Articles about breach

Sensitive client emails, usernames, passwords exposed in Deloitte hack

Deloitte, one of the world's "big four" accountancy firms, has fallen victim to a cyberattack that exposed sensitive emails to hackers. The IT security breach dates back to November 2016 but was only discovered in March this year, according to The Guardian, which broke the news in an exclusive on Monday. Deloitte has …
John Leyden, 25 Sep 2017
Stock traders

SEC 'fesses to security breach, says swiped info likely used for dodgy stock-market trading

The US Securities and Exchange Commission (SEC) has admitted that hackers broke into its corporate filling system last year. As-yet unidentified miscreants may have profited from financial tip-offs and other data obtained after hacking into its online EDGAR filing system, the US government's financial trading watchdog admitted …
John Leyden, 21 Sep 2017
dumb_and_dumber_648

What's that, Equifax? Most people expect to be notified of a breach within hours?

Equifax hasn't found time for a houseclean and is making claims of authority and competence about security breaches that, following its own recent high profile breach, come off as pretty cringeworthy. An autumn 2016 whitepaper from Equifax - still available here at the time of publication – attempts to position the credit …
John Leyden, 19 Sep 2017
Data breach

Equifax UK admits: 400,000 Brits caught up in mega-breach

Equifax UK has surfaced to say that British systems were not affected by a recently disclosed megahack, however 400,000 UK people were affected due to a “process failure.” The credit reference agency is saying that UK dedicated systems were not affected by the security breach at its US parent firm that exposed the personal …
John Leyden, 15 Sep 2017

Equifax mega-breach: Security bod flags header config conflict

Further evidence has emerged regarding the insecurity of Equifax’s web setup, as independent security researcher Scott Helme reports having uncovered all manner of problems with Equifax’s security header configuration. The finding from Helme comes as a date was confirmed for the Equifax CEO to appear before Congress earlier …
John Leyden, 15 Sep 2017

Defrosted starter for 10: Iceland home delivery site spills customer details

Iceland’s home delivery service exposed sensitive customer information for months until the problem was plugged this week, a UK security researcher discovered. Paul Moore went public with his findings after failing to get the retailer to act even 12 months after first reporting the issue. Public disclosure finally prompted …
John Leyden, 14 Sep 2017
Woman and gun photo via Shutterstock

FireEye pulls Equifax boasts as it tries to handle hack fallout

FireEye removed an Equifax case study* from its website in response to a recently disclosed mega-breach at the credit reference agency. Equifax’s endorsement that FireEye’s tech protected it against zero-day and targeted attacks had more than the whiff of hubris about it once it emerged hackers had successfully pwned the …
John Leyden, 11 Sep 2017
open_door_648

Mexican tax refund site left 400GB of sensitive customer info wide open

Mexican VAT refund site MoneyBack exposed sensitive customer information online as a result of a misconfigured database. A CouchDB database featuring half a million customers' passport details, credit card numbers, travel tickets and more was left publicly accessible, security firm Kromtech reports. More than 400GB of …
John Leyden, 8 Sep 2017
Secret Service

Leaky S3 bucket sloshes deets of thousands with US security clearance

Thousands of files containing the personal information of US citizens with classified security clearance have been exposed by an unsecured Amazon server. The sensitive information of an estimated 9,400 job seekers, mostly military veterans, was stored on an Amazon Web Services S3 storage server that required no password to …
John Leyden, 4 Sep 2017
theft

Patchy PCI compliance putting consumer credit card data at risk

Nearly half of global organisations fail to comply with the security standards laid out by the Payment Cards Industry (PCI) to ensure customer payment data is protected, according to a new report. Verizon’s latest Payment Security Report (PSR) found that overall PCI compliance has increased among global businesses, with 55.4 …
John Leyden, 31 Aug 2017
Swedish Chef muppet

Swedish slip-up leaks hosting company's customer data

A major Swedish web hosting has been compromised and its entire customer database leaked. The company, Loopia, made the announcement here, saying the breach happened last Tuesday (August 22), and it notified customers on Friday, advising of a system-wide password reset and telling them to update their personal information. …

TalkTalk fined £100k for exposing personal sensitive info

Blighty's Information Commissioner’s Office has whacked TalkTalk with a £100,000 fine after the data of the records of 21,000 people were exposed to fraudsters in an Indian call centre. The breach came to light in September 2014 when TalkTalk started getting complaints from customers that they were receiving scam calls. …
Kat Hall, 10 Aug 2017

PasteBin data dump: Hackers claim files are from Mandiant FireEye 'breach'

Hackers have leaked what they claim is information stolen from FireEye/Mandiant after apparently breaking into the incident response biz's network. Mandiant has denied this. The miscreants, who branded their attack campaign "Op #LeakTheAnalyst," claimed in a preface to their PasteBin dump that they had "breached [Mandiant's] …
John Leyden, 31 Jul 2017
airplane

Virgin America workers reset passwords after hacker's crash landing

Virgin America's staff and contractors have been told to change their passwords after a hacker raided the airline's systems. The T-Mobile-USA-of-the-skies revealed in a letter to its workforce that its network was compromised by one or more miscreants. A copy of the missive was, as required by law, shared with California's …
bank robbery

Details of 400,000 loan applicants spilled in UniCredit bank breach

Italian bank UniCredit admitted on Wednesday that a series of breaches, undetected for nearly a year, exposed the personal data of 400,000 loan applicants. In an English-language statement, UniCredit blamed an unnamed third-party provider for exposing Italian customer data – including International Bank Account Numbers (IBANs …
John Leyden, 26 Jul 2017
Padlock

Indian telco Reliance Jio denies claims of 100m record data breach

A row over data security is gripping India, with Reliance telco brand Jio denying claims it has leaked the details of 120 million customers. The FoneArena blog was first to spot data purporting to be LTE-only network Jio customer information on the now-suspended magicapk.com. While FoneArena asserts the information was …

Cybercriminals getting as good as nation state spies – report

The European energy sector is being targeted by advanced threat actors seeking proprietary information to advance the capabilities of domestic companies, according to FireEye Mandiant. The latest annual report by FireEye's incident response arm further warns that cyber threat groups are also targeting European industrial …
John Leyden, 14 Mar 2017

Good guy Logic Supply resolves breach in days, unlike some companies

US-based industrial computer supplier Logic Supply has reset user passwords following a suspected security breach. Unauthorised access through the firm's website on 6 February may have exposed customer/company names, usernames and passwords, and order information. Payment card details were not exposed, Logic Supply reassured …
John Leyden, 8 Feb 2017

Create a news alert about breach, or find more stories about breach.

Biting the hand that feeds IT © 1998–2017