The Legislative Council has decided to take action on the massive data breach Attack.Databreach at Cathay Pacific Airways , which has affected the personal information of as many as 9.4 million customers . Amid calls for more stringent regulations on personal data protection , lawmaker Horace Cheung Kwok-kwan from the Democratic Alliance for the Betterment and Progress of Hong Kong said Legco will hold a special meeting on Nov 14 to thoroughly discuss how to prevent similar incidents from happening again through regulatory approaches . According to Cheung , the meeting will be attended by members of the Legco Panel on Constitutional Affairs , which he chairs , Panel on Security and Panel on Information Technology and Broadcasting , as well as representatives from the airline , the Hong Kong Economic Journal reported . Secretary for Constitutional and Mainland Affairs Patrick Nip Tak-kuen and Privacy Commissioner for Personal Data Stephen Wong Kai-yi have also agreed to join the discussions , he added . Cheung said quite a number of his colleagues have expressed concerns about the fact that the existing regulations on online privacy have failed to advance with the time , and want to know the view of the authorities on reforming them . Cathay revealed on Oct 23 that it discovered suspicious activity on its computer network in early March and confirmed in early May that personal data of its customers were accessed Attack.Databreach with no authorization . The data included passenger name , nationality , date of birth , phone number , email , physical addresses , passport number , identity card number , frequent flyer program membership number , customer service remarks , and historical travel information , along with the numbers of hundreds of credit cards . On Monday morning , eight officers from the police ’ s Cyber Security and Technology Crime Bureau went to Cathay City , the airline ’ s headquarters at the Hong Kong International Airport in Chek Lap Kok , to conduct an investigation . With the presence of a Cathay-appointed lawyer , the officers examined some servers before they left about two hours later without taking away any items as evidence . It is understood that the police force has instructed all of its districts to pay attention to cases that may be connected to the data breach Attack.Databreach or those resulting in material losses . Meanwhile , Wong told a radio program on Monday that his office , the next day after the airline unveiled it , sent an initial questionnaire , asking Cathay for an explanation within 10 days .

HONG KONG ( REUTERS ) - Cathay Pacific Airways said on Wednesday ( Oct 24 ) that data of about 9.4 million passengers of Cathay and its unit Hong Kong Dragon Airlines had been accessed Attack.Databreach without authorisation . Cathay said 860,000 passport numbers , about 245,000 Hong Kong identity card numbers , 403 expired credit card numbers and 27 credit card numbers with no card verification value ( CVV ) were accessed Attack.Databreach in the breach Attack.Databreach . `` We are very sorry for any concern this data security event may cause our passengers , '' Cathay Pacific chief executive Rupert Hogg said in a statement . `` We acted immediately to contain the event , commence a thorough investigation with the assistance of a leading cyber-security firm , and to further strengthen our IT security measures . '' Mr Hogg said no passwords were compromised Attack.Databreach in the breach Attack.Databreach and the company was contacting affected passengers to give them information on how to protect themselves . Cathay Pacific was not immediately available for additional comment outside normal business hours . The company said it initially discovered suspicious activity on its network in March this year , and investigations in early May confirmed that certain personal data had been accessed Attack.Databreach . News of Cathay 's passenger data breach Attack.Databreach comes weeks after British Airways revealed that credit card details of hundreds of thousands of its customers were stolen Attack.Databreach over a two-week period . Cathay said in a statement that accessed Attack.Databreach data includes names of passengers , their nationalities , dates of birth , telephone numbers , e-mail and physical addresses , passport numbers , identity card numbers and historical travel information . It added that the Hong Kong Police had been notified about the breach Attack.Databreach and that there is no evidence any personal information has been misused .

