without authorisation . Cathay said 860,000 passport numbers , about 245,000 Hong Kong identity card numbers , 403 expired credit card numbers and 27 credit card numbers with no card verification value ( CVV ) were accessedAttack.Databreachin the breachAttack.Databreach. `` We are very sorry for any concern this data security event may cause our passengers , '' Cathay Pacific chief executive Rupert Hogg said in a statement . `` We acted immediately to contain the event , commence a thorough investigation with the assistance of a leading cyber-security firm , and to further strengthen our IT security measures . '' Mr Hogg said no passwords were compromisedAttack.Databreachin the breachAttack.Databreachand the company was contacting affected passengers to give them information on how to protect themselves . Cathay Pacific was not immediately available for additional comment outside normal business hours . The company said it initially discovered suspicious activity on its network in March this year , and investigations in early May confirmed that certain personal data had been accessedAttack.Databreach. News of Cathay 's passenger data breachAttack.Databreachcomes weeks after British Airways revealed that credit card details of hundreds of thousands of its customers were stolenAttack.Databreachover a two-week period . Cathay said in a statement that accessedAttack.Databreachdata includes names of passengers , their nationalities , dates of birth , telephone numbers , e-mail and physical addresses , passport numbers , identity card numbers and historical travel information . It added that the Hong Kong Police had been notified about the breachAttack.Databreachand that there is no evidence any personal information has been misused .
Six million of Verizon 's US customers had their personal and account information exposedAttack.Databreach, including PIN numbers . Verizon Communications suffered a major data leakAttack.Databreachdue to a misconfigured cloud server that exposedAttack.Databreachdata on 6 million of its customers . The leak was the result of its third-party provider NICE Systems incorrectly configuring Verizon 's cloud-based file repository housed in an Amazon Web Services S3 bucket on NICE 's cloud server , according to UpGuard , which issued a report on the breach today . Verizon customer names , addresses , account information , including account personal identification numbers ( PINs ) , were compromisedAttack.Databreach. UpGuard in its data estimated that up to 14 million customer records were exposedAttack.Databreach, but Verizon stated that data on 6 million of its users was affected . In one file alone , there were 6,000 PINs that were publicly exposedAttack.Databreach, according to Dan O'Sullivan , a cyber resilience analyst for UpGuard . What 's unique about this leakAttack.Databreachis that it was not just personal data that was publicly exposedAttack.Databreachbut also PINs , according to O'Sullivan . `` The PINs are used to identify a customer to a customer care person , '' O'Sullivan says , noting that an attacker could impersonate the user by using the PIN and then gain access to that individual 's account . Verizon issued a statement acknowledging the public exposureAttack.Databreachof its customer data , but stressed that no loss or theftAttack.Databreachof Verizon or Verizon customer information occurred . The telecom giant also noted : `` To the extent PINs were included in the data set , the PINs are used to authenticate a customer calling our wireline call center , but do not provide online access to customer accounts , '' Verizon stated . `` An employee of one of our vendors put information into a cloud storage area and incorrectly set the storage to allow external access , '' Verizon said . How it Went Down NICE was hired to help Verizon improve its residential and small business wireline self-service call center portal , according to Verizon 's statement . As part of this project , NICE needed certain data that included a limited amount of personal and cell phone number information . None of the information stored for the project included social security numbers , according to Verizon . Meanwhile , on June 8 , UpGuard 's cyber risk research director Chris Vickery came across the AWS S3 data repository and its subdomain `` verizon-sftp . '' The repository held six folders with titles spanning `` Jan-2017 '' to `` June-2017 '' and a number of other files with a .zip format . Vickery was able to fully download the repository because it was configured to be publicly accessible to anyone entering the S3 URL . Following the discovery , UpGuard contacted Verizon on June 13 to inform the telecom giant of the data leakageAttack.Databreachand then on June 22 the exposure was sealed up , according to UpGuard 's report . `` There was a fairly long duration of time before it was fixed , which is troubling , '' O'Sullivan says . Verizon is not the first company to encounter data leakageAttack.Databreachas a result of permissions set to public rather than private on Amazon 's S3 bucket . Earlier this year , UpGuard also discovered a similar situation that involved the Republican National Committee ( RNC ) , which left millions of voter records exposedAttack.Databreachon the cloud account . As in the Verizon case , the RNC relied on a third party vendor to handle its cloud storage needs and it too used Amazon 's AWS S3 . That third-party also improperly set the database to public rather than private . `` The number one thing to keep in mind if you are a CISO is evaluating your third-party vendors . You can have the best security in the world and the best visibility into your systems , but if you pass it onto a third-party vendor without checking out how well they handle their security , then you have done that all in vain , '' O'Sullivan says . `` Verizon did not own the server that was involved here , but it will own the consequences . '' Rich Campagna , CEO of Bitglass , stressed the importance of security teams ensuring services used are configured securely . `` This massive data leakAttack.Databreachcould have been avoided by using specific data-centric security tools , which can ensure appropriate configuration of cloud services , deny unauthorized accessAttack.Databreach, and encrypt sensitive data at rest , '' Campagna said in a statement .
