A History of Data Breaches and Information Security

Every day data is becoming safer and safer. Technological advancements mean that the files that we share are being sent and received more securely than ever before.

Of course, there are bumps in the road. But each security event leads to more specialised solutions for both businesses and individuals. Here are some of the biggest, most significant, security improvements and data breach stories of the last two decades:


2 million customer personal details have been stolen from video games store CeX - August 2017

Posted on Sep 28, 2017 11:05:14 AM by John Lynch |Leave a comment|

CeX is second-hand gadget and video gaming retailer which operates more than 350 stores in the UK and over 100 abroad. The unauthorised third party had accessed the 2 million online account data, including names, addresses, phone numbers and payment card information of CeX customers.

CeX has contacted potentially affected customers of its online marketplace WeBuy.com, reassuring that the credit card data obtained by hackers is expired and useless, as Cex doesn't store payment card data since 2009.

Cex has advised its users to change the password to the site as a precautionary measure.

Customer data stolen at Cex online games store - BBC
Two million CEX customers' details stolen in cyber attack - The telegraph
Up to 2 MILLION Cex customers are at risk after hackers steal private data from the games store including names, addresses and credit card details – Daily Mail

Defray phishing ransomware targets UK and US healthcare and education industries - August 2017

Posted on Sep 28, 2017 10:55:18 AM by John Lynch |Leave a comment|

Findings of two small and localized phishing attacks of a new ransomware Defray has been revealed by cyber security company Proofpoint on August 24, 2017.  Defray ransomware has spread via email, which contained Microsoft Word executable. In the email, victims were asked to download and open malicious files. The ransomware encrypted all files on the victim's hard drive after it was downloaded and executed.

The ransomware was specifically targeting healthcare and education industry during first attack and manufacturing and technology industry during the second attack. Attackers designed custom phishing emails to these industries, coming with titles such as "patient reports".

The ransomware demanded $5000 to be paid for decryption key in digital currency Bitcoin.

Defray - New Ransomware Targeting Education and Healthcare Verticals - Proofpoint
Defray ransomware attacking education and health-care sectors - TechGenix
Defray ransomware seen targeting education healthcare industry – Threatpost 

Largest Hollywood hack in history, leaking "Game of Thrones" episode, have compromised 1.5 terabytes of data - July 2017

Posted on Sep 28, 2017 8:48:55 AM by John Lynch |Leave a comment|

On 27 July hackers stole 1.5 terabytes of data and leaked on the web a script for the upcoming "Game of Thrones" episode, along with yet-to-be-broadcast episodes of the series "Ballers", "Room 104", "Insecure". Every week one by one un-aired episodes of "Game of Thrones", "Ballers" and "Room 104" and actors' personal information appeared online.

Company CEO Richard Plepler told employees that there was no evidence that the company’s email system was compromised. Later on, HBO had sent a note to the hacker offering $250,000 to participate in the company’s “bug bounty” program, where IT experts get paid for pointing out weaknesses and vulnerabilities, but that appears to have been a delay tactic.

HBO got hacked and some Game of Thrones materials are bubbling up online - The Register
Largest Hollywood hack in history may have compromised HBO confidential documents, emails - CNBC
HBO Conducts Forensic Review to Understand Scope of Hack – U.S.News 
‘Game of Thrones’ Hack Leads to Four Arrests, HBO Partner Says – Bloomberg 

Data of 400,000 Italian UniCredit loan applicants were put at risk by third-party provider - July 2017

Posted on Aug 11, 2017 12:59:34 PM by John Lynch |Leave a comment|

UniCredit blames third-party provider for the data breach which has happened between September and October 2016 and repeated in June-July 2017. Customer passwords and other data which allow unauthorized access to customer accounts remained safe, while some other personal information and IBAN numbers have been exposed. The breach was affected by new IT director.

In the next year, the EU data regulation GDPR (General Data Protection Regulation) comes into force, which means that a data breach can cost the banks up to 4% of their annual revenue.

Details of 400,000 loan applicants spilled in UniCredit bank breach - The Register
Hack on Italy's largest bank affects 400,000 customers - BBC
Hackers Breach 400,000 UniCredit Bank Accounts for Data – Bloomberg 

With $30 you can buy on dark web a Medicare record of any Australian - July 2017

Posted on Aug 11, 2017 12:50:35 PM by John Lynch |Leave a comment|

Since October 2016 it was possible to buy Australians’ personal Medicare details on darknet auction for just 30USD. At least 75 records have been sold on the site. These details were used to produce false Medicare cards with legitimate information which may be possibly used for identity fraud, or to lease or buy property or cars.

The darknet provider told they were exploiting a vulnerability on Medicare website, which means that the records are likely to be accessed in real-time.

Medicare data breach: Alan Tudge admits department unaware darknet vendor selling card details - The Guardian
Medicare details of 'any Australian' sold on the darknet for $30 - CNET
Why the Medicare information leak should be taken seriously – ZDNet 

What is similar and what is different in WannaCry and Petya ransomware? – June 2017

Posted on Aug 11, 2017 10:16:41 AM by John Lynch |Leave a comment|

WannaCry is a true ransomware: when you pay the money you get your data back. Even if you aren’t willing to pay the ransom, your data still can be recovered.

With Petya it’s different - Petya infected computer’s boot sector and file database which made it close to impossible to restore the data. Petya wiper ransomware has a clear intent: to disrupt operations within business and government and destroy the data it has affected, while WannaCry’s intent was to obtain financial gain.

How Similar Are WannaCry And Petya Ransomware? – Forbes 
What’s the difference between WannaCry and Petya ransomware? – Windowsreport
Latest ransomware hackers didn't make Wannacry's mistakes – Wired

Verizon data leak: 6 million customer data records were exposed – June 2017

Posted on Jul 17, 2017 3:47:45 PM by John Lynch |Leave a comment|

An employee of Verizon vendor accidentally allowed public access to the information stored on a cloud server. This information was stored on unprotected Amazon S3 storage server and everyone who had the public link to the cloud could access the data. It contained customer names, phone numbers and even security pins of Verizon customers.

The reason behind data leak was improper security settings, which were set to public instead of private on Amazon web server.

Verizon confirms customer data hacked – The Gazette
Verizon customer information exposed in data breach – Fox Business 
Verizon confirms that personal data of 6 million users has leaked – ABC Action Newsx 

Destructive ransomware Petya: how the global cyber-attack has started – June 2017

Posted on Jul 17, 2017 3:35:26 PM by John Lynch |Leave a comment|

On the eve of Ukrainian Constitution Day, on 27th June 2017, the global ransomware cyber attack Petya has started.