A response to a phishing email has resulted in the PHI of 2,789 Kaleida Health patients being made accessible Attack.Databreach to cybercriminals . Kaleida Health discovered the attack on May 24 , 2017 , prompting a full investigation which involved hiring a third-party computer forensic firm . An analysis of its systems showed that by responding to the phishing email , the employee had provided access Attack.Databreach to his/her email account . While access Attack.Databreach to Kaleida Health ’ s EHR was not gained Attack.Databreach , the email account contained a range of protected health information of a small subset of its patients . The types of data in the account varied for each patient , but may have included names , dates of birth , medical record numbers , diagnoses , treatment and other clinical data . However , no financial information or Social Security numbers were exposed Attack.Databreach at any time . While access Attack.Databreach to the email account was possible , no evidence was uncovered to suggest that the emails were accessed Attack.Databreach or any protected health information was viewed or copied Attack.Databreach . However , since the possibility of data access could not be ruled out with a high degree of certainty , all affected patients have been notified of the incident by mail . Phishing Attack.Phishing has grown to be one of the most serious threats to healthcare organizations . As we have already seen this year , record numbers of successful W-2 phishing attacks Attack.Phishing have been reported and many healthcare employees have fallen for these phishing scams Attack.Phishing . Providing security awareness training to employees can help to reduce risk , although a single training session every year is no longer sufficient . Training must be an ongoing process .

On April 14 , the company disclosed to the California attorney general that a December 2015 breach Attack.Databreach compromised Attack.Databreach more sensitive information than first thought . It also disclosed new attacks Attack.Databreach from earlier this year that exposed Attack.Databreach names , contact information , email addresses and purchase histories , although the retailer says it repelled most of the attacks . The dual notifications mark the latest problems for the company , which disclosed in early 2014 that its payment systems were infected with malware that stole Attack.Databreach 350,000 payment card details . Over the past few years , retailers such as Target , Home Depot and others have battled to keep their card payments systems malware-free ( see Neiman Marcus Downsizes Breach Estimate ) . The 2015 incident started around Dec 26 . In a notification to California about a month later , the retailer said it was believed attackers cycled through login credentials that were likely obtained Attack.Databreach through other data breaches Attack.Databreach . A total of 5,200 accounts were accessed Attack.Databreach , and 70 of those accounts were used to make fraudulent purchases . Although email addresses and passwords were not exposed Attack.Databreach , the original notification noted , access Attack.Databreach to the accounts would have revealed names , saved contact information , purchase histories and the last four digits of payment card numbers . The affected websites included other brands run by Neiman Marcus , including Bergdorf Goodman , Last Call , CUSP and Horchow . According to its latest notification , however , Neiman Marcus Group now says full payment card numbers and expiration dates were exposed Attack.Databreach in the 2015 incident Attack.Databreach . The latest attack disclosed by Neiman Marcus Group , which occurred around Jan 17 , mirrors the one from December 2015 . It affects the websites of Neiman Marcus , Bergdorf Goodman , Last Call , CUSP , Horchow and a loyalty program called InCircle . Again , the company believes that attackers recycled other stolen credentials in an attempt to see which ones still worked on its sites . It appears that some of the credentials did unlock accounts . The breach Attack.Databreach exposed Attack.Databreach names , contact information , email addresses , purchase histories and the last four digits of payment card numbers . It did n't specify the number of accounts affected . The attackers were also able to access Attack.Databreach some InCircle gift card numbers , the company says . Web services can slow down hackers when suspicious activity is noticed , such as rapid login attempts from a small range of IP addresses . Those defensive systems can be fooled , however , by slowing down login attempts and trying to plausibly geographically vary where those attempts originate . For those affected by the January incident , Neimen Marcus Group is enforcing a mandatory password reset . It 's an action that 's not undertaken lightly for fear of alienating users , but it 's a sign of how serious a service feels the risk is to users or customers . The company also is offering those affected a one-year subscription to an identity theft service .