Derek Bradley , head of Panacea , an online community of 17,000 financial services professionals , has warned that phishing emails have been sent outAttack.Phishingthat are purporting to beAttack.Phishingfrom him . Mr Bradley originally became a victim of a cyber attackAttack.Databreachback in September when his emails were compromisedAttack.Databreach. He warned that all emails received fromAttack.Phishinghim to undisclosed recipients over the past seven months were not sentAttack.Phishingfrom his system . In a message sent out yesterday ( 22 March ) , he said : “ We are in the process of trying to work out the best course of action to ensure this stops happening , but it is difficult as I have no control over what is being sent and by whom . “ I do apologise again for any inconvenience caused to you . We will hopefully find a resolution to this issue as soon as possible ” . Mr Bradley also warned that the hackers are continuing to try and get access to other contact lists , and told advisers to ignore emails to undisclosed recipients . The government is facing calls to create a single point of responsibility to deal with cyber risk in the financial services sector amid concerns over accountability . Today ( 23 March ) Andrew Tyrie , chairman of the Treasury select committee , wrote to chancellor Philip Hammond claiming a lack of coordination in the current cyber security system could leave the banking industry ’ s IT systems vulnerable to attack . My Tyrie said the present arrangement , in which both a director-level group and a governance framework can serve as a single point to address cyber issues , resembles the `` catastrophically inadequate '' tripartite authorities that were set up to monitor system risk in banking in 1997 .
Payday loan firm Wonga has suffered a data breachAttack.Databreachaffecting up to 245,000 customers in the U.K. A further 25,000 customers in Poland may also be affected , according to the BBC . It says it does not believe customers ’ Wonga account passwords were compromisedAttack.Databreachbut suggests concerned users change their password anyway . Wonga is warning affected customers to be “ extra vigilant ” and to alert their bank of potential risk — though it says it will also be contacting financial institutions about the breach . We ’ ve reached out to Wonga with questions and will update this story with any response . Update : In a statement a spokesperson for the company told us : “ Wonga is urgently investigating illegal and unauthorised accessAttack.Databreachto the personal data of some of its customers in the UK and Poland . We are working closely with authorities and we are in the process of informing affected customers . According to The Guardian , the company became aware of a problem last week but only realized on Friday that data could be accessedAttack.Databreachexternally , and only started contacting affected customers on Saturday . The U.K. ’ s data protection regulator , the ICO , has apparently been informed of the breach — although it ’ s unclear when . An ICO spokesperson did not respond to the question , providing this statement instead : “ All organisations have a responsibility to keep customers ’ personal information secure . Where we find this has not happened , we can investigate and may take enforcement action ” . Back in 2014 the company had to write down $ 340 million in unpaid loans , following an investigation by the U.K. ’ s Competition and Markets Authority over its lending practices . It was also fined by the regulator for sendingAttack.Phishingfake lawyers ’ letters to customers in arrears . Although Wonga attracted substantial tech investment for a real-time automated decision-making platform for affordability checks , it ended up having to write off the loans of 330,000 customers , and waive the interest and fees for a further 45,000 — raising questions about the efficacy of its algorithms . Tightened criteria on short-term loans by the U.K. financial regulator ultimately shrunk the size of Wonga ’ s business , which saw losses double in 2015 — to £80.2 million .
