the company learned of an even bigger hackAttack.Databreachthat involved 1 billion Yahoo user accounts and further rocked the company 's reputation . That breachAttack.Databreachoriginally occurred in August 2013 but wasn ’ t noticed until law enforcement provided Yahoo with a copy of the stolen data last November . According to Wednesday 's filing , Yahoo still hasn ’ t learned how this data was stolenAttack.Databreach, although it appears to be separate from the 2014 breach . In addition , the company has been investigating an another incident involving a hacker forging cookies as a way to break into user accounts . Wednesday 's filing said that about 32 million user accounts were affected .