Articles about breach

UK Treasury Committee chairman calls on Equifax to answer for breach omnishambles

Equifax may soon face the wrath of UK politicians after the chairman of the country's House of Commons Treasury Committee demanded answers from the firm over its handling of its recent data breach. Nicky Morgan MP has written to the chief executive of Equifax Limited asking for further details about the scale of the breach, …
John Leyden, 12 Oct 2017
dumb_and_dumber_648

What's that, Equifax? Most people expect to be notified of a breach within hours?

Equifax hasn't found time for a houseclean and is making claims of authority and competence about security breaches that, following its own recent high profile breach, come off as pretty cringeworthy. An autumn 2016 whitepaper from Equifax - still available here at the time of publication – attempts to position the credit …
John Leyden, 19 Sep 2017
Data breach

Equifax UK admits: 400,000 Brits caught up in mega-breach

Equifax UK has surfaced to say that British systems were not affected by a recently disclosed megahack, however 400,000 UK people were affected due to a “process failure.” The credit reference agency is saying that UK dedicated systems were not affected by the security breach at its US parent firm that exposed the personal …
John Leyden, 15 Sep 2017

Defrosted starter for 10: Iceland home delivery site spills customer details

Iceland’s home delivery service exposed sensitive customer information for months until the problem was plugged this week, a UK security researcher discovered. Paul Moore went public with his findings after failing to get the retailer to act even 12 months after first reporting the issue. Public disclosure finally prompted …
John Leyden, 14 Sep 2017
Woman and gun photo via Shutterstock

FireEye pulls Equifax boasts as it tries to handle hack fallout

FireEye removed an Equifax case study* from its website in response to a recently disclosed mega-breach at the credit reference agency. Equifax’s endorsement that FireEye’s tech protected it against zero-day and targeted attacks had more than the whiff of hubris about it once it emerged hackers had successfully pwned the …
John Leyden, 11 Sep 2017
open_door_648

Mexican tax refund site left 400GB of sensitive customer info wide open

Mexican VAT refund site MoneyBack exposed sensitive customer information online as a result of a misconfigured database. A CouchDB database featuring half a million customers' passport details, credit card numbers, travel tickets and more was left publicly accessible, security firm Kromtech reports. More than 400GB of …
John Leyden, 8 Sep 2017
Secret Service

Leaky S3 bucket sloshes deets of thousands with US security clearance

Thousands of files containing the personal information of US citizens with classified security clearance have been exposed by an unsecured Amazon server. The sensitive information of an estimated 9,400 job seekers, mostly military veterans, was stored on an Amazon Web Services S3 storage server that required no password to …
John Leyden, 4 Sep 2017
theft

Patchy PCI compliance putting consumer credit card data at risk

Nearly half of global organisations fail to comply with the security standards laid out by the Payment Cards Industry (PCI) to ensure customer payment data is protected, according to a new report. Verizon’s latest Payment Security Report (PSR) found that overall PCI compliance has increased among global businesses, with 55.4 …
John Leyden, 31 Aug 2017

TalkTalk fined £100k for exposing personal sensitive info

Blighty's Information Commissioner’s Office has whacked TalkTalk with a £100,000 fine after the data of the records of 21,000 people were exposed to fraudsters in an Indian call centre. The breach came to light in September 2014 when TalkTalk started getting complaints from customers that they were receiving scam calls. …
Kat Hall, 10 Aug 2017

PasteBin data dump: Hackers claim files are from Mandiant FireEye 'breach'

Hackers have leaked what they claim is information stolen from FireEye/Mandiant after apparently breaking into the incident response biz's network. Mandiant has denied this. The miscreants, who branded their attack campaign "Op #LeakTheAnalyst," claimed in a preface to their PasteBin dump that they had "breached [Mandiant's] …
John Leyden, 31 Jul 2017
Padlock

Indian telco Reliance Jio denies claims of 100m record data breach

A row over data security is gripping India, with Reliance telco brand Jio denying claims it has leaked the details of 120 million customers. The FoneArena blog was first to spot data purporting to be LTE-only network Jio customer information on the now-suspended magicapk.com. While FoneArena asserts the information was …

Cybercriminals getting as good as nation state spies – report

The European energy sector is being targeted by advanced threat actors seeking proprietary information to advance the capabilities of domestic companies, according to FireEye Mandiant. The latest annual report by FireEye's incident response arm further warns that cyber threat groups are also targeting European industrial …
John Leyden, 14 Mar 2017

Good guy Logic Supply resolves breach in days, unlike some companies

US-based industrial computer supplier Logic Supply has reset user passwords following a suspected security breach. Unauthorised access through the firm's website on 6 February may have exposed customer/company names, usernames and passwords, and order information. Payment card details were not exposed, Logic Supply reassured …
John Leyden, 8 Feb 2017

Data breach notification law finally makes it to Australia's Parliament

Australia's long-awaited and long-delayed data breach notification laws are back on the political agenda, after the nation's House of Representatives passing the legislation yesterday. The bill now before Australia's Senate is the rather limp document that landed in October 2016. Companies will have the chance to keep mum …

Particle accelerator hacked: Boffins' hashed passwords beamed up

UPDATE The Australian Nuclear Science and Technology Organisation (ANSTO) is investigating a computer security breach at the Australian Synchrotron that saw hackers steal scientists' usernames and passwords Friday. Hackers of as yet unknown origin hit systems hosting the web portal where researchers from ANSTO and third parties can …
Darren Pauli, 3 Feb 2017
Grand Theft Auto (1997)

Gamers warned to swerve phish-hooks after forum breach

The personal details of 2.5 million gamers have been leaked following a breach of unofficial Xbox 360 and PSP forums. XBOX360 ISO and PSP ISO were hacked in 2015 but the extent of the leak only became public this week. Private details, including email addresses, account passwords and IP addresses, of 2.5 million PlayStation …
John Leyden, 1 Feb 2017

Suffered a breach? Expect to lose cash, opportunities, and customers – report

More than a third of organisations that experienced a breach last year reported substantial customer, opportunity and revenue loss. The finding is one of the key takeaways from the latest edition of Cisco's annual cybersecurity report, which also suggests that defenders are struggling to improve defences against a growing …
John Leyden, 31 Jan 2017

Marketing company leaks 17,000 recorded phone calls, many with credit card numbers

More than 400,000 phone call recordings that include names, addresses, phone numbers and credit card information have been leaked online by Florida marketing company VICI Marketing following suspected security blunders. The 28GB database was publicly-accessible and included recordings of inbound and outbound phone calls. …
Darren Pauli, 30 Jan 2017

Create a news alert about breach, or find more stories about breach.

Biting the hand that feeds IT © 1998–2018