Regulators and medical-device-makers are bracing for an expected barrage of hacking attacks even as legal and technical uncertainties leave them in uncharted territory . Tens of millions of electronic health records have been compromisedAttack.Databreachin recent years , a number that is growing and , some say , underreported . High-profile attacks have hit hospitals and health insurers , and now attention is turning to a new vulnerability : medical devices like pacemakers and insulin pumps . The Food and Drug Administration ( FDA ) has become increasingly concerned about the issue and is working to coordinate with other agencies on how to respond if a serious medical device hack were to occur . There have been rumblings over cybersecurity for years . More than 113 million personal health records were compromisedAttack.Databreachin 2015 , according to provider data reported to the Department of Health and Human Services ( DHS ) , nine times as many as in 2014 . Last fall , Johnson & Johnson had to tellVulnerability-related.DiscoverVulnerabilityits customers that its insulin pumps had a security vulnerability that hackers could use to access the device and cause a potentially fatal overdose of insulin . `` In just the last few years , we 've seen more than a hundred million health records of American citizens breachedAttack.Databreachin a couple of well-publicized incidents , '' Terry Rice , vice president of IT risk management and chief information security officer at Merck & Company , told the Energy and Commerce Oversight and Investigations Subcommittee last week .
In the wake of a weekend cyber attack , ECMC officials say the hospital ’ s IT staff discovered the virus and shut down the hospital ’ s computer network , before it could infect their files . ECMC spokesman Peter Cutler said , State Police and the FBI are investigating . “ We do know that a virus was launched into our system and the good news , again , is that we reacted to it immediately. ” With the medical center ’ s computer network still offline , ECMC is conducting business the old fashioned way , on paper—no website , no email—and Cutler says they don ’ t believe patient files were compromisedAttack.Databreachin any way . “ Through the assessments that we have been running , we have seen no indication that there has been a compromiseAttack.Databreachof patient health information. ” Investigators would not say how hackers attacked ECMC ’ s computers , but authorities in the field of cyber security say , this attempted intrusion has all the hallmarks of ransomware . University at Buffalo cyber security expert Arun Vishwanath says ransomware attacksAttack.Ransomhave grown exponentially in the last two years , and likens them to Internet extortionAttack.Ransom. “ They are very successful , and so that is why we are seeing an exponential growth in ransomware attacksAttack.Ransom. We are talking about somewhere between 5,000 attacks per day that are reported–let alone the ones that are not even reported. ” Vishwanath says ransomware attacksAttack.Ransomare big reward low risk ventures , since the hackers are usually from other countries , and rarely get caught . Unwitting victims download an infected attachment from an email and the virus spreads quickly . “ The moment you click on the malware , this malware basically locks down your computer , and all the files in it , and any file that is connected to any other computer that you are connected to . So this can spread through your network in minutes. ” The hacker then demandsAttack.Ransomthe target pay a ransomAttack.Ransomto get their files unencrypted , and in just about every ransomware attackAttack.Ransom, the hackers cover their tracks by demanding paymentAttack.Ransomin bitcoin–a virtual currency that is hard , if not impossible to trace . Once the ransom is paidAttack.Ransom, the hackers send their victim an electronic key to unlock their encrypted files , but if the payment is not made within a certain time frame the hacked files are lost forever .
TORONTO , April 19 ( Reuters ) - Global hotel chain InterContinental Hotels Group Plc said 1,200 of its franchised hotels in the United States , including Holiday Inn and Crowne Plaza , were victims of a three-month cyber attackAttack.Databreachthat sought to stealAttack.Databreachcustomer payment card data . The company declined to say how many payment cards were stolenAttack.Databreachin the attackAttack.Databreach, the latest in a hacking spreeAttack.Databreachon prominent hospitality companies including Hyatt Hotels Corp , Hilton , and Starwood Hotels , now owned by Marriott International Inc . The breachAttack.Databreachlasted from September 29 to December 29 , InterContinental spokesman Neil Hirsch said on Wednesday . He declined to say if losses were covered by insurance or what financial impact the hackingAttack.Databreachmight have on the hotels that were compromisedAttack.Databreach, which also included Hotel Indigo , Candlewood Suites and Staybridge Suites properties . The malware searched for track dataAttack.Databreachstored on magnetic stripes , which includes name , card number , expiration date and internal verification code , the company said . Hotel operators have become popular targets because they are easier to breachAttack.Databreachthan other businesses that store credit card numbers as they have limited knowledge in defending themselves against hackers , said Itay Glick , chief executive of Israeli cyber-security company Votiro . `` They do n't have massive data centers like banks which have very secure systems to protect themselves , '' said Glick . InterContinental declined to say how many franchised properties it has in the United States , which is part of its business unit in the Americas with 3,633 such properties . In February , InterContinental said it had been victim of a cyber attack , but at that time said that only 12 of its 286 managed properties in the Americas were infected with malware .
Online gaming company Reality Squared Games ( R2Games ) has been compromisedAttack.Databreachfor the second time in two years , according to records obtainedAttack.Databreachby the for-profit notification service LeakBase . The hacker who shared the data with LeakBase says the attackAttack.Databreachhappened earlier this month . Headquartered in Shenzhen , China , R2Games operates a number of free-to-play , micropayment-driven games on iOS and Android , as well as modern browsers . The company currently supports 19 online games , and claims over 52 million players . In December of 2015 , stretching into July of 2016 , more than 22 million R2Games accounts were compromisedAttack.Databreach, exposingAttack.DatabreachIP addresses , easily cracked passwords , email addresses , and usernames . The company denied the breach reports , telling one customer that `` R2Games is safe and secured , and far from being hackedAttack.Databreach. '' The hacker claims all forums were compromisedAttack.Databreach, in addition to the Russian version of r2games.com . The latest record set includes usernames , passwords , email addresses , IP addresses , and other optional record fields , such as instant messenger IDs , birthday , and Facebook related details ( ID , name , access token ) . LeakBase shared the most recent records with Troy Hunt , a security researcher and owner of the non-profit breach notification website `` Have I Been Pwned ? '' ( HIBP ) . Hunt checked the data by testing a small sample of email addresses and usernames against the password reset function on R2Games . Every address checked was confirmed as an existing account . From there , Hunt did some number crunching . There were 5,191,898 unique email addresses in the data shared by LeakBase . However , 3,379,071 of those email addresses were using mail.ar.r2games.com or mail.r2games.com ; and another 789,361 looked generated , as they were all [ number ] @ vk.com addresses . LeakBase speculates that the r2games.com addresses are the result of registrations from third-party services . After stripping the questionable addresses Hunt was left with 1,023,466 unique email addresses to load into HIBP . Of this set , 482,074 have been seen before in other breaches , leaving 541,392 new entries for his index – and new notifications for 1,105 subscribers . When asked about the passwords , Hunt told Salted Hash many of them are MD5 with no salt , but a large number of them have a hash corresponding to the password `` admin '' and a few hundred thousand others are using the plain text word `` sync '' . `` The observation I 'd make here is that clearly , they do n't seem to be learning from previous failures . The prior incident should really have been a wake-up call and to see a subsequent breach not that long after is worrying . Perhaps the prior denials are evidence that they just do n't see the seriousness in security , '' Hunt said , when asked his opinion about the latest R2Games data breachAttack.Databreach. Salted Hash reached out to R2Games , but the company did n't respond to questions . Emails were sent to support , as well as recruiting and sales , on the off chance someone could direct them to the proper resources . For their part , LeakBase said since this data breachAttack.Databreachis n't in the public domain , they will not add the records to their service and it will not be searchable . However , they do plan to email impacted users and inform them of the incident . HIBP has been updated , and those changes are live now . If you 're an R2Games player , it might be wise to change your password and make sure the old password is n't used on any other websites . Also , keep an eye out for gaming related offers and emails , as well as `` notifications '' from domains that are n't related to R2Games itself - as those could be scammers looking to cash-in on the breach . While the hacked data is n't public yet , there 's nothing preventing the person who shared it with LeakBase from selling it or trading it .
Online gaming company Reality Squared Games ( R2Games ) has been compromisedAttack.Databreachfor the second time in two years , according to records obtainedAttack.Databreachby the for-profit notification service LeakBase . The hacker who shared the data with LeakBase says the attackAttack.Databreachhappened earlier this month . Headquartered in Shenzhen , China , R2Games operates a number of free-to-play , micropayment-driven games on iOS and Android , as well as modern browsers . The company currently supports 19 online games , and claims over 52 million players . In December of 2015 , stretching into July of 2016 , more than 22 million R2Games accounts were compromisedAttack.Databreach, exposingAttack.DatabreachIP addresses , easily cracked passwords , email addresses , and usernames . The company denied the breach reports , telling one customer that `` R2Games is safe and secured , and far from being hackedAttack.Databreach. '' The hacker claims all forums were compromisedAttack.Databreach, in addition to the Russian version of r2games.com . The latest record set includes usernames , passwords , email addresses , IP addresses , and other optional record fields , such as instant messenger IDs , birthday , and Facebook related details ( ID , name , access token ) . LeakBase shared the most recent records with Troy Hunt , a security researcher and owner of the non-profit breach notification website `` Have I Been Pwned ? '' ( HIBP ) . Hunt checked the data by testing a small sample of email addresses and usernames against the password reset function on R2Games . Every address checked was confirmed as an existing account . From there , Hunt did some number crunching . There were 5,191,898 unique email addresses in the data shared by LeakBase . However , 3,379,071 of those email addresses were using mail.ar.r2games.com or mail.r2games.com ; and another 789,361 looked generated , as they were all [ number ] @ vk.com addresses . LeakBase speculates that the r2games.com addresses are the result of registrations from third-party services . After stripping the questionable addresses Hunt was left with 1,023,466 unique email addresses to load into HIBP . Of this set , 482,074 have been seen before in other breaches , leaving 541,392 new entries for his index – and new notifications for 1,105 subscribers . When asked about the passwords , Hunt told Salted Hash many of them are MD5 with no salt , but a large number of them have a hash corresponding to the password `` admin '' and a few hundred thousand others are using the plain text word `` sync '' . `` The observation I 'd make here is that clearly , they do n't seem to be learning from previous failures . The prior incident should really have been a wake-up call and to see a subsequent breach not that long after is worrying . Perhaps the prior denials are evidence that they just do n't see the seriousness in security , '' Hunt said , when asked his opinion about the latest R2Games data breachAttack.Databreach. Salted Hash reached out to R2Games , but the company did n't respond to questions . Emails were sent to support , as well as recruiting and sales , on the off chance someone could direct them to the proper resources . For their part , LeakBase said since this data breachAttack.Databreachis n't in the public domain , they will not add the records to their service and it will not be searchable . However , they do plan to email impacted users and inform them of the incident . HIBP has been updated , and those changes are live now . If you 're an R2Games player , it might be wise to change your password and make sure the old password is n't used on any other websites . Also , keep an eye out for gaming related offers and emails , as well as `` notifications '' from domains that are n't related to R2Games itself - as those could be scammers looking to cash-in on the breach . While the hacked data is n't public yet , there 's nothing preventing the person who shared it with LeakBase from selling it or trading it .
Northrop Grumman has admitted one of its internal portals was broken into , exposingAttack.Databreachemployees ' sensitive tax records to miscreants . In a letter [ PDF ] to workers and the California Attorney General 's office , the aerospace contractor said that between April 18 , 2016 and March 29 , 2017 , crooks infiltrated the website , allowing them to accessAttack.Databreachstaffers ' W-2 paperwork for the 2016 tax year . These W-2 forms can be used by identity thieves to claim tax rebates owed to employees , allowing the crims to pocket victims ' money . The corp sent out its warning letters on April 18 , the last day to file 2016 tax returns . `` The personal information that may have been accessedAttack.Databreachincludes your name , address , work email address , work phone number , Social Security number , employer identification number , and wage and tax information , as well as any personal phone number , personal email address , or answers to customized security questions that you may have entered on the W-2 online portal , '' the contractor told its employees . The Stealth Bomber maker says it will provide all of the exposed workers with three years of free identity-theft monitoring services . Northrop Grumman has also disabled access to the W-2 portal through any method other than its internal single sign-on tool . The aerospace giant said it farmed out its tax portal to Equifax Workforce Solutions , which was working with the defense giant to get to the bottom of the intrusion . `` Promptly after confirming the incident , we worked with Equifax to determine the details of the issue , '' Northrop told its teams . `` Northrop Grumman and Equifax are coordinating with law enforcement authorities to assist them in their investigation of recent incidentsAttack.Databreachinvolving unauthorized actors gaining accessAttack.Databreachto individuals ’ personal information through the W-2 online portal . '' According to Equifax , the portal was accessedAttack.Databreachnot by hackers but by someone using stolen login details . `` We are investigating alleged unauthorized accessAttack.Databreachto our online portal where a person or persons using stolen credentials accessedAttack.DatabreachW-2 information of a limited number of individuals , '' an Equifax spokesperson told El Reg on Monday . `` Based on the investigation to date , Equifax has no reason to believe that its systems were compromisedAttack.Databreachor that it was the source of the information used to gain accessAttack.Databreachto the online portal . ''
Google said it has disabled offending accounts involved in a widespread spree of phishing emails today impersonatingAttack.PhishingGoogle Docs . The emails , at the outset , targeted journalists primarily and attempted to trickAttack.Phishingvictims into granting the malicious application permission to access the user ’ s Google account . It ’ s unknown how many accounts were compromisedAttack.Databreach, or whether other applications are also involved . Google advises caution in clicking on links in emails sharing Google Docs . The messages purport to be fromAttack.Phishinga contact , including contacts known to the victim , wanting to share a Google Doc file . Once the “ Open in Docs ” button is clicked , the victim is redirected to Google ’ s OAUTH2 service and the user is prompted to allow the attacker ’ s malicious application , called “ Google Docs , ” below , to access their Google account and related services , including contacts , Gmail , Docs and more . “ We have taken action to protect users against an email impersonatingAttack.PhishingGoogle Docs , and have disabled offending accounts , ” a Google spokesperson told Threatpost . “ We ’ ve removed the fake pages , pushedVulnerability-related.PatchVulnerabilityupdates through Safe Browsing , and our abuse team is working to prevent this kind of spoofingAttack.Phishingfrom happening again . We encourage users to report phishing emails in Gmail. ” OAUTH is an authentication standard that allows a user to authorize third party applications access to an account . The attempt to steal OAUTH tokens is a departure from traditional phishing attacksAttack.Phishingthat target passwords primarily . Once the attacker has accessAttack.Databreachto the victim ’ s account , the phishing message is sentAttack.Phishingalong to the compromised contact list . While this attack is likely the work of a spammer , nation-state attackers including APT28 , aka Fancy Bear or Sofacy , have made use of this tactic . APT28 has been linked to last summer’s attacksAttack.Phishingattempting to influence the U.S. presidential elections . The group has long been targeting political entities , including NATO , and uses phishing emails , backdoors and data-stealing malware to conduct espionage campaigns against its targets . “ I don ’ t believe they are behind this though because this is way too widespread , ” said Jaime Blasco , chief scientist at AlienVault . “ Many people and organizations have received similar attempts , so this is probably something massive and less targeted . ”
Last week , the Internal Revenue Service ( IRS ) issued a new warning to employers , urging them to stay alert as reports of compromised W-2 records started to climb . This newest advisory aligns with the agency 's plan to delay refunds for those filing their returns early in order to combat identity theft and fraud . The IRS also informed employers the W-2 scam has moved beyond corporations , expanding to include schools , tribal organizations , and nonprofits . In a statement , IRS Commissioner , John Koskinen , said the scams - sometimes known as Business Email Compromise (BEC) attacksAttack.Phishing- are some of the most dangerous email scams the agency has seen in a long time . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . `` It can result in the large-scale theft of sensitive dataAttack.Databreachthat criminals can use to commit various crimes , including filing fraudulent tax returns . We need everyone ’ s help to turn the tide against this scheme , '' Koskinen said . In 2016 , at least 145 organizations fell victim to BEC scamsAttack.Phishing, exposing tens of thousands of employees to tax fraud and identity theft . Salted Hash kept track of some of the high-profile cases , and Databreaches.net tracked everything , resulting in a massive list of documented successful attacks . As of February 5 , 23 organizations have disclosed BEC-related data breachesAttack.Databreachpublicly , each one resulting in compromised W-2 data . The confirmed BEC victims include ten school systems , a software development firm , a utility company in Pennsylvania , at least one restaurant in Indianapolis , and businesses operating within the healthcare , finance , manufacturing , and energy sectors . Distribution International emailed employees that their W-2 data was compromisedAttack.Databreachon January 27 . Their notification expands the number of affected taxpayers to more than 30,000 . The scammers spoofedAttack.Phishingan email and pretended to beAttack.Phishingone of the company 's owners . W-2 records for all companies and all employees were compromisedAttack.Databreach. Salted Hash reached out to Sky Climber 's CFO , Jeff Caswell , for more information . Also , the College of Southern Idaho has reported an incident that could impact 3,000 employees . According to Public Information Officer Doug Maughan , the W-2 records affected belong to seasonal and auxiliary staff . Palomar College disclosed an attackAttack.Databreachon January 30 , which affected employee W-2 records . The school did n't say the incidentAttack.Databreachwas the result of a BEC attackAttack.Phishing, but Salted Hash is listing it anyway due to the timing of the attack and the information targeted . Finally today , the West Michigan Whitecaps - a Class A minor league baseball team affiliated with the Detroit Tigers - said staff W-2 records were compromised after someone posing asAttack.Phishinga manager requested them . In 2016 , the criminals behind the BEC attacksAttack.Phishingmostly focused on payroll and tax records . This year though , the IRS says that in addition to the usual records request , the scammers are now following-up and requesting wire transfers . `` Although not tax related , the wire transfer scam is being coupled with the W-2 scam email , and some companies have lost both employees ’ W-2s and thousands of dollars due to wire transfers , '' the IRS explained in their warning . `` Employers should consider creating an internal policy , if one is lacking , on the distribution of employee W-2 information and conducting wire transfers . '' BEC attacksAttack.Phishingare essentially Phishing scamsAttack.Phishing, or Spear PhishingAttack.Phishingsince the criminals have a specific target . They 're effective too , exploiting the trust relationships that exist within the corporate environment . In a majority of the reported cases from 2016 , the attackers forgedAttack.Phishingan email and pretended to beAttack.Phishingthe victim organization 's top executive , or someone with direct authority . Often it is the CEO or CFO , but any high-level manager will work .
The most recent breachAttack.Databreachof smart teddy bears -- which can receive and send voice messages from children and parents -- have been involved in a data breachAttack.Databreachdealing with more than 800,000 user accounts . The company behind the products , Spiral Toys , is denying that any customers were hacked . Zach Lanier , director of research at Cylance , went through the more famous incidents involving toys and breaches and offers a tip with each case . This may have given attackers accessAttack.Databreachto voice recordings from the toy 's customers , by allegedly making the mistake of storing the customer information in a publicly exposedAttack.Databreachonline MongoDB database that required no authentication process . Thus anyone , including the attackers , was able to view and stealAttack.Databreachthe data . CloudPets placed no requirement on password strength , making it much easier to decipher passwords . Tip : Always create a secure password , no matter the strength requirement . Include lowercase and uppercase letter , symbols and numbers . Use a password manager to help create and store unique passwords for sites and services . A line of stuffed animals , these connected toys combine with a mobile application that was vulnerableVulnerability-related.DiscoverVulnerabilitydue to a number of weak APIs , which didn ’ t verify who sent messages . This meant that an attacker could guess usernames , or email addresses , and ask Fisher-Price for server return details about associated accounts and children ’ s profiles , which provides their name , birthdate , gender , language and toys they have played with . Tip : If the IoT device connects to a mobile app or desktop computer , it is important to examine how it connects . If the start of the URL address is http rather than https , which is the secure version of HTTP , then your device is making a less secure connection . The doll has a microphone and accesses the internet to answer your child 's questions . Moreover , criminals could have the ability collectAttack.Databreachyour personal information . Tip : If the toy does require Wi-Fi , make sure it supports modern , more secure Wi-Fi capabilities like WAP2 . Their speech-recognition software maker Nuance Communications violated federal rules by listening to children and saving the recordings . It ’ s valuable to know how they are using your data . Don ’ t provide personal information that seems extra or unnecessary . VTech had its app store database , Learning Lodge , hacked . As a result of the breachAttack.Databreach, over 11.6 million accounts were compromisedAttack.Databreachin a cyberattackAttack.Databreach, exposingAttack.Databreachphotos of children and parents as well as chat logs . The profile data leaked included their names , genders and birth dates . Tip : Check to see if the manufacturer has had any cybersecurity issues in the past , and if so , how they responded . Alternatively , if the company is relatively new , your device is definitely at greater risk . The interactive toy has the ability to communicate and record conversations . Those conversations are sent to the company ’ s servers , analyzed and then stored in the cloud . The toy was criticized for spying on kids by recording their conversations . Through Wi-Fi , attackers can hijack the connection to spy on your children , stealAttack.Databreachpersonal information , and turn the microphone of the doll into a surveillance device . Tip : Since the device is Wi-Fi enabled , confirm if the device supports modern security protocols . If the device only uses WEP or WPA ( but not WPA2 ) security standards , it may be too risky to use . Those versions are older and over time have become almost entirely insecure from attack