DocuSign , a major provider of electronic signature technology , acknowledged today that a series of recent malware phishing attacks Attack.Phishing targeting its customers and users was the result of a data breach Attack.Databreach at one of its computer systems . The company stresses that the data stolen Attack.Databreach was limited to customer and user email addresses , but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign . San Francisco-based DocuSign warned on May 9 that it was tracking Attack.Phishing a malicious email campaign where the subject line reads , “ Completed : docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature. ” The missives contained a link to a downloadable Microsoft Word document that harbored malware . The company said at the time that the messages were not associated with DocuSign , and that they were sent from Attack.Phishing a malicious third-party using DocuSign branding in the headers and body of the email . But in an update late Monday , DocuSign confirmed that this malicious third party was able to send Attack.Phishing the messages to customers and users because it had broken in and stolen Attack.Databreach DocuSign ’ s list of customers and users . “ As part of our ongoing investigation , today we confirmed that a malicious third party had gained temporary access Attack.Databreach to a separate , non-core system that allows us to communicate service-related announcements to users via email , ” DocuSign wrote in an alert posted to its site . “ A complete forensic analysis has confirmed that only email addresses were accessed Attack.Databreach ; no names , physical addresses , passwords , social security numbers , credit card data or other information was accessed Attack.Databreach . No content or any customer documents sent through DocuSign ’ s eSignature system was accessed Attack.Databreach ; and DocuSign ’ s core eSignature service , envelopes and customer documents and data remain secure. ” The company is asking people to forward any suspicious emails related to DocuSign to spam @ docusign.com , and then to delete the missives . “ They may appear suspicious because you don ’ t recognize the sender , weren ’ t expecting a document to sign , contain misspellings ( like “ docusgn.com ” without an ‘ i ’ or @ docus.com ) , contain an attachment , or direct you to a link that starts with anything other than https : //www.docusign.com or https : //www.docusign.net , ” reads the advisory . If you have reason to expect a DocuSign document via email , don ’ t respond to an email that looks like Attack.Phishing it ’ s from DocuSign by clicking a link in the message . When in doubt , access your documents directly by visiting docusign.com , and entering the unique security code included at the bottom of every legitimate DocuSign email . DocuSign says it will never ask recipients to open a PDF , Office document or ZIP file in an email . DocuSign was already a perennial target for phishers and malware writers , but this incident is likely to intensify attacks against its users and customers . DocuSign says it has more than 100 million users , and it seems all but certain that the criminals who stole Attack.Databreach the company ’ s customer email list are going to be putting it to nefarious use for some time to come .

News Corp is a network of leading companies in the worlds of diversified media , news , education , and information services . Addresses , names and phone numbers for staff were accessed Attack.Databreach in the data breach Attack.Databreach SPORTS Direct failed to tell its workers about a major data breach Attack.Databreach that saw personal information accessed Attack.Databreach by hackers . A cyber attacker gained access Attack.Databreach to internal systems containing details for phone numbers , names and home and email addresses of the retail giant's 30,000 staff members . But according to The Register , workers still have n't been told about the breach Attack.Databreach , which took place in September . Sports Direct discovered the attack Attack.Databreach three months later after a phone number was left Attack.Databreach on the company 's internal site with a message encouraging bosses to make contact . Chiefs filed a report with the Information Commissioner 's office after it became aware that personal information had been compromised Attack.Databreach . But as there was no evidence the data had been shared Attack.Databreach , Sports Direct did n't report the breach Attack.Databreach to staff . The blunder is the latest in a string of controversies surrounding the sporting goods retailer . Allegations also surfaced of some workers being promised permanent contracts in exchange for sexual favours . Committee chairman Iain Wright said evidence heard by MPs last year suggested Sports Direct 's working practices `` are closer to that of a Victorian workhouse than that of a modern , reputable High Street retailer '' . In November , six MPs from the Business and Skills Committee said attempts were made to record their private discussions when they visited Sport Direct to investigate working practices . A spokesman for Sports Direct said : `` We can not comment on operational matters in relation to cyber-security for obvious reasons .