Articles about breach

Bank vault

Brit banks must disclose outages via API, decrees finance watchdog

The Financial Conduct Authority (FCA) is enforcing new rules that obligate banks to publicly reveal the number and frequency of online outages – including whether these were caused by malicious actors. Billed as part of consumer-friendly changes to the small print for online banking services, new rules from the FCA and the …
Gareth Corfield, 16 Aug 2018
Salesforce web page

Salesforce cloud glitch blurted customer data at unauthorised users

Customer data stored on Salesforce's marketing cloud might have been shared with unauthorised parties, cloud slinger has warned. Users of the software firm's Marketing Cloud Email Studio or Predictive Intelligence products may have been affected by a glitch that meant their data was either copied to the systems of other users …
John Leyden, 6 Aug 2018
container_ship_hamburg_shutterstock_648

Holy ship! UK shipping biz Clarksons blames megahack on single point of pwnage

British shipping services firm Clarksons has revealed a high profile data breach last year stemmed from a hack on a “single and isolated user account”. shipping container Hacked Brit shipping giant Clarksons: A person may release some of our data today READ MORE Criminal hackers stole employee information from the shipping …
John Leyden, 1 Aug 2018
movie still from zoolander: 'hansel, he's so hot right now. hansel'

Oooooh! Fashion! Yes, 1m-plus accounts on clothes, trinket websites exposed by lax security

Naff computer security at an e-commerce provider potentially exposed the details of more than a million unique accounts on British clothing and accessory shopping websites, infosec experts have confirmed. Sub-optimal security at Fashion Nexus meant a white-hat hacker, Taylor Ralston, was able to access databases containing …
John Leyden, 1 Aug 2018
Oz

Australians almost immune from ransomware, topping lists for data safety

Take a bow, Australians: we may have had 242 breaches sent to the information commissioner this quarter, but almost nobody fell victim to ransomware attacks. Of all the data breaches reported to the Office of the Australian Information Commissioner (OAIC) between April and June this year, only two were ransomware attacks. …

Brit watchdog fines child sex abuse inquiry £200k over mass email blunder

The UK's data watchdog today issued the Independent Inquiry into Child Sexual Abuse (IICSA) a £200,000 penalty after it sent a bulk email to participants that identified possible victims of historical crimes. The Information Commissioner's Office (ICO) said IICSA – set up in 2014 to probe the degree to which institutions in …
Paul Kunert, 18 Jul 2018
Hacker with face obscured, wearing a hoodie,  works in front of a bank of monitors. photo by Shutterstock

Web biz DomainFactory confirms: We were hacked in January 2018

Updated German hosting company DomainFactory has taken down its forums after someone posted messages alleging to have compromised the company's computers. Acknowledging the attack, the GoDaddy-owned (via Host Europe, acquired in 2016) company has advised customers to change their passwords and detailed the extent of the data breach …
Leak

Budget hotel chain, UK political party, Monzo Bank, Patreon caught in Typeform database hack

More entities affected by the computer security breach at web form and survey company Typeform have come forward, including budget hotel chain Travelodge and UK political party the Liberal Democrats. The survey-as-a-service biz discovered on 27 June that an intruder had accessed files from a "partial backup" dated 3 May …
Paul Kunert, 3 Jul 2018
Currys PC World shop sign. Pic: Shutterstock

Dixons Carphone 'fesses to mega-breach: Probes 'attempt to compromise' 5.9m payment cards

Retailer Dixons Carphone has gone public about a hack attack involving 5.9 million payment cards and 1.2 million personal data records. In a statement (PDF), Dixons Carphone said that "unauthorised access" of data held by the company had prompted an investigation, the hiring of external security experts and efforts to shore up …
John Leyden, 13 Jun 2018
Abandoned house

Ex-CEO on TalkTalk mega breach: It woz 'old shed' legacy tech wot done it

Infosec Europe Baroness Dido Harding, former chief exec of Brit telco TalkTalk, warned other business leaders of the dangers posed by legacy tech in the opening keynote of the Infosecurity Europe conference in London. Harding stood by TalkTalk's decision to alert its customers to the company's notorious October 2015 breach the same day it …
John Leyden, 5 Jun 2018

UK Treasury Committee chairman calls on Equifax to answer for breach omnishambles

Equifax may soon face the wrath of UK politicians after the chairman of the country's House of Commons Treasury Committee demanded answers from the firm over its handling of its recent data breach. Nicky Morgan MP has written to the chief executive of Equifax Limited asking for further details about the scale of the breach, …
John Leyden, 12 Oct 2017
dumb_and_dumber_648

What's that, Equifax? Most people expect to be notified of a breach within hours?

Equifax hasn't found time for a houseclean and is making claims of authority and competence about security breaches that, following its own recent high profile breach, come off as pretty cringeworthy. An autumn 2016 whitepaper from Equifax - still available here at the time of publication – attempts to position the credit …
John Leyden, 19 Sep 2017
Data breach

Equifax UK admits: 400,000 Brits caught up in mega-breach

Equifax UK has surfaced to say that British systems were not affected by a recently disclosed megahack, however 400,000 UK people were affected due to a “process failure.” The credit reference agency is saying that UK dedicated systems were not affected by the security breach at its US parent firm that exposed the personal …
John Leyden, 15 Sep 2017

Defrosted starter for 10: Iceland home delivery site spills customer details

Iceland’s home delivery service exposed sensitive customer information for months until the problem was plugged this week, a UK security researcher discovered. Paul Moore went public with his findings after failing to get the retailer to act even 12 months after first reporting the issue. Public disclosure finally prompted …
John Leyden, 14 Sep 2017
Woman and gun photo via Shutterstock

FireEye pulls Equifax boasts as it tries to handle hack fallout

FireEye removed an Equifax case study* from its website in response to a recently disclosed mega-breach at the credit reference agency. Equifax’s endorsement that FireEye’s tech protected it against zero-day and targeted attacks had more than the whiff of hubris about it once it emerged hackers had successfully pwned the …
John Leyden, 11 Sep 2017
open_door_648

Mexican tax refund site left 400GB of sensitive customer info wide open

Mexican VAT refund site MoneyBack exposed sensitive customer information online as a result of a misconfigured database. A CouchDB database featuring half a million customers' passport details, credit card numbers, travel tickets and more was left publicly accessible, security firm Kromtech reports. More than 400GB of …
John Leyden, 8 Sep 2017
Secret Service

Leaky S3 bucket sloshes deets of thousands with US security clearance

Thousands of files containing the personal information of US citizens with classified security clearance have been exposed by an unsecured Amazon server. The sensitive information of an estimated 9,400 job seekers, mostly military veterans, was stored on an Amazon Web Services S3 storage server that required no password to …
John Leyden, 4 Sep 2017
theft

Patchy PCI compliance putting consumer credit card data at risk

Nearly half of global organisations fail to comply with the security standards laid out by the Payment Cards Industry (PCI) to ensure customer payment data is protected, according to a new report. Verizon’s latest Payment Security Report (PSR) found that overall PCI compliance has increased among global businesses, with 55.4 …
John Leyden, 31 Aug 2017

Create a news alert about breach, or find more stories about breach.

Biting the hand that feeds IT © 1998–2018