The software update from Ukrainian tax preparation program M.E.Doc was compromised and caused the spread of Petya ransomware.It has affected the National Bank of Ukraine and many private banks, largest airport and metro system. In overall data of 80 companies was encrypted by the latest M.E.Doc software update. M.E.Doc servers were hosted on WNet Internet-provider which has a connection to the Russian (FSB) Federal Security Service.

Russia is mentioned to be the country which stays behind the attack.

'Petya' ransomware attack: what is it and how can it be stopped? – The Guardian
Cyberattack Hits Ukraine Then Spreads InternationallyThe New York Times
The Petya ransomware is starting to look like a cyberattack in disguise –The Verge

Macron leaks: 47,000 tweets in 3,5 hours – May 2017

Posted on Jul 17, 2017 3:05:33 PM by John Lynch |Leave a comment|

Emmanuel Macron presidential campaign documents, including professional and private emails, memos, contracts, accounting documents were posted online in the very final hours of coverage of France's presidential election campaign.

The information about the leak has spread quite quickly because of  Twitter bots which actively retweeted the tweet. Hashtag #MacronLeaks reached 47,000 tweets in three and a half hours after it was first used.

Macron Hacking Attack: What We Know and Don’t Know – The New York Times
Campaign leaks and the far-right: Who influenced #Macronleaks on Twitter? – LSE

77 million Endomondo user credentials published on dark web for $1000 – May 2017

Posted on Jul 17, 2017 2:59:38 PM by John Lynch |Leave a comment|

Well-known education platform Endomondo became a victim of a cyber-attack that has targeted the almost all user accounts of the platform.

A hacker has published on darknet site Hansa 77 million user credentials, including email addresses, usernames and hashed passwords. The stolen passwords were hashed with a resilient bcrypt algorithm, which is a string of random characters. This means it will be quite troublesome for hackers which have stolen user accounts to obtain the real unhashed passwords.

Hacker Steals Millions of User Account Details from Education Platform Edmodo – Motherboard 
77 Million Edmodo Users Are Hacked as Widespread Cyberattacks Hit the Ed Tech World – The 74 Media

Healthcare sector of 150 countries affected with Wanna Cry ransomware attack – May 2017

Posted on May 26, 2017 2:27:26 PM by John Lynch |Leave a comment|

Too early to jump to conclusions, but the fact remains -  obsolete medical programs and computers with old operating systems are hardly prepared to cope with the new group of criminals willing to obtain patients' medical records, credit card information and personal data. Wanna Cry ransomware attack has shattered U.K.'s National Health Service (NHS) and affected hundreds of thousands of devices all over the world.

Wanna Cry is said to affect computers in 150 countries with ransomware that is combined with a worm which enabled it to spread so quickly. It is reported 200,000 users were impacted by WannaCry -  one of the most widespread cyber attacks in history.

5 Groups to Blame for the Ransomware Attacks – Fortune
WannaCry Ransomware Attack Summary – Norton Rose Fulbright
Combatting the Massive Wave of WannaCry Ransomware – Hogan Lovells

2 million poorly secured user accounts leaked quietly – April 2017

Posted on May 26, 2017 2:05:28 PM by John Lynch |Leave a comment|

User account credentials of more than 2 million users of social networking game Fashion Fantasy Game have been compromised in a quiet data theft one year ago. Data breach went quiet because Fashion Fantasy Game still hasn’t acknowledged the fact of emails and passwords were exposed on the web, regardless of numerous requests to comment.

Despite the breach has happened a year ago, the Fashion Fantasy Game’s website remains vulnerable to simple SQL injections and is encrypted with old and easily-breakable hash algorithm.

Millions of game accounts exposed in data breach, responsibility thrown to the wind – ZDNet
Fashion website hacked, millions of accounts stolen – Teiss

Card data theft at 37 Shoney’s restaurants in the US – April 2017

Posted on May 26, 2017 1:59:58 PM by John Lynch |Leave a comment|

Shoney’s restaurants were affected between 27th December and 6th March by a remotely installed malware on payment terminals. The software has stolen the information about credit and debit cards which went through affected devices.  The data theft has compromised 37 Shoney’s restaurants across the US.

Not only Shoney’s restaurants were attacked in the first quarter of 2017, but other restaurant chains as well, such as Wendy’s, CiCi’s, Arby’s. What is more,12 properties of InterContinental Hotels Group (IHG) is reported to be compromised by card data breach in February.

Shoney's Hit By Credit-Card Breach – InfoSecurity
Cybercriminals Steal Card Data From Shoney's Restaurants – Security Week

Up to 100,000 People’s Data Exposed in FAFSA Data Breach – March 2017

Posted on Apr 18, 2017 3:40:22 PM by John Lynch |Leave a comment|

The IRS has revealed that its Data Retrieval Tool, used on fafsa.giv and studentloans.gov, has been hacked and details may have been used to file fraudulent tax returns. There’s no exact number yet, however estimates show this could affect up to 100,000 who have used the tool recently.

The IRS is sending letters to those who have been affected and 35,000 people have been contacted to date.

However, this is not the IRS’ only cybersecurity issue. It has been revealed that there are flaws with its Identity Protection Personal Identification Number (IP PIN) Program – which the IRS watchdog recommended be shut down after a security breach in May 2015.

IRS Failed to Deactivate IP PIN Program After Data Breach – Accounting Web
Data breach of IRS student financial aid tool may have affected 100,000 taxpayers– Accounting Today
FAFSA Data Breach Exposes up to 100,000 People to Tax Fraud– Student Loan Hero


245,000 UK Customers Are Affected in Wonga Data Breach – March 2017

Posted on Apr 18, 2017 3:29:21 PM by John Lynch |Leave a comment|

Wonga has announced it is ‘urgently investigating illegal and unauthorised access to the personal data of some of its customers’.
In fact, it has suffered one of the biggest data breaches in the UK involving financial information and has seen 245,000 customers’ details compromised. This may include names, addresses, phone numbers, bank account numbers, sort codes, as well as the last four digits of customers’ bank cards.

Wonga says it is still working on establishing further information, but has begun contacting borrowers and has set up a dedicated phone line for queries (0800 3166 745) in the meantime.

Payday lender Womga admits to data breach– The Register
Wonga data breach ‘affects 245,000 UK customers’– BBC News

850 Personal Records Stolen From Singapore Defence Ministry – February 2017

Posted on Mar 8, 2017 9:21:08 AM by John Lynch |Leave a comment|

The Singapore Ministry of Defence was ‘targeted’ in a ‘carefully planned’ cyberattack that has resulted in records related to 850 Singaporean national servicemen being stolen.

