Category: Data loss

February 2, 2024

Blackbaud, which had data on millions of people stolen from it by one or more crooks, has promised to shore up its IT defenses in a proposed deal with the FTC. In announcing the draft settlement, the US watchdog’s boss […]

February 1, 2024

The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission’s (SEC) strict data breach reporting rule. In a policy statement [PDF] published yesterday by Biden’s Office of Management and Budget (OMB), the […]

January 31, 2024

Direct Trading Technologies, an international fintech company, jeopardized over 300K traders by leaking their sensitive data and trading activity, thereby putting them at risk of an account takeover. On October 27th, the Cybernews research team discovered a misconfigured web server […]

January 30, 2024

Resecurity conducted a thorough scan of the Dark Web and identified over 1,572 compromised customers of RIPE, Asia-Pacific Network Information Centre (APNIC), the African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network Information Center (LACNIC), resulting from […]

January 25, 2024

Cozy Bear (aka Midnight Blizzard, aka APT29) has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise (HPE) have recently disclosed successful attack campaigns by the Russia-affiliated APT group. The Microsoft breach Last Friday, […]

January 24, 2024

For most organizations – especially security vendors – disclosing a corporate email breach, in which executives’ internal messages and attachments were stolen, would noticeably ding their stock prices. But Microsoft apparently doesn’t operate by the laws of Wall Street. Late […]

January 23, 2024

Australia’s government has used the “significant cyber incidents” sanctions regime it introduced in 2021 for the first time, against a Russian named Aleksandr Gennadievich Ermakov whom authorities have deemed responsible for the 2022 attack on health insurer Medibank Private. The […]

January 22, 2024

AerCap, the world’s largest aircraft leasing company, has reported a ransomware infection that occurred earlier this month, but claims it hasn’t yet suffered any financial losses yet and all its systems are under control. In a US Securities and Exchange […]

January 19, 2024

VF Corporation, parent company of clothes and footwear brands including Vans and North Face, says 35.5 million customers were impacted in some way when criminals broke into their systems in December. The announcement was made in a Thursday 8-K/A filing […]

January 11, 2024

The U.S. Securities and Exchange Commission’s (SEC) account on X (formerly Twitter) was briefly compromised on Tuesday, January 9, sending shockwaves through the cryptocurrency market and raising serious questions about the agency’s cybersecurity practices. A fake post announcing the approval […]

January 10, 2024

Fidelity National Financial now says criminals got hold of data belonging to 1.3 million customers after breaking into its IT network in November. The mortgage giant, which has assets totaling $74 billion and is one of the largest providers of […]

January 4, 2024

23andMe users’ godawful password practices were supposedly to blame for the biotech company’s October data disaster, according to its legal reps. Nope, the biotech firm’s infrastructure management was certainly not at fault in any way when 6.9 million users had […]

January 4, 2024

New security research has uncovered that cybercriminals are abusing verification marks on X (formerly known as Twitter) by compromising passwords of verified accounts and either selling them on the dark web or using them for their own scams. Malicious actors […]

January 3, 2024

One of America’s biggest private freight shippers, Estes Express Lines, has told more than 20,000 customers that criminals stole their personal information. “As you may be aware, on October 1, 2023, Estes discovered that an unauthorized threat actor had gained […]

January 2, 2024

The court system of Victoria, Australia, was subject to a suspected ransomware attack in which audiovisual recordings of court hearings may have been accessed. Louise Anderson, CEO at Court Services Victoria (CSV), confirmed this week that a “cybersecurity incident” was […]

December 29, 2023

The Cybernews research team has discovered that the Clash Base Designer Easy Copy app exposed its Firebase database and user-sensitive information. With 100,000 downloads on the Google Play store, the app enables Clash of Clans players to build a custom […]

December 28, 2023

LoanCare suffered a data breach last month, which resulted in the theft of sensitive customer data, the insurance service company has confirmed. Roughly 1.3 million people were affected by the breach, the company further explained, as hackers stole people’s full […]

December 27, 2023

Cinema and media powerhouse National Amusements has confirmed suffering a breach in which hackers stole sensitive information from thousands of users, putting them at risk of identity theft. The conglomerate has filed a report with the Office of the Maine […]

December 19, 2023

Millions of Comcast Xfinity subscribers’ personal data – including potentially their usernames, hashed passwords, contact details, and secret security question-answers – was likely stolen by one or more miscreants exploiting Citrix Bleed in October. The internet, voice, and cable TV […]

December 14, 2023

In a chilling reminder of the vulnerability of critical healthcare infrastructure, Seattle-based Fred Hutchinson Cancer Center (Fred Hutch) fell victim to a sophisticated cyberattack in November 2023. This attack, targeting sensitive patient data and disrupting vital operations, has sent shockwaves […]