Articles about breach

Brit watchdog fines child sex abuse inquiry £200k over mass email blunder

The UK's data watchdog today issued the Independent Inquiry into Child Sexual Abuse (IICSA) a £200,000 penalty after it sent a bulk email to participants that identified possible victims of historical crimes. The Information Commissioner's Office (ICO) said IICSA – set up in 2014 to probe the degree to which institutions in …
Paul Kunert, 18 Jul 2018
Hacker with face obscured, wearing a hoodie,  works in front of a bank of monitors. photo by Shutterstock

Web biz DomainFactory confirms: We were hacked in January 2018

Updated German hosting company DomainFactory has taken down its forums after someone posted messages alleging to have compromised the company's computers. Acknowledging the attack, the GoDaddy-owned (via Host Europe, acquired in 2016) company has advised customers to change their passwords and detailed the extent of the data breach …
Leak

Budget hotel chain, UK political party, Monzo Bank, Patreon caught in Typeform database hack

More entities affected by the computer security breach at web form and survey company Typeform have come forward, including budget hotel chain Travelodge and UK political party the Liberal Democrats. The survey-as-a-service biz discovered on 27 June that an intruder had accessed files from a "partial backup" dated 3 May …
Paul Kunert, 3 Jul 2018
Currys PC World shop sign. Pic: Shutterstock

Dixons Carphone 'fesses to mega-breach: Probes 'attempt to compromise' 5.9m payment cards

Retailer Dixons Carphone has gone public about a hack attack involving 5.9 million payment cards and 1.2 million personal data records. In a statement (PDF), Dixons Carphone said that "unauthorised access" of data held by the company had prompted an investigation, the hiring of external security experts and efforts to shore up …
John Leyden, 13 Jun 2018
Abandoned house

Ex-CEO on TalkTalk mega breach: It woz 'old shed' legacy tech wot done it

Infosec Europe Baroness Dido Harding, former chief exec of Brit telco TalkTalk, warned other business leaders of the dangers posed by legacy tech in the opening keynote of the Infosecurity Europe conference in London. Harding stood by TalkTalk's decision to alert its customers to the company's notorious October 2015 breach the same day it …
John Leyden, 5 Jun 2018

UK Treasury Committee chairman calls on Equifax to answer for breach omnishambles

Equifax may soon face the wrath of UK politicians after the chairman of the country's House of Commons Treasury Committee demanded answers from the firm over its handling of its recent data breach. Nicky Morgan MP has written to the chief executive of Equifax Limited asking for further details about the scale of the breach, …
John Leyden, 12 Oct 2017
dumb_and_dumber_648

What's that, Equifax? Most people expect to be notified of a breach within hours?

Equifax hasn't found time for a houseclean and is making claims of authority and competence about security breaches that, following its own recent high profile breach, come off as pretty cringeworthy. An autumn 2016 whitepaper from Equifax - still available here at the time of publication – attempts to position the credit …
John Leyden, 19 Sep 2017
Data breach

Equifax UK admits: 400,000 Brits caught up in mega-breach

Equifax UK has surfaced to say that British systems were not affected by a recently disclosed megahack, however 400,000 UK people were affected due to a “process failure.” The credit reference agency is saying that UK dedicated systems were not affected by the security breach at its US parent firm that exposed the personal …
John Leyden, 15 Sep 2017

Defrosted starter for 10: Iceland home delivery site spills customer details

Iceland’s home delivery service exposed sensitive customer information for months until the problem was plugged this week, a UK security researcher discovered. Paul Moore went public with his findings after failing to get the retailer to act even 12 months after first reporting the issue. Public disclosure finally prompted …
John Leyden, 14 Sep 2017
Woman and gun photo via Shutterstock

FireEye pulls Equifax boasts as it tries to handle hack fallout

FireEye removed an Equifax case study* from its website in response to a recently disclosed mega-breach at the credit reference agency. Equifax’s endorsement that FireEye’s tech protected it against zero-day and targeted attacks had more than the whiff of hubris about it once it emerged hackers had successfully pwned the …
John Leyden, 11 Sep 2017
open_door_648

Mexican tax refund site left 400GB of sensitive customer info wide open

Mexican VAT refund site MoneyBack exposed sensitive customer information online as a result of a misconfigured database. A CouchDB database featuring half a million customers' passport details, credit card numbers, travel tickets and more was left publicly accessible, security firm Kromtech reports. More than 400GB of …
John Leyden, 8 Sep 2017
Secret Service

Leaky S3 bucket sloshes deets of thousands with US security clearance

Thousands of files containing the personal information of US citizens with classified security clearance have been exposed by an unsecured Amazon server. The sensitive information of an estimated 9,400 job seekers, mostly military veterans, was stored on an Amazon Web Services S3 storage server that required no password to …
John Leyden, 4 Sep 2017
theft

Patchy PCI compliance putting consumer credit card data at risk

Nearly half of global organisations fail to comply with the security standards laid out by the Payment Cards Industry (PCI) to ensure customer payment data is protected, according to a new report. Verizon’s latest Payment Security Report (PSR) found that overall PCI compliance has increased among global businesses, with 55.4 …
John Leyden, 31 Aug 2017

TalkTalk fined £100k for exposing personal sensitive info

Blighty's Information Commissioner’s Office has whacked TalkTalk with a £100,000 fine after the data of the records of 21,000 people were exposed to fraudsters in an Indian call centre. The breach came to light in September 2014 when TalkTalk started getting complaints from customers that they were receiving scam calls. …
Kat Hall, 10 Aug 2017

PasteBin data dump: Hackers claim files are from Mandiant FireEye 'breach'

Hackers have leaked what they claim is information stolen from FireEye/Mandiant after apparently breaking into the incident response biz's network. Mandiant has denied this. The miscreants, who branded their attack campaign "Op #LeakTheAnalyst," claimed in a preface to their PasteBin dump that they had "breached [Mandiant's] …
John Leyden, 31 Jul 2017
Padlock

Indian telco Reliance Jio denies claims of 100m record data breach

A row over data security is gripping India, with Reliance telco brand Jio denying claims it has leaked the details of 120 million customers. The FoneArena blog was first to spot data purporting to be LTE-only network Jio customer information on the now-suspended magicapk.com. While FoneArena asserts the information was …

Cybercriminals getting as good as nation state spies – report

The European energy sector is being targeted by advanced threat actors seeking proprietary information to advance the capabilities of domestic companies, according to FireEye Mandiant. The latest annual report by FireEye's incident response arm further warns that cyber threat groups are also targeting European industrial …
John Leyden, 14 Mar 2017

Good guy Logic Supply resolves breach in days, unlike some companies

US-based industrial computer supplier Logic Supply has reset user passwords following a suspected security breach. Unauthorised access through the firm's website on 6 February may have exposed customer/company names, usernames and passwords, and order information. Payment card details were not exposed, Logic Supply reassured …
John Leyden, 8 Feb 2017

Create a news alert about breach, or find more stories about breach.

Biting the hand that feeds IT © 1998–2018