Access was restricted to a sole system that provides internet use to its service members, therefore the Singapore Ministry of Defence has reported that no classified information was stolen, but NRIC numbers, contact details and date of births were compromised.

An investigation is ongoing, however all affected individuals have been notified.

Singapore Defence Ministry Suffers Data Breach Affecting 850 Users– ZDNet
Singapore Ministry of Defence Breached in Cyber Attack, Personal Data of 850 Servicemen and Staff Stolen– Yahoo News

Yahoo’s Value Decreases $350 Million After Data Breaches – February 2017

Posted on Mar 8, 2017 9:17:15 AM by John Lynch |Leave a comment|

In 2016, Yahoo fell victim to not one but two large data breaches which saw a combined 1,500,000,000 accounts affected in some capacity. This security flaw has adversely affected its acquisition deal with Verizon which has now confirmed new terms for the sale of Yahoo.

Yahoo is now being sold for $4.48billion - $350million less than the original price.

Marni Walden, Verizon’s Executive Vice President of New Business, said in a statement:

“We have always believed this acquisition makes strategic sense. We look forward to moving ahead expeditiously so that we can quickly welcome Yahoo’s tremendous talent and assets into our expanding portfolio in the digital advertising space,”

“The amended terms of the agreement provide a fair and favorable outcome for shareholders. It provides protections for both sides and delivers a clear path to close the transaction in the second quarter.”

Yahoo Takes $350 Million Hit in Verizon Deal– Data Breach Today
After Data Breaches, Verizon Knocks $350m Off Yahoo Sale, Now Valued at $4.48B - TechCrunch


Smart Teddy Bears, CloudPets, Suffer Data Breach – February 2017

Posted on Mar 8, 2017 9:14:46 AM by John Lynch |Leave a comment|

A Cybersecurity researcher has reported that more than 2million voice messages that were recorded on smart cuddly toys, CloudPets, had been discovered online in an open database.

The toys’ manufacturer, Spiral Toys, was notified and it ‘took immediate and swift action’. In a statement the company said:
"When we were informed of the potential security breach we carried out an internal investigation and immediately invalidated all current customer passwords to ensure that no information could be accessed.

"To our best knowledge, we cannot detect any breach on our message and image data, as all data leaked was password encrypted."

Smart Teddy Bears Involved in a Contentious Data Breach– CIO
Children’s Messages in CloudPets Data Breach – BBC News


HIPAA Breach Suit Settled by Presence Health for $475,000 – January 2017

Posted on Feb 7, 2017 3:37:01 PM by John Lynch |Leave a comment|

After a data breach and a delayed breach notification process, healthcare network Presence Health was taken to court. The organisation has now agreed to a $475,000 Office for Civil Rights (OCR) HIPAA settlement.

In October 2013, the healthcare network realised paper-based operating room schedules relating to 836 individuals had gone missing from one of its surgeries. These documents contained protected health information and as the breach notification report was submitted to OCR in January 2014, the company was seen to have failed to notify OCR without unreasonable delay.

Presence Health Settles HIPAA Breach Suit for $475,000 – Healthcare IT News
Breach Notification Center of Presence Health HIPAA Settlement – Health IT Security

Two Companies Fined $10,000 for Data Breach in Singapore – January 2017

Posted on Feb 7, 2017 3:35:06 PM by John Lynch |Leave a comment|

Two companies in Singapore – JP Pepperdine Group and Propnex Realty – have been fined $10,000 each by the Personal Data Protection Commission (PDPC). The companies failed to secure their customers’ personal details and suffered from data breaches.

In October 2015, it was discovered that personal data belonging to JP Pepperdine Group’s membership programme were available for all to see online. This could be done by simply clicking the site’s search button without entering any criteria.

Propnex Realty was fined as the personal data of 1,765 individuals on the organisations ‘Do Not Call’ list was made accessible in a PDF during the summer of 2015. Information such as names, phone numbers, addresses and email addresses were all available.

2 Companies Fined S$10,000 Each for Breaching Data Protection Rules– Channel News Asia
PropNex Fined $10,000 for Data Breach – The Straits Times

Kaspersky Cybersecurity Expert Arrested in Russia – January 2017

Posted on Feb 7, 2017 3:32:43 PM by John Lynch |Leave a comment|

Ruslan Stoyanov, a researcher for anti-virus company Kaspersky Lab in Russia, was arrested in December.

It has now been reported that Stoyanov has been taken into custody as part of an investigation into payments he is alleged to have received from foreign firms. As part of his role at the firm, Stoyanov was responsible for looking into hack attacks and breaches at Russian companies, however Kaspersky has released a statement which states his arrest has nothing to do with his work at their organisation.

The company has said ‘we do not possess details of the investigation’, however a Russian newspaper has linked Stoyanov to a probe into a senior official at Russia’s FSB intelligence service.

Report: Russia Arrests Cybersecurity Official– Data Breach Today
Kaspersky Security Researcher Arrested in Russia– BBC News


55,000 Passwords Reset After LinkedIn’s Lynda.com is Breached - December 2016

Posted on Jan 9, 2017 2:37:29 PM by John Lynch |Leave a comment|

The online learning site Lynda.com has disclosed that it suffered a data breach and passwords of 55,000 customer accounts will be reset as a security measure.

A database of 9.5m accounts was accessed by cybercriminals and data such as names and email addresses were seen. The 55,000 passwords were found here in cryptographically salted hashed form.

To date, there is no evidence that this data has been made publically available.

LinkedIn’s Lynda.com Resets 55,000 Passwords After Data Breach – Fortune
LinkedIn’s Lynda.com Suffers Database Breach - ZDNet

Russian Gang Steal $3M a Day With Masterminded Ad Fraud Plan - December 2016

Posted on Jan 9, 2017 2:34:33 PM by John Lynch |Leave a comment|

It was reported at the end of December 2016 that an expansive botnet has been netting a Russian cybercriminal gang millions of pounds a day by generating fake views of online video advertisements.

This botnet has been described as "the largest and most profitable ad fraud operation to strike digital advertising to date." Up to 300m fake views were given each day and more than 6,000 publishers were affected by fake websites that were designed to look like the real deal.

Russian Gang Netted $3M Daily via Video Ad Fraud – Data Breach Today
Russian Scam Swipes Millions Per Day from Top Video Advertisers– Fortune


Details of 400,000 Health Plan Members Exposed in Record Breach – December 2016

Posted on Jan 9, 2017 2:31:59 PM by John Lynch |Leave a comment|

A medical non-profit in the US was sending 381,534 letters out the week of Christmas after the Washington based organisation suffered a breach. Community Health Plan of Washington has reported that personal data belonging to past and present members was exposed, including social security numbers, dates of births, addresses and health claims information.

There is no evidence of the impact the breach may have had yet, however Community Health Plan of Washington is informing all that may have been affected and is notifying them of the steps that should be taken to prevent further damage.

Read more:
Data Breach Exposes Info for 400,000 Community Health Plan Members – The Seattle Times
Community Health Plan of Washington Announces 400,000-Record Data Breach –HIPAA Journal


Tesco Bank Recovering After Security Breach - November 2016

Posted on Nov 30, 2016 3:14:04 PM by John Lynch |Leave a comment|

On a number of dark web forums, posts have been found boasting of an attack on Tesco Bank which has reportedly resulted in a £2.5million loss for around 9,000 customers.

The bank has refused to give details while a criminal investigation is underway, but has announced that its services are now fully-restored after a temporary suspension of online transactions earlier in the month.

Tesco Bank Service Fully Restored after Security Breach – Pay Before
Dark web hackers boast of Tesco Bank thefts– BBC News

Mobile Network 3 Criticised for Data Breach Cover-Up - November 2016

Posted on Nov 30, 2016 3:12:10 PM by John Lynch |Leave a comment|

The Telegraph recently revealed that thousands of 3 users had their personal data accessed and the UK network had failed to inform its customers.

The company has now admitted the attack on data regarding those eligible for a contract upgrade and its negligence in failing to inform those targeted. However, very little information about the attack has been revealed, apart from the fact it affected 133,827 people. Security has been increased for these accounts.

Three Mobile under fire for failing to alert customers to data breach – The Telegraph
Three mobile data breach: Company confirms data from 133,827 accounts could have been accessed - ZDNet


Madison Square Garden Customers Fall Victim to Breach - November 2016

Posted on Nov 30, 2016 3:08:49 PM by John Lynch |Leave a comment|

The Madison Square Garden Company that owns and operates the eponymous area of New York has revealed that customers who have made purchases in the area may have become victims of a data breach. Credit and debit card details were stolen during a year-long period at some of its busiest concession stands, however the cause of the breach has now been resolved.

Anyone who purchased food, drink or merchandise here between November 9th 2015 and October 24th 2016 may have been affected. The total number of those targeted is unknown.

Madison Square Garden Discloses Data Breach – Fortune
Madison Square Garden reveals year-long credit, debit card data breach – Daily News

280 UK Firms’ Staff Details at Risk After Sage Breach - October 2016

Posted on Nov 1, 2016 10:31:58 AM by John Lynch |Leave a comment|

Sage has reported that an internal login has been used to gain unauthorised access and potentially compromise the details of staff belonging to more than 280 UK firms.

A Sage spokesperson said: "We are investigating unauthorised access to customer information using an internal login."
"We cannot comment further whilst we work with the authorities to investigate - but our customers remain our first priority and we are speaking directly with those affected."

Read more:

Sage software firm hit by data breach – BBC News
Data on staff at 280 UK firms may be at risk after Sage breach– The Guardian

Botnet Responsible for Breaking the Internet - October 2016

Posted on Nov 1, 2016 10:29:16 AM by John Lynch |Leave a comment|

On October 21st, a large-scale DDoS attack broke the internet. It has now been revealed that this is partially due to botnets using Mirai malware that was targeted at Dyn Inc - the traffic managing site for Twitter, Netflix and many other major sites.
The attack came in two waves: one focused on the east coast of the US and the second internationally.

The internet was back up and running in just a few hours, however this attack shows the sheer strength of these kind of attacks.

Read more:

Source code of Mirai botnet responsible for Krebs On Security DDoS released online – ZDNet
Criminal botnets responsible for breaking the Internet last Friday – Android Authority

Millions of Indian Debit Cards Breached - October 2016

Posted on Nov 1, 2016 10:26:24 AM by John Lynch |Leave a comment|

It has been reported that the security of around 3.2million debit cards in India may have been compromised. Customers are being encouraged to change their security codes by their banks, as well as to block and replace cards where possible.

Malware from an ATM network is said to be behind the breach and many card holders have already come forward to report large volumes of money missing from their accounts.

Read more:

Millions of Indian debit cards ‘compromised’ in security breach- BBC News
Everything we know about the great Indian debit card hacking– Quartz

US Medical Software Company Suffer Data Leak - September 2016

Posted on Nov 1, 2016 10:23:39 AM by John Lynch |Leave a comment|

US medical software company EMR4all. Inc. began shutting down its operations back in summer 2016, but the company went out with a bang as it was later revealed that it had been the victim of a data leak which could impact 30 clinics and tens of thousands of patients.
A MacKeeper researcher contacted DataBreaches.net to report a leaky bucket he had found on Amazon S3 where 61GB of data and 260,000 unencrypted files were stored. Within a week the firm made a statement:

‘We have also notified all our customers and former customers of this unfortunate situation involving our Amazon Web Service S3 account and are working with them to provide information to their patients’

Read more:

Dozens of clinics, thousands of patients impacted by third-party data leak – Office of Inadequate Security

Android News and Reviews Site MoDaCo Suffers Data Breach - September 2016

Posted on Nov 1, 2016 10:20:49 AM by John Lynch |Leave a comment|

MoDaCo founder Paul O’Brien has confirmed the company had suffered a security breach which resulted in email addresses, IP addresses, passwords and usernames of up to 875,000 accounts put online. This is rumoured to have happened in January 2016 as the result of a compromised admin account.

Read more:

Android community MoDaCo suffers data breach, user database stolen – Graham Cluley
Mobile review website MoDaCo coughs to data breach – The Register

Yahoo Reveals Data Associated with 500million+ People Has Been Stolen - September 2016

Posted on Nov 1, 2016 10:18:52 AM by John Lynch |Leave a comment|

It has been revealed that Yahoo may have been the victim of one of the biggest cybersecurity breaches ever. Yahoo has said that data “associated with at least 500 million user accounts” was stolen in late 2014 and that the company believes a “state-sponsored actor” was behind the hack.

Information such as names, email addresses, dates of birth and passwords may have been compromised. Users are urged to change their passwords and security questions.

Read more:

Yahoo says 500 million accounts stolen – CNN Money
Yahoo ‘state’ hackers stole data from 500 million users – BBC News
Rumor Mill: Yahoo Breach Affected Hundreds of Millions– Data Breach Today

Outwear Brand Eddie Bauer Suffers Credit Card Breach – August 2016

Posted on Oct 7, 2016 1:58:40 PM by John Lynch |Leave a comment|

Outwear retailer Eddie Bauer has said that it has detected and removed malware from registers at around 350 stores across the US and Canada. It has also warned customers that they have reason to believe that credit or debit cards used at these stores between January 2nd and July 17th 2016 ‘may have been compromised’. However, online purchases should not be affected.

Anyone who believes they may have been affected by the breach is encouraged to visit this website for more information.

Read more:

Eddie Bauer stores hit with credit card breach – CNN Money
Malware Infected All Eddie Bauer Stores in U.S., Canada– Krebs on Security

Internal Data Breach at Sage Due to ‘Unauthorised Access’ – August 2016

Posted on Oct 7, 2016 1:57:29 PM by John Lynch |Leave a comment|

An employee at UK technology firm Sage has been arrested in conjunction with an investigation of a recent data breach at the firm which is believed to have affected between 200 and 300 of its customers.

A few days prior, Sage reported it had suffered ‘unauthorised access’ of its computer system that compromised some of its data. Sage has informed all businesses that may have been impacted by the data breach.

After the breach, Sage shares fell by 4%, however these have now recovered.

Read more:

Sage software firm hit by data breach– BBC News
Sage employee arrested at Heathrow airport for 'insider threat' data breach– International Business Times

Oracle’s MICROS Point of Sale Division Breached – August 2016

Posted on Oct 7, 2016 1:55:14 PM by John Lynch |Leave a comment|

Hundreds of computer systems at Oracle Corp headquarters have been breached, including a customer support portal that uses point of sale credit card payment systems. It is rumoured to be the work of a Russian organised cybercrime group that is known for hacking into banks.

Oracle has admitted to detecting and rectifying ‘malicious code’ and has asked all MICROS users to reset their passwords as a precaution.

Read more:

Data Breach At Oracle’s MICROS Point-of-Sale Division – Krebs on Security

O2 Customer Data is Compromised and Sold to Highest Bidder - July 2016

Posted on Aug 9, 2016 3:23:33 PM by John Lynch |Leave a comment|

It was revealed at the end of July that O2 customer data was being sold by cyber-criminals on the dark web. This is likely to have been possibly as a result of the hack on gaming site XSplit three years ago, where usernames and passwords were stolen. Matching login details could be used to access O2 information using credential stuffing.

The lapse has been reported to the police and an inquiry is ongoing, however users’ phone numbers, emails, passwords and dates of birth may have been compromised.

Read more:

O2 Customer Data Sold on Dark Net – BBC News

Russia Rumoured to be Behind Springtime D.N.C. Security Breach - July 2016

Posted on Aug 9, 2016 3:21:19 PM by John Lynch |Leave a comment|

Russia and the USA have a long and complicated relationship, and this extends to the internet too. The USA has long suspected Russia to be behind a number of cyber-attacks, however, until now, proof has been virtually unfound.

After the Democratic National Committee data network was compromised in spring 2016, a string of evidence has appeared implicating the Russian government. Russia’s military intelligence agency, the G.R.U. is suspected after the names ‘Fancy Bear’ and ‘Cozy Bear’ were found – known to have links with the F.S.B., a successor of the K.G.B.

Read more:

Why Security Experts Think Russia Was Behind the D.N.C. BreachThe New York Times

US Democratic Party Attacked During Party Leadership Race - July 2016

Posted on Aug 9, 2016 3:19:06 PM by John Lynch |Leave a comment|

A recent cyber-attack by a lone hacker has proven the impact one person can have on a country. The hacker, known as Guccifer 2.0, conducted a damaging attack on the US Democratic Party, which saw gigabytes of files stolen – many of which contained emails and documents holding sensitive information.

What little evidence has been found shows that Guccifer 2.0 has links with Russia and rumours state he is from Romania, but this has not yet been confirmed.

Read more:

Democrat Hack: Who is Guccifer 2.0? – BBC News

US Democratic National Committee is Hacked – Twice! – June 2016

Posted on Jul 5, 2016 10:04:35 AM by John Lynch |Leave a comment|

Security firm Crowdstrike has revealed that two Russian groups of hackers have hacked the Democratic National Committee and accessed the campaign organisation’s emails and chats. It is also believed that research on Republican presidential front-runner Donald Trump was stolen.

The government-aligned hackers, Cozy Bear and Fancy Bear, seem to have worked independently to breach the system within the last year to find the research files kept on Trump. This could have been done using spear phishing emails or a clickjacking campaign.

The network is now secure.

Read more:

Hack Brief: Russia’s Breach of the DNC is About More Than Trump’s Dirt - Wired

Report: Russia’s ‘Best’ Hackers Access DNC’s Trump Research

Past Attack on Acer Revealed – June 2016

Posted on Jul 5, 2016 10:03:02 AM by John Lynch |Leave a comment|

Last month it was revealed that computer manufacturer Acer had a data breach of its US ecommerce site last year. Acer is yet to reveal how many people have been affected, but this could affect anyone who has purchased from the site in the last year or so.

Names, mailing information and credit details may have been exposed, however there is no evidence that usernames or passwords have been stolen. Acer is encouraging customers to review their account statements for anomalies just in case.

Read more:

Data breach at Acer’s U.S. website exposes names, mailing addresses, and credit cards – Yahoo Tech

32 Million Twitter Passwords Possibly Hacked – June 2016

Posted on Jul 5, 2016 10:01:02 AM by John Lynch |Leave a comment|

If recent reports are correct, the login details of more than 32 million Twitter users are now being sold on the dark web for 10 bitcoins ($5,800). Usernames, email addresses and plain-text passwords could all be available.

LeakedSource, a data breach indexer, has received a copy of the file from Tessa88, the same online user who hacked data from Russian social media network VK a few weeks ago. However, Twitter strongly denies that this information was obtained through a data breach. It is therefore most likely that the personal logins were attained through the use of malware.

Social media users are encouraged to change their passwords for all of their accounts, across all platforms, to ensure security.

Read more:

Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked – The Hacker News

Passwords for 32M Twitter accounts may have been hacked and leaked - TechCrunch

18F Claim Slack Configuration Mistake Not a Data Breach – May 2016

Posted on Jun 10, 2016 2:39:40 PM by John Lynch |Leave a comment|

A recent report has claimed that a configuration of the communications application, Slack, by federal tech team 18F was a data breach, something that the organisation denies.

A setting was accidentally-enabled and left on for 5 months. This error added links from Slack’s searchable database to Google Docs, something that may have exposed more than 100 Google Drive accounts holding personal and contractors’ information.

Read more:

18F: Slack Incident Wasn’t A ‘Data Breach' - Nextgov

LinkedIn Massively Underestimated the Impact of its 2012 Data Breach – May 2016

Posted on Jun 10, 2016 2:30:44 PM by John Lynch |Leave a comment|

In 2012, hackers stole the user names and password of millions of LinkedIn users, which prompted a $1million (£690,000) investigation that determined 6.5million people were affected.

However, 4 years on, it has now been revealed that the social media company believes the breach could have affected more than 150million users, whose passwords may have been insecure ever since. It is alleged that 167million accounts were advertised for sale on the dark web for just 5 bitcoins (£1,865).

Users are being encouraged to change their passwords as the issue is investigated further.

Read more:

Observations and thoughts on the LinkedIn data breach – Troy Hunt

LinkedIn 2012 Data Breach May Have Hit Over 100 Million – The Wall Street Journal

Online Babycare Retailer Admits Customer Data Breach – May 2016

Posted on Jun 10, 2016 2:28:25 PM by John Lynch |Leave a comment|

Online store Kiddicare has informed its customers that some of their personal data has been stolen by hackers. The names, addresses and contact details have been compromised, however payment details have not been penetrated.

The cause of the issue has been addressed and security has been increased to prevent repeat problems. All passwords, despite being encrypted, have been reset as a safety precaution.

Read more:

Babycare e-tailer Kiddicare admits customer data breach – The Register

15,000 British Parents-to-Be Have Personal Information Compromised – April 2016

Posted on May 11, 2016 9:54:18 AM by John Lynch |Leave a comment|

Hackers have targeted the National Childbirth Trust (NCT) and exposed the usernames, email addresses and encrypted passwords of 15,000 expectant parents in the UK.

Everyone involved has been informed and told to change their login details, and the Information Commissioner has been contacted.

Read more:

A Data Breach in London Left 15,000 New and Expectant Parent’s Info Compromised – Digital Trends

IT Security Stocks Soar as Big Data Breaches Boom – April 2016

Posted on May 11, 2016 9:53:38 AM by John Lynch |Leave a comment|

According to the BVP Cyber index almost half of businesses, whose primary business is cybersecurity, are valued at over $1billion. The index has tracked capital-weighted performances of 29 public companies since January 1st 2011 and found that the public IT security sector has considerably outperformed the stock market. In fact it made five times the amount of money after seven big data security breaches were made public.

Read more:

Huge data breaches have been good for security stocks - CNBC

Voting Data of 55million Filipinos Found Uploaded to Website – April 2016

Posted on May 11, 2016 9:47:32 AM by John Lynch |Leave a comment|

Back in April 2016, the Filipino government became the victim of what has been deemed ‘the biggest data breach in government history’ when private data of 55million people was stolen. A website has now come forward and claims it has the whole database hosted online.

Wehaveyourdata.com has given direct instructions to the Philippines’ Commission on Elections (Comelec) of how to find the missing data, yet we are yet to hear if any of this data is legitimate.

Read more:

Massive Philippines data breach now searchable online - Wired

93.4million Mexican Voters’ Personal Information Uploaded to Amazon – April 2016

Posted on May 11, 2016 9:43:29 AM by John Lynch |Leave a comment|

A MacKeeper Security Researcher has found a 132GB data breach which reveals the private voting registration details of 93,424,710 Mexican citizens. This appears to be a result of a misconfigured MongoDB database and provides information such as dates of birth, addresses and unique voting credential codes.

The State Department Office of Mexican Affairs has been notified.

Read more:

Personal info of 93.4 million Mexicans exposed on Amazon – Databreaches

Stolen Laptop with 206,000 Patients’ Details Has Been Returned – March 2016

Posted on Apr 12, 2016 2:53:39 PM by John Lynch |Leave a comment|

A laptop that had been stolen from US medical practice Premier in January has been returned to its owner by mail more than 2 months after its theft. The laptop had contained the details of 206,000 patients and was not encrypted, however was password protected.

On forensic analysis, it was found that the laptop had not been used since the date it went missing and therefore there was no breach.

Read more:

Happy Ending in Laptop Breach Case – Data Breach Today

Iranian Government Suspected of Being Behind Attacks on US Banks – March 2016

Posted on Apr 12, 2016 2:52:12 PM by John Lynch |Leave a comment|

7 Iranian individuals have been indicted of attacks against US banks, allegedly on behalf of the Iranian government and a branch of its armed forces. Distribution denial-of-service attacks were launched against numerous banks, as well as an attempted takeover of Bowman Dam, New York.

Read more:

7 Iranians Indicted for DDoS Attacks Against U.S. Banks – Data Breach Today

Anti-DDoS Company Leak Customer Data Through Hack – March 2016

Posted on Apr 12, 2016 2:50:22 PM by John Lynch |Leave a comment|

Californian hosting provider Staminus Communications experienced a data breach in March 2016, which saw personal information and credit card details become vulnerable. Hackers distributed access to the Staminus website for more than 20 hours and many found it still inaccessible four days later.

A representative said, “A rare event cascaded across multiple routers in a system-wide event, making our backbone unavailable.”

Read more:

Anti-DDoS Firm Staminus HACKED! Customers Data Leaked – The Hacker News

Hackers Attack DDoS Defense Hosting Firm – Data Breach Today

Verizon Confirms Hack of Business Customer Data – March 2016

Posted on Apr 12, 2016 2:47:53 PM by John Lynch |Leave a comment|

Verizon confirmed this month that it had been hacked and cybercriminals had placed 1.5 million business customers’ data up for sale online. Ironically, it was stolen from a unit which is tasked with responding to large-scale data breaches.

Verizon has been informed and has contacted its affected clients who may now be at an increased risk of phishing scams.

Read more:

Verizon Confirms Breach Affecting Business Customers – Data Breach Today

Hackers steal data on Verizon enterprise customers, put it up for sale online – The Verge  

uKnowKids Data Breach Updates and Defence Response - February 2016

Posted on Mar 2, 2016 1:40:41 PM by John Lynch |Leave a comment|

After a misconfiguration on December 29th 2015, uKnowKids, which monitors children’s online activity, was found to have one of its databases exposed leaving the personal messages, images and social activity of more than 1,700 children visible for nearly 2 months. Besides user activity, more private information, such as full names, email addresses and dates of birth were also left open.

Since then, uKnowKids has now admitted a problem with its proprietary IP too, but has retaliated stating that the reason this issue was found was due to hacking. The individual who exposed the breach has claimed he was acting in the public interest.

Read more:

uKnowKids defends response to data breach alert – The BBC
Child tracker outfit uKnowKids admits breach, kicks off row with security researcher – The Register
uKnowKids updates its breach report and answers a question I posed – Data Breaches, Office of Inadequate Security

Chinese Version of Google, Baidu, Caught Leaking User Data - February 2016

Posted on Mar 2, 2016 1:34:00 PM by John Lynch |Leave a comment|

According to recent reports, hundreds of millions of Android mobile users in China and further afield have downloaded apps that send unencrypted and easily intercepted private data. Personal user data such as precise locations, browsing and search histories, were all sent unprotected to Baidu’s Chinese servers and therefore could be captured by anyone who knew where to look.

Read more:

Thousands of Baidu apps collected and leaked personal information, report finds – The Independent

Browser made by China’s top search engine leaks almost everything – The Register

Fitbit User Accounts Compromised – January 2016

Posted on Feb 4, 2016 9:49:00 AM by John Lynch |Leave a comment|

According to reports by Buzzfeed, individual account passwords were obtained and details were changed on entry to prevent the ‘real’ owners accessing them. Hackers then requested new devices claiming the ones linked to the account were faulty.

Read more:

What does Fitbit hacking mean for wearables and IoT?

Fitbit Hack: What Are the Lessons?

191m US Voters’ Personal Info Exposed – January 2016

Posted on Feb 4, 2016 9:48:00 AM by John Lynch |Leave a comment|

A misconfigured database has resulted in the personal details of 191 million US voters becoming exposed. Information including names, addresses, date of births and unique voter IDs were all sat in the public domain for all to see, however no one is claiming responsibility for the error.

Read more:

191 Million U.S. Voter Registration Records Exposed?

191 Million US Voter Registration Records Leaked In Mystery Database

191 Million US Voters' Personal Info Exposed by Misconfigured Database

13m Customer Details Leaked From MacKeeper – December 2015

Posted on Jan 5, 2016 3:53:00 PM by John Lynch |Leave a comment|

A security researcher, Chris Vickery, said that he was able to access 13m pieces of ‘sensitive’ information from the application MacKeeper. Vickery posted his findings on Reddit after being unable to contact anyone at Kromtech.

Read more:

MacKeeper: 13m Customers’ Details Exposed – Data Breach Today

VTech Hack Exposes 700,000 Child Profiles – December 2015

Posted on Jan 5, 2016 3:51:27 PM by John Lynch |Leave a comment|

A man was arrested after 1.4m customer profiles for the toy company VTech were stolen by hackers. Names, addresses, passwords and date of birth information were all taken. VTech also didn’t confirm whether the hack had compromised ‘selfies’ and audio tracks created by the children.

Read more:

VTech Hack Arrest over Leak – Wired
Why ‘Smart’ Devices May Not be Secure – Data Breach Today

Hello Kitty Exposes Details of 3.3m Fans – December 2015

Posted on Jan 5, 2016 3:47:14 PM by John Lynch |Leave a comment|

Information about Hello Kitty’s 3.3m online fans – from names, addresses and accounts to password hashes – was leaked on its website over a one-month period. Sanrio, the company that owns Hello Kitty, said that the loophole is now closed and that no information had been stolen.

Read more:

Hello Kitty Security Breach ‘Corrected’ – Wired
3.3m Hello Kitty Fans’ Details Exposed – Business Insider

Amazon Tells Users to Reset Passwords After Security Threat – November 2015

Posted on Dec 7, 2015 2:49:44 PM by John Lynch |Leave a comment|

Amazon sent emails to some of its users after rumours of a possible security threat. Bosses at the firm stressed that this was a precautionary measure and that all of the users who may be affected were alerted.

Amazon Forces Password Resets – Security Week
Amazong Data Breach Rumours Spread as Passwords Reset – Naked Security

Second Security Vulnerability Found in Dell Computers – November 2015

Posted on Dec 7, 2015 2:47:19 PM by John Lynch |Leave a comment|

A Reddit user has uncovered a vulnerability in recent-model Dell laptops from its System Detect Tool, which leaves it open to attack from outsiders. The vulnerability was the second found at Dell in a week.

Read more:
Sloppy Security Software exposes Dell Laptops to Hackers – Laptop Mag
There is a Second Major Security Flaw in Dell Computers – Business Insider 

Starwood Hotels Confirms Malware Intrusion – November 2015

Posted on Dec 7, 2015 2:37:18 PM by John Lynch |Leave a comment|

The US Hotel firm Starwood has said that a malware intrusion has occurred on its POS systems across its locations. The breach was announced just days after being bought by Marriott International.

Starwood Hotels Warns of Credit Card Breach – KrebsOnSecurity
Banks: Starwood Breach Not Isolated – Data Breach Today

Hilton Suffers a Security Breach – November 2015

Posted on Dec 7, 2015 2:34:37 PM by John Lynch |Leave a comment|

Two months after investigating whether hackers had targeted its payment card terminals, Hilton has confirmed that hackers have twice broken into its computer systems. The hotel chain didn’t specify how many customers have been affected.

Hilton the Latest Hotel to Confirm a Data Breach – Fortune

JP Morgan Cyber Attack Linked to Dozens of Others – November 2015

Posted on Dec 7, 2015 2:31:56 PM by John Lynch |Leave a comment|

Three men were indicted for their part in a global criminal network that hacked at least 12 financial institutions between 2012 and 2015 and stolen personal information of 100m customers. Federal prosecutors called the scheme “the largest theft of customer data from a US Financial Institution.”

Read more:

Charges Announced in JP Morgan Hack – Data Breach Today
JP Morgan’s Hack Tied to Largest Cyber Breach Ever – Bloomberg

CIA Director’s AOL Account Hacked by Students – October 2015

Posted on Nov 16, 2015 2:00:03 PM by John Lynch |Leave a comment|

A hacker posed as a Verizon worker and obtained personal information about the CIA Director, John Brennan, and accessed his personal email account. There is no indication that any classified information was stolen.

Read more:

Everything You Need to Know About the CIA Director Hack - Fortune

Teen Tells How He Hacked into John Brennan’s Email – Wired

U.S Postal Workers Still Failing Security Tests – October 2015

Posted on Nov 16, 2015 1:58:45 PM by John Lynch |Leave a comment|

A report by the US Inspector General found that United States Postal Service workers are still clicking on false links in phishing messages. A further 93% failed to report phishing messages to the company’s Computer Incident Response Team.

Read more:

USPS Workers Vulnerable to Phishing Scams – Data Breach Today

4m Customers’ Details Compromised After TalkTalk Hack – October 2015

Posted on Nov 16, 2015 1:55:26 PM by John Lynch |Leave a comment|

The telecommunications company TalkTalk faced a ransom demand after suffering a “significant and sustained” cyber-attack. It later warned that stolen financial customer data may not have been encrypted properly.

Read more:

TalkTalk Hack to Cost £35m – but won’t dent profits – The Week

TalkTalk Hacking Crisis Deepens as More Details Emerge – The Guardian

Total Cost Of Sony Breach Reaches $8m – October 2015

Posted on Nov 16, 2015 1:50:46 PM by John Lynch |Leave a comment|

Sony has reached a settlement agreement with current and former employees for damages related to its data breach in late 2014. The agreement is around $4.5m, but the company’s bill is almost doubled by attorney and representative fees.

Read more:

Sony Breach: No 007 to the Rescue – Data Breach Today

Firefox Affected By Browser Vulnerabilities – September 2015

Posted on Oct 5, 2015 9:38:43 AM by John Lynch |Leave a comment|

Mozilla has warned that its Firefox browser was infiltrated last year by hackers who stolen information about unpatched vulnerabilities. Data was taken from its Bugzilla program which could have been used to attack Firefox users.

Data Stolen From Hacked Bug Database was Used to Attack Firefox – Ars Technica
Hackers Exploit Stolen Firefox Bug Information – Bank Info Security

FBI Reacts Against Wire Fraud Schemes – September 2015

Posted on Oct 5, 2015 9:36:54 AM by John Lynch |Leave a comment|

The FBI has managed to recover millions of dollars stolen by cyber criminals by collaborating with banks and international law bodies. “We realise that wiring schemes have been growing exponentially…we have developed some streamlined procedures”.

Read more:

How the FBI Helped Recover Millions From Wire Fraud – Data Breach Today

Malware Outbreak Affects Apple App Store – September 2015

Posted on Oct 5, 2015 9:34:23 AM by John Lynch |Leave a comment|

A cybersecurity firm has reported that more than 4,000 apps in the Apple App Store have been infected with XcodeGhost malware. Apple has so far not commented on the report.

Read more:

Apple Malware Outbreak: Infected App Count Grows – Data Breach Today

Hackers Steal 5.6m Fingerprints From US Government – September 2015

Posted on Oct 5, 2015 9:29:00 AM by John Lynch |Leave a comment|

A data breach from spring 2015 where a million fingerprint records were stolen by Chinese hackers affected far more people than originally thought. 5.6m people had their personal data taken by suspected Chinese cyber criminals.

Read more:

5.6m fingerprints stolen in US data hack – Reuters
Millions of fingerprints stolen in US government hack – BBC News

33m Customer Details Hacked At Ashley Madison – August 2015

Posted on Sep 22, 2015 9:34:57 AM by John Lynch |Leave a comment|

The pro-adultery dating site Ashley Madison was hacked, exposing nearly 30GB of customer data. The group behind the attack, called The Impact Team threatened to release even more customer data unless the site and two others were shut down.

Read more:

Hackers Release Vast Database of 33m Accounts – The Guardian

Pro-adultery Dating Site Hacked – Data Breach Today

The IRS Loses More than 300,000 US Taxpayer Records – August 2015

Posted on Sep 22, 2015 9:33:36 AM by John Lynch |Leave a comment|

Hackers accessed the IRS’s Get Transcript tax return feature to harvest more than 300,000 tax records – more than three times what was previously anticipated when the breach was discovered in May. Citizens have been encouraged to send tax returns early to avoid fraud.

Read more:

More than 300,000 US taxpayers affected by data breach – Computer Weekly

IRS Data Breach Nearly Three Times Bigger than Previously Reported – National Journal

Experian Sued For Falling Victim to a Data Breach – August 2015

Posted on Sep 22, 2015 9:31:23 AM by John Lynch |Leave a comment|

A class-action lawsuit has been launched in California against the credit bureau Experian after a man was jailed for stealing ID data from its service. The lawsuit seeks damages for the company’s violations of a number of other statutes.

Read more:

Experian Hit With Class Action Over ID Theft – KrebsonSecurity

Experian Stung by International Identity Thief – The Independent

Eastern European ‘Business Club’ Steals $100m from banks – August 2015

Posted on Sep 22, 2015 9:30:11 AM by John Lynch |Leave a comment|

A Russian cybercrime gang worked with ‘phantom’ Chinese companies to access Western bank accounts and siphon more than $100m.

Read more:

Inside the $100m ‘Business Club’ Crime Gang – Krebson

Salvation Army Employee Data Affected After Laptop is Stolen – August 2015

Posted on Aug 25, 2015 10:25:07 AM by Georgina Park |Leave a comment|

A background checking company compromised personal data of 100,000 people – including Salvation Employees – when one of its company laptops was stolen. SterlingBackcheck, the company involved, has said that there is no sign that the personal data on the laptop has been stolen.

Read more:

Data Breach Impacts 6,000 Georgians, including Salvation Army – CBS46

Carphone Warehouse May Have Exposed 2.4m Users’ Personal Details – August 2015

Posted on Aug 25, 2015 10:17:04 AM by Georgina Park |Leave a comment|

The Information Commisioner’s Office is investigating a breach that could have affected up to 2.4m Carephone Warehouse customers. Birth dates, addresses and bank information could have been exposed – as well as 90,000 users’ credit card data.

Read more:

Carphone Warehouse in Customer Data Breach – BBC News

Carphone Warehouse Hack: 2.4m Customers Affected – Wired

4.5m People’s Persona Information Exposed by UCLA Health – July 2015

Posted on Jul 31, 2015 9:54:00 AM by Georgina Park |Leave a comment|

UCLA Health in California has been hit by a cber attack that could have exposed the personal information of 4.5m people. Although discovered in May 2015, it may have dated back to September 2014.

Read more:

Data Breach at UCLA Health Exposes Personal Information – eSecurity Planet

UCLA Faces Lawsuit After Health Breach – Health IT Security

The US Census Bureau Attacked by Anonymous - July 2015

Posted on Jul 31, 2015 9:39:00 AM by Georgina Park |Leave a comment|

The US Cneus Bureau has admitted that hackers have breached its systems, but that there was no personally identifiable information accessed in the raid. The hacker group Anonymous has taken credit for the attack.

Read more:

Another government data breach – TechTarget

Hacked US Census Bureau Staff to Take Anti-Phishing Classes – The Register

Customer Information Leaked by Tax Company – May 2015

Posted on May 22, 2015 1:52:51 PM by Georgina Park |Leave a comment|

The taxi company Meru Cabs, which transports more than 1m passengers in India every month, has fixed a customer data leak. Unencrypted information, including mobile phone numbers and email addresses was stored online on a publicly accessible directory.

Read more:

Meru Cabs: Customer data Exposed – Data Breach Today
Meru Cabs’ Data Exposure Explained – Info Security Live

The Pentagon Incorporates Cyber Warfare into its Cyberdefence Strategy – April 2015

Posted on May 22, 2015 1:47:45 PM by Georgina Park |Leave a comment|

From now on, the Department of Defence will use cyberwarfare when combatting cyber-enemies. Defence Secretary Ashton Carter said that cyberthