Articles about Data Breaches

Omni-shambles! Card-stealing malware checks into US hotel chain

Yet another US hotel chain has admitted malware infected its computer systems and stole guests' bank card information. Omni Hotels said today [PDF] an attacker managed to infiltrate its IT network and inject a software nasty into its payment terminals that siphoned off copies of people's credit and debit cards. The malware …
Shaun Nichols, 11 Jul 2016
By Bob Bob - https://flic.kr/p/914kty

5 years, 2,300 data breaches. What'll police do with our Internet Connection Records?

Police forces across the UK have been responsible for “at least 2,315 data breaches” over the last five years, according to research by Big Brother Watch, prompting concerns about the increasing amount of data they're holding. Titled Safe in Police Hands? the 138-page report is released today after months of requests made by …
NBC suit worker image via Shutterstock

You know how that data breach happened? Three words: eBay, hard drives

Users are unwittingly selling sensitive and unencrypted data alongside their devices through the likes of eBay and Craigslist. Secure data erasure firm Blancco Technology Group (BTG) purchased 200 second-hand hard disk drives and solid state drives before conducting a forensic analysis to find out what data was recoverable. …
John Leyden, 28 Jun 2016

ICO slapped data blabbers with £2m in fines last year

The Information Commissioner's Office doubled the amount of fines it dished out to organisations in breach of data protection rules last year, issuing £2m in penalties, according to its annual report. The hike in fines was mainly due to changes in the rules on nuisance marketing. For the previous year 2014/15, the commission …
Kat Hall, 28 Jun 2016

TalkTalk CEO Dido Harding pockets £2.8m

Dido Harding, the chief exec of beleaguered firm TalkTalk, was handed £2.8m in salary this year, despite the company suffering a catastrophic cyber attack last year. The payout included base salary, shares and cash – the latter being related to performance targets between 2012-2015, the biz said in its annual report today. …
Kat Hall, 20 Jun 2016
Phone thief, photo via Shutterstock

Home Office staff: Over 100 of our work mobiles lost or pinched last year

The UK Home Office has revealed that its ICT losses for 2015 amounted to 125 devices. In a publication today, notably pushed out shortly after The Register's expose of the department's mega database project, the Home Office has published information about its annual ICT losses for 2015. These losses may provoke concern as the …

TalkTalk scam-scammers still scam-scamming

Updated TalkTalk customers are still being targeted by scammers, following a series of data breaches at the company. In the last four years, TalkTalk has had to admit to four different breaches of data, two directly from the company itself and two others from partners here and in India. Most notorious was its attack in October last …
Kat Hall, 03 Jun 2016
Error

Trouble originating between chair and keyboard caused most UK breaches

UK data breaches caused by good old human error rose again early this year, accounting for 62 per cent of all data breaches reported to UK data protection watchdogs in the first quarter of 2016. This far outstrips other causes of breaches, such as insecure webpages and hacking, which stands at nine per cent combined. The …
John Leyden, 02 Jun 2016
Extortion

Miscreants demand Bitcoins to stay silent on 'dirty secrets' of Tumblr, LinkedIn hack victims

The FBI has issued an unusual warning about a new breed of scammers looking to get rich off the back of recent high-profile data breaches. According to the agency's Internet Crime Complaint Center (IC3), a large volume of emails are being reported where the sender claims to have used data from recent breaches at LinkedIn, …
Iain Thomson, 01 Jun 2016
Image by Walther S http://www.shutterstock.com/gallery-955900p1.html

The six stages of post-security incident grief avoidance

AusCERT Audio Security and forensics man Ashley Deuble has outlined the six stages of good incident response that if followed could bring an enterprise in line with Fortune 50 best practice. The Griffith University security manager says the steps of preparation; identification; containment; eradication; recovery, and lessons learned are …
Darren Pauli, 26 May 2016

Password reuse bot steals creds from weak sites, logs in to banks

The perils of password re-use have been laid bare with the discovery of a botnet dedicated to finding account credentials on websites and testing the logins it finds on banks. The work is clever since it avoids tripping botnet detection and brute force rate limiters in place at most security-savvy banks, but absent across the …
Darren Pauli, 24 May 2016
Archer cracks the ISIS mainframe's password

Hmmm, where should I dump those unencrypted password files? I know - OneDrive

Enterprises are routinely storing corporate password files in the cloud through Microsoft’s OneDrive backup technology. OneDrive is the most common Office 365 application, with 79.1 per cent of organisations using it, according to a study by cloud control tech vendor Skyhigh Networks. The average corporate OneDrive service …
John Leyden, 18 May 2016
Furnace by https://www.flickr.com/photos/changeable_fate/ cc 2l0 attribution generic https://creativecommons.org/licenses/by/2.0/

Hackers tear shreds off Verizon's data breach report top 10 bug list

Information security boffins have pilloried Verizon's latest data breach report, suggesting its list of top security vulnerabilities do not represent reality. The 2016 Data Breach Investigations report [PDF] is Verizon's ninth in the series drawing on a wider pool of data including some 100,000 security incidents and 2260 data …
Darren Pauli, 12 May 2016

MongoDB on breaches: Software is secure, but some users are idiots

You shouldn't expect to see any end to data breaches caused by misconfigured instances of MongoDB soon, the company's strategy veep has told The Register. MongoDB is a fairly popular document store in the database world, used by eBay, Foursquare, and The New York Times. It's open source, available under the GNU APL v3.0 …

Hackers so far ahead of defenders it's not even a game

Cybercriminals are way ahead of the game against defenders without having to try anything new, according to the latest edition of Verizon's benchmark survey of security breaches. The study shows that miscreants have no need to switch up, because the same old tactics are still working fine. Security defenders are still …
John Leyden, 26 Apr 2016
Man on bicycle talks on mobile on busy Brussels street. Photo by Alredo Cerra via Shutterstock

Europe's new privacy safeguards are finally approved, must invade EU nations by 2018

Analysis The General Data Protection Regulation (GDPR) has been ratified by the European Parliament. The final seal of approval follows successful passage through the EU Parliament's Committee on Civil Liberties, Justice and Home Affairs. Following four years of discussions and amendments, the GDPR is now officially EU law and will …
John Leyden, 14 Apr 2016

Cutting edge security: Expensive kit won't save you

We all want to protect our customer and employee data, but as the threat landscape changes and the publicly disclosed data breaches get increasingly larger, our approach may need to change. What constitutes "state of the art" information security in 2016? It’s tempting to create a listicle of 10 shiny new security tools that …
Danny Bradbury, 13 Apr 2016

Cyber-security pro? Forget GCHQ, BT wants to hire 900 of you

Former state monopoly BT is on the hunt for 900 security bods to help it meet the "surge" in customer demand for those skills, following a number of high-profile security and data breaches. The biz currently employs more than 2,500 security folk and reckons its security operations' annual revenues are growing at a double-digit …
Kat Hall, 13 Apr 2016
hacker

What exactly is it that infosec miscreants get up to? A quick overview

If corporate IT infrastructures are a battlefield, then the cybercriminals are putting up a good fight. Last year saw some nasty breaches. Anthem Insurance, which lost nearly 80 million records, and the US Office of Personnel Management, which lost 21 million records after failing to encrypt its records. Cybercriminals are …
Danny Bradbury, 13 Apr 2016
London - Iconic Red telephone box with Big Ben at the background and blue sky - UK, England. Photo by Shutterstock

Spear phishers target gullible Brits more than anyone else – survey

There’s been a sharp (35 per cent) increase in crypto ransomware attacks, with the UK ranked as the nation third most targeted with ransomware. The UK is also ranked as the most targeted nation for spear phishing attacks and the second most hit-upon country with social media scams, according to other findings from Symantec's …
John Leyden, 12 Apr 2016
Cash register, photo via Shutterstock

Want a job in security? Lock down US military's supermarkets

The US Department of Defense is looking to form a security team to protect military commissaries from hackers. NextGov has spotted a posting from the Federal Business Opportunities site for an "incident response service" at military commissary shops. According to the job post [Word Doc], the response service contractors will …
Shaun Nichols, 08 Apr 2016

Divided FCC passes ISP privacy rules, overhauls LifeLine

The US Federal Communications Commission (FCC) has passed a pair of important new rules designed to extend broadband service in the US and protect user data. The commission's rulings came after a last-minute delay in its scheduled March 31 meeting, but ultimately ended with both proposals passing. The LifeLine rules will …
Shaun Nichols, 31 Mar 2016
Moments of perspiration

Cyberthreat: Learning to live with the risk

Cyberthreats are like the common cold or some other infectious virus; eventually you’re going to get sick. It’s a part of life. They’re always there, lurking just around the corner, waiting to make your life that little bit harder. At the same time, you can’t focus entirely on potential risks to your business at the expense of …
Danny Bradbury, 18 Mar 2016

Cyber-crooks now prefer ransomware to botnets. Yep, firms are paying up

File-encrypting ransomware has eclipsed botnets to become the main threat to enterprises, according to Trend Micro. During the fourth quarter of 2015, 83 per cent of all data extortion attacks were made with the use of crypto-ransomware. CryptoWall topped the list of 2015’s most notorious ransomware families, with a 31 per …
John Leyden, 09 Mar 2016

You know how we're all supposed to automate now? Dark web devs were listening

RSA 2016 Security researchers have thrown the spotlight on a popular cybercrime tool that’s used by crooks to automate the process of taking over accounts on major websites before making fraudulent purchases. Sentry MBA, which is readily available for purchase on the so-called dark web, offer a way to break into accounts via a point- …
John Leyden, 02 Mar 2016
US Pentagon. Pic: DoD photo by MSgt Ken Hammond, USAF

Pentagon to Dept of Defense: Give us $580bn for cyberwar and spacewar

The Pentagon has asked for $582.7bn to bolster the US Department of Defense's (DoD) capabilities, especially when it comes to a future cyber and space war. Testifying before the House Appropriations Committee, which regulates the US Government's expenditure, the Defense Secretary Ash Carter explained why his department was …

Hackers aren't so interested in your credit card data these days. That's bad news

Healthcare and government have overtaken the retail sector as most-targeted for data breaches, according to security firm Gemalto. A total of 1,673 data breaches led to 707 million data records being compromised worldwide during 2015, according to the latest edition of Gemalto’s Breach Level Index report. Not all breaches are …
John Leyden, 23 Feb 2016
Home Secretary Theresa May introduces draft Investigatory Powers Bill to MPs. Pic credit: Parliament TV

Home Office lost its workers' completed security vetting forms

The Home Office has admitted to The Register that among its data breach incidents last year was one in which security vetting documents disappeared from within secured government premises. Through the Freedom of Information Act, The Register has learned that the Home Office – responsible for the UK's domestic counter- …

ICO says TalkTalk customers need to get themselves a lawyer

A Parliamentary inquiry into the TalkTalk security breach heard the Information Commissioner, Christopher Graham, stress that aggrieved TalkTalk customers should lawyer up. People expecting his office to sort out reparations for them should instead take their complaints directly to the telco, the hearing heard. The "TalkTalk …

Medical data experiment goes horribly wrong: 950,000 records lost

American health insurer Centene Corp says it has lost 950,000 sensitive customer records stored on six hard drives. The drives hold customers' name and address, date of birth, Social Security numbers, and health information. Centene Corp boss Michael Neidorff says the company does not know if the information has been …
Darren Pauli, 27 Jan 2016
Tom Wheeler, Chair of FCC. Image by DonkeyHotey

Privacy warriors plead with FCC to wield sword of net neutrality against snooping ISPs

The US Federal Communications Commission (FCC) has been urged to put in place stronger protections for broadband subscribers' privacy. A letter [PDF] written by a coalition of 59 activist groups from across America demands that FCC chairman Tom Wheeler fast-tracks proposed rules that would restrict the ways broadband service …
Shaun Nichols, 20 Jan 2016

For pity's sake, enterprises, upgrade your mobile OS - report

Nine out of 10 enterprise mobile devices are using out-of-date operating systems, according to a new study, with upgrade issues increasing users' exposure to breaches, Duo Security warns. The analysis of more than one million actual iOS and Android mobile devices users in enterprises revealed that running updates is still hit …
John Leyden, 20 Jan 2016
Cash on scales. Pic: Images Money, Flickr

ICO: You call that a sentence? Courts need power to hit data thieves harder

Blighty's data watchdog has moaned that the UK's courts needs greater powers to impose penalties on data thieves after a woman was slapped with a £1,000 for flogging 28,000 customer records for £5,000. Sindy Nagra, 42, from Hayes, was issued the fine by Isleworth Crown Court on Friday. She was an admin assistant at a car …
Kat Hall, 11 Jan 2016

The Network and Information Security Directive – who is in and who is out?

New cyber security laws agreed on by EU law makers in early December are set to impact on a large number of businesses. Political agreement on the draft Network and Information Security (NIS) Directive, which could still be amended, was reached by MEPs and representatives of EU  governments in early December. It means the path …
OUT-LAW.COM, 07 Jan 2016
Crypto fingers

Law enforcement versus Silicon Valley's idle problem children

Year in review Tensions have been building for a while on the back of revelations from NSA contractor turned whistleblower Edward Snowden but 2015 marked the outbreak of full-on hostilities between tech firms in Silicon Valley and Western governments. Law enforcement and politicians on both sides of the Atlantic lined up to repeatedly …
John Leyden, 29 Dec 2015

New bill would require public companies to disclose cybersecurity credentials

A new bill introduced to Congress on Thursday would require US publicly listed companies to disclose who on their Board has cybersecurity expertise. If it passes, the Cybersecurity Disclosure Act of 2015 would oblige companies to add details of which, if any, of their directors know about online security in filing to the …
Kieren McCarthy, 18 Dec 2015

Strict new EU data protection rules formally adopted by MEPs

Strict new rules forcing companies to pay four per cent of their global turnover in fines if they breach the European Union's data protection regulations have today been formally agreed. The legislation will create a uniform set of rules across the EU "fit for the digital era," said the EU in a press release. It said they …
Kat Hall, 17 Dec 2015
Crop of doctor with pen and clipboard

Nearly 1 in 5 health data breaches take years to spot, says Verizon

Stolen medical information is a prevalent problem across multiple industries, according to a new study by Verizon. The issue is compounded because many organisations outside of the healthcare sector do not even realise they even hold this type of data. Common sources of protected health information are employee records ( …
John Leyden, 16 Dec 2015
Bates Motel

FTC and Wyndham end hotel data protection feud

Hotel chain Wyndham Resorts has agreed to settle its long-running case with the FTC over its handling of customer data. The US trade bod said on Wednesday it has agreed to a settlement deal [PDF] that will see Wyndham spend the next two decades under mandatory rules for securing and storing customer payment card information. …
Shaun Nichols, 10 Dec 2015
ansip_648

Mandatory data breach reporting rules finally agreed by EUrocrats

After five hours of negotiations on 7 December, members of the European Parliament and Council finally settled on the wording of the EU's Network and Information Security (NIS) Directive. The directive was first proposed in 2013 as a means of forwarding the European Union's cybersecurity strategy. As it is a directive, rather …

Malvertising: How the ad model makes crime pay

Feature The exploitation of online advertising networks by malware-flingers is expected to cause up to $1bn in damages by the end of this year, but despite ongoing regulatory efforts, it is not clear to whom the liability for these enormous losses will fall. The increasingly sophistication with which online advertisers profile users …

Malware caught checking out credit cards in 54 luxury hotels

Add Starwood – owner of the Sheraton, Westin, W hotel chains – to the ranks of resorts infiltrated by credit card-stealing malware. The luxury hotel chain said on Friday that 54 of its North American locations had been infected with a software nasty that harvested banking card information from payment terminals and cash …
Shaun Nichols, 20 Nov 2015
Broken piggy bank with coins surrounding it. Image via Shutterstock

NCC Group sowing the seeds of disruption in the cyber security industry

Competition It's 2015, the cyber attacks keep on coming, and the bad guys appear to be winning – some may argue this is because devastating data breaches are more newsworthy than businesses upping their security defences. We see a relentless battle between businesses trying to protect themselves and those with malicious intent attacking …
David Gordon, 20 Nov 2015
Gavel

Three men indicted over JPMorgan Chase megahack

Three men have been indicted over the 2014 cyberheist of the largest US bank, JPMorgan Chase & Co. That attack involved the compromise of sensitive personal details of 76 million households and 7 million small businesses. Three men, two Israeli nationals Gery Sharon and Ziv Orensteini, as well as US national Joshua Samuel …
backdoor_648. Pic via Shutterstock

Tim Cook: UK crypto backdoors would lead to 'dire consequences'

IPB Apple boss Tim Cook has once again warned of what he says would be the "dire consequences" of opening up backdoors to allow spies to access our data. He said it would be wrong for the UK government's latest super-spy bid – the draft Investigatory Powers Bill, which landed in Parliament last week – to weaken cryptography. Cook …
Kelly Fiveash, 10 Nov 2015

TalkTalk may tell investors to tighten belts after cyber incident

TalkTalk is likely to deliver bad news to investors next week, as analysts suggested it has managed to halve its customer growth forecast after spaffing the sensitive data of more than a million existing and former customers. Shares in the telco sit at their lowest point since an initial drop of 10.7 per cent after confessing …

UK cyber-spy law takes Snowden's revelations of mass surveillance – and sets them in stone

IPB The encryption bothering parts of the UK's Investigatory Powers Bill have left IT security experts flabbergasted. Introducing the draft internet surveillance law in the House of Commons on Wednesday, Home Secretary Theresa May presented it as consolidating and updating existing investigatory powers. She spun it as a break from …
John Leyden, 05 Nov 2015

Password reset invoked after vBulletin.com forum software site defaced

The official website of vBulletin.com forum software has hit the big red password reset following a breach by hackers that exposed the IDs of hundreds of thousands of users. A hacker claimed the had made off with a combined 480,000 records after an attack that led to the defacement of the vBulletin.com and a reported hack …
John Leyden, 03 Nov 2015

Here's how TalkTalk ducked and dived over THAT gigantic hack

Timeline It has been almost two weeks since the "cyber attack" on the TalkTalk website of 21 October, yet the company is yet to tell its customers how their data was compromised. TalkTalk's CEO Dido Harding has yet to offer anything more than a token apology regarding the company's security practices, which allowed more than a million …

Brit mobile pay biz reveals historical cyber attacks, gets smacked in the share price

The share price of mobile payments business Optimal Payments has taken a banging after the company confessed it was only just beginning to investigate historical data breaches, following the discovery of its customers' data being trafficked online. The British company said that it had only come to know about the data breaches …