Data Breaches & Incidents News

By Sunny Hoi
  • Dark Reading: Attacks/Breaches - 8 April 2020, 8:05 pm

    Information includes tips on how to keep IT systems infection-free.Read More

  • Dark Reading: Attacks/Breaches - 8 April 2020, 6:00 pm

    The two hacking methods occur independently but are being used in concert to steal funds that are part of online payments and transactions.Read More

  • DataBreaches.net - 8 April 2020, 3:14 pm

    I confess: some data leaks are not particularly interesting to me in terms of their sector or type of data leaked, but they become noteworthy because of the entity’s horrible, terrible, ridiculously bad incident response to attempted notification. Today we give you Maropost Inc. a marketing automation platform  whose 10,000+ clients include New York Post, Shopify, Fujifilm, Hard Rock Café, and Mother Jones. CyberNews reports today that researchers found that Maropost was exposing a database containing close to 95 million individual customer records and email logs with more than 19 million unique email addresses. Finding the leak was relatively easy. Getting…Read More

  • DataBreaches.net - 8 April 2020, 2:02 pm

    EVERSANA, a global commercial services provider to healthcare entities, has disclosed a data breach that occurred between between April 1 and July 3, 2019.  The breach reportedly affected patient data stored in a legacy technology environment, which has since been updated. According to their notification, “Upon notification of unusual email activity, the firm immediately conducted a comprehensive review and confirmed that certain EVERSANA accounts were subject to unauthorized access through a legacy technology environment, which has since been updated, between April 1 and July 3, 2019.” But when were they first notified of unusual email activity? And how were they…Read More

  • Dark Reading: Attacks/Breaches - 8 April 2020, 2:00 pm

    Extended detection response technology assumes a breach across all your endpoints, networks, SaaS applications, cloud infrastructure, and any network-addressable resource.Read More

  • DataBreaches.net - 8 April 2020, 1:33 pm

    NepaliTelecom reports: While we just completed the Challenges of ISP for the current situation, another news appeared of the data leak for one of the leading Internet services providers in Nepal. Of course, we had missed that part. The leak is of none other than Vianet whose customers’ details have been compromised with a possible hack happened yesterday night. There has been a leak of more than 170,0000 (1.7 lakhs) Vianet’s customer’s data from hackers’ Twitter account. It is quite worrisome to have such data leaks in a series after the recent Foodmandu hack. Read more on NepaliTelecom. As of the time of…Read More

  • Dark Reading: Attacks/Breaches - 7 April 2020, 10:45 pm

    Organizations across multiple industries compromised in a systematic effort to steal IP and other sensitive business data, BlackBerry says.Read More

  • Dark Reading: Attacks/Breaches - 7 April 2020, 10:10 pm

    More than half of the top 1 million websites use HTTPS, researchers report, but not all encrypted traffic is safe.Read More

  • Dark Reading: Attacks/Breaches - 7 April 2020, 4:20 pm

    Phishing is the top threat, followed by websites offering false information about the pandemic, malware, and ransomware attacks.Read More

  • Dark Reading: Attacks/Breaches - 7 April 2020, 2:00 pm

    Data from application processes and other systems leave a trail of threat crumbs that can be used to detect and shut down attacks.Read More

  • DataBreaches.net - 7 April 2020, 12:32 pm

    Rob Antle reports: Newfoundland and Labrador’s privacy commissioner says he is “deeply concerned” that Facebook declined to remove personal medical information posted on its site, despite repeated requests from health officials, and only took action after receiving inquiries from the media. […] On Feb. 9, a Facebook user posted pictures on their page that showed the MCP number, address and detailed medical information — including prescriptions and test results — of a named person. In his letter to Facebook, Harvey said screen captures containing 111 files of 34 identifiable individuals were posted in total. The file names were the names…Read More

  • DataBreaches.net - 7 April 2020, 12:31 pm

    Catalin Cimpanu reports: The data of more than 600,000 Email.it users is currently being sold on the dark web, ZDNet has learned following a tip from one of our readers. “Unfortunately, we must confirm that we have suffered a hacker attack,” the Italian email service provider said in a statement to ZDNet on Monday. Read more on ZDNet.Read More

  • Dark Reading: Attacks/Breaches - 6 April 2020, 11:05 pm

    Vendors of offensive cyber tools have made it easy for any threat group with the right funds to leverage unpatched bugs, FireEye says.Read More

  • Dark Reading: Attacks/Breaches - 6 April 2020, 10:15 pm

    An attack group is searching for insecure containers exposing the Docker API and then installing a program that attempts to mine cryptocurrency. It’s not the first time.Read More

  • Dark Reading: Attacks/Breaches - 6 April 2020, 9:45 pm

    The infection started with a phishing email and spread throughout the organization, overheating all machines and flooding its Internet connection.Read More

  • Dark Reading: Attacks/Breaches - 6 April 2020, 8:00 pm

    A new PSA warns of attacks launched against users of two popular cloud-based email systems.Read More

  • Dark Reading: Attacks/Breaches - 6 April 2020, 3:45 pm

    The latest release of Firefox brings fixes for two Critical vulnerabilities already seen exploited in the wild.Read More

  • Dark Reading: Attacks/Breaches - 6 April 2020, 2:00 pm

    And it’s not just because they click when they shouldn’t… they also leave a trail of clues and details that make them easy to spoofRead More

  • DataBreaches.net - 5 April 2020, 10:57 pm

    The Public Hospitals Authority for the Bahamas issued the following: The Public Hospitals Authority (PHA) has launched a criminal investigation into the leak and dissemination on social media of a purported confidential document pertaining to clients of the Grand Bahama Health Services. The PHA has been assured that the matter which is now in the hands of the authorities will result in a swift and serious outcome for those who are engaged in the leak and circulation of this document. The public is advised that patient health records are confidential and cannot be released without the consent of the patient.…Read More

  • DataBreaches.net - 5 April 2020, 4:19 pm

    More than 40 million Iranians had their personal data leaked and shared with strangers because they tried to use an alternative to Telegram after their  government banned its use. It’s time for Iran to lift the ban before there are more massive leaks as people go online to seek information about COVID-19. by Dissent Doe with Under The Breach A recent report by Comparitech and Bob Diachenko concerning an exposed elasticsearch server with data scraped from a forked Telegram app was  one of numerous leak reports during March. The leak had exposed data of more than 42 million Iranians, and…Read More

  • DataBreaches.net - 5 April 2020, 1:21 pm

    From the U.S. Department of Health & Human Services Office of Civil Rights FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing 04/02/2020 11:39 AM EDT The Federal Bureau of Investigation (FBI) has released an article on defending against video-teleconferencing (VTC) hijacking (referred to as “Zoom-bombing” when attacks are to the Zoom VTC platform).  Many organizations and individuals are increasingly dependent on VTC platforms, such as Zoom and Microsoft Teams, to stay connected during the Coronavirus Disease 2019 (COVID-19) pandemic. The FBI has released this guidance in response to an increase in reports of VTC hijacking. The Cybersecurity and Infrastructure Security…Read More

  • DataBreaches.net - 5 April 2020, 12:32 am

    Ainsley Harris reports: A few weeks ago, New York City’s 75,000 teachers scrambled to learn how to use videoconferencing services like Zoom as novel coronavirus cases began to rise and schools prepared to close their doors and institute remote learning. Now, the city’s teachers will have to scramble once more, after Department of Education Chancellor Richard Carranza announced late last night that he had decided to ban Zoom, citing security and privacy issues with the platform. Read more on FastCompany. h/t, Joe CadillicRead More

  • DataBreaches.net - 4 April 2020, 12:09 am

    From OCR, this alert: It has come to OCR’s attention that an individual posing as an OCR Investigator has contacted HIPAA covered entities in an attempt to obtain protected health information (PHI).  The individual identifies themselves on the telephone as an OCR investigator, but does not provide an OCR complaint transaction number or any other verifiable information relating to an OCR investigation. HIPAA covered entities and business associates should alert their workforce members, and can take action to verify that someone is an OCR investigator by asking for the investigator’s email address, which will end in @hhs.gov, and asking for a…Read More

  • Dark Reading: Attacks/Breaches - 3 April 2020, 8:00 pm

    A security researcher earned $75,000 for finding a whopping seven zero-days in Safari, three of which can be combined to access the camera.Read More

  • Dark Reading: Attacks/Breaches - 3 April 2020, 3:15 pm

    The FBI expects attackers will target virtual environments as more organizations rely on them as a result of the COVID-19 pandemic.Read More

  • Dark Reading: Attacks/Breaches - 2 April 2020, 10:35 pm

    With COVID-19 concerns running high, attackers are trying new tactics to get to users.Read More

  • Dark Reading: Attacks/Breaches - 2 April 2020, 9:15 pm

    Bots that mimic human behavior are driving a growing percentage of website traffic while contributing to an avalanche of misinformation.Read More

  • Dark Reading: Attacks/Breaches - 2 April 2020, 6:00 pm

    As organizations rush to equip and secure their newly remote workforce, it’s important to keep things methodical and purposefulRead More

  • Dark Reading: Attacks/Breaches - 2 April 2020, 2:00 pm

    MakeFrame, named for its ability to make iframes for skimming payment data, is attributed to Magecart Group 7.Read More

  • Dark Reading: Attacks/Breaches - 2 April 2020, 2:00 pm

    Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.Read More