Articles about breach

Man feels someone else's pain

Workplace services-flinger Sodexo pulls Engage website after division hit by malware smackdown

Employee benefits firm Sodexo has suffered a data breach exposing personal info believed to include names, email addresses and home addresses after UK arm Sodexo Motivation Solutions’ internal IT systems were hit by malware. In the wake of the breach, it pulled Engage's staff-facing retail discount and perks website …
John Leyden, 10 Oct 2018
Beware awkward moments next exit

Sendgrid blurts out OWN customers' email addresses with no help from hackers

Cloud-based email marketing service SendGrid has copped to blabbing customer email addresses, chalking it up to some overenthusiastic indexing without explaining why pages were public-facing in the first place. In a breach notice sent out on Tuesday 2 October, SendGrid said that "some email addresses processed through the …
John Leyden, 4 Oct 2018
Zuckerberg

Facebook gives third-party apps the all-clear

Facebook has toned down its Friday warning that stolen credentials could be used to compromise third-party apps. Last week, the company 'fessed up to a bug in its “View As” feature that let miscreants harvest millions of account access tokens. At the time, the Silicon Valley behemoth reckoned a mere 50 million accounts were “ …

Financial Conduct Authority fines Tesco Bank £16.4m over 2016 security breach

The Financial Conduct Authority (FCA) has slapped a £16.4m fine on Tesco Bank for the security vulnerabilities that led to millions of pounds being pilfered from thousands of customers’ online accounts two years ago. As revealed by us at the time, Tesco called on the National Cyber Security Centre to probe the 5 November 2016 …
Paul Kunert, 1 Oct 2018
Conservative Party Facebook

UK ruling party's conference app editable by world+dog, blabs members' digits

The UK's Conservative Party has kicked off its annual conference by exposing its MPs' phone numbers to anyone able to guess their email addresses. Party chairman Brandon Lewis was planning to sell the "interactive" app – which will allow attendees to give feedback on speeches as they happen – as evidence that the ruling party …
Rebecca Hill, 1 Oct 2018
Man with guilty grin carefully closes laptop

Health insurer Bupa fined £175k after staffer tried to sell customer data on dark web souk

International health insurance business Bupa has been fined £175,000 after a staffer tried to sell more than half a million customers' personal information on the dark web. The miscreant was able to access Bupa's CRM system SWAN, which holds records on 1.5 million people, generate and send bulk data reports on 547,000 Bupa …
Rebecca Hill, 28 Sep 2018
Tilted glass with milk lying on a table

Aggregate this: NewsNow has spilt a bunch of 'encrypted' passwords

Updated UK aggregator NewsNow has suffered a breach resulting in the leak of users' "encrypted" passwords. Word of the breach surfaced through reports to security consultant Troy Hunt, who runs the Have I Been Pwned service. Data breach at @NewsNowUK pic.twitter.com/6j1b03x4Fp — Troy Hunt (@troyhunt) September 24, 2018 The breach …
John Leyden, 25 Sep 2018
couple watches tv.

TV Licensing admits: We directed 25,000 people to send their bank details in the clear

The UK's TV Licensing agency has admitted that 25,000 viewers were induced into sending their bank details over an insecure connection. tv television cable cableco entertainment netflix hbo HTTPS crypto-shame: TV Licensing website pulled offline READ MORE The organisation ran transactional pages for bank debits through an …
John Leyden, 18 Sep 2018

Tick-tock, tick-tock. Oh, that's just the sound of compromised logins waiting to ruin your day

Comment It has never been easier to conduct a cyber attack. There now exists a range of off-the-shelf tools and services that do all the heavy lifting – you just need to pick an approach and tool you like best. There's ransomware-as-a-service with its "here's one I made earlier" code, search engines that show connected interfaces with …
Dave Cartwright, 17 Sep 2018
Sceptic wears an incredulous expression, scrunches eyes

Veeam holds its hands up, admits database leak was plain 'complacency'

Veeam has blamed "human error" for the exposure of a marketing database containing millions of names and email addresses. The unencrypted MongoDB resource was left open for anyone to view after a migration between different AWS systems, Peter McKay, co-CEO and president at Veeam, told The Register. The resource – which wasn't …
John Leyden, 14 Sep 2018

Law firm seeking leak victims to launch £500m suit at British Airways

British Airways faces a £500m lawsuit over its recent mega-breach that exposed payment card details of 380,000 customers. The airliner last week apologised and offered to compensate customers for any direct financial loss for the attack that took place between 21 August and 5 September via its website and app. However, an …
John Leyden, 11 Sep 2018
British Airways website

British Airways hack: Infosec experts finger third-party scripts on payment pages

Security experts are debating the cause of the British Airways mega-breach, with external scripts on its payment systems emerging as a prime suspect in the hack. Why infosec folk think it was the payment system Although BA hasn't disclosed the root of the breach, the unusual precision it ascribed to the hack's duration …
John Leyden, 11 Sep 2018
THAT sand penis on BA.com. Just to the left of the L in 'Last minute deals'

Revealed: British Airways was in talks with IBM on outsourcing security just before hack

Exclusive Just weeks before being hacked in late August, British Airways' parent IAG was planning to outsource its cybersecurity to IBM, admitting it needed a "group-wide strategic and proactive approach" to counter threats. The memo in full Subject: Group IT Cyber Security Update From: John Hamilton Sent: 01 August 2018 13:56 All …
John Leyden, 7 Sep 2018
Bank vault

Brit banks must disclose outages via API, decrees finance watchdog

The Financial Conduct Authority (FCA) is enforcing new rules that obligate banks to publicly reveal the number and frequency of online outages – including whether these were caused by malicious actors. Billed as part of consumer-friendly changes to the small print for online banking services, new rules from the FCA and the …
Gareth Corfield, 16 Aug 2018
Salesforce web page

Salesforce cloud glitch blurted customer data at unauthorised users

Customer data stored on Salesforce's marketing cloud might have been shared with unauthorised parties, cloud slinger has warned. Users of the software firm's Marketing Cloud Email Studio or Predictive Intelligence products may have been affected by a glitch that meant their data was either copied to the systems of other users …
John Leyden, 6 Aug 2018
container_ship_hamburg_shutterstock_648

Holy ship! UK shipping biz Clarksons blames megahack on single point of pwnage

British shipping services firm Clarksons has revealed a high profile data breach last year stemmed from a hack on a “single and isolated user account”. shipping container Hacked Brit shipping giant Clarksons: A person may release some of our data today READ MORE Criminal hackers stole employee information from the shipping …
John Leyden, 1 Aug 2018
movie still from zoolander: 'hansel, he's so hot right now. hansel'

Oooooh! Fashion! Yes, 1m-plus accounts on clothes, trinket websites exposed by lax security

Naff computer security at an e-commerce provider potentially exposed the details of more than a million unique accounts on British clothing and accessory shopping websites, infosec experts have confirmed. Sub-optimal security at Fashion Nexus meant a white-hat hacker, Taylor Ralston, was able to access databases containing …
John Leyden, 1 Aug 2018
Oz

Australians almost immune from ransomware, topping lists for data safety

Take a bow, Australians: we may have had 242 breaches sent to the information commissioner this quarter, but almost nobody fell victim to ransomware attacks. Of all the data breaches reported to the Office of the Australian Information Commissioner (OAIC) between April and June this year, only two were ransomware attacks. …

Create a news alert about breach, or find more stories about breach.

Biting the hand that feeds IT © 1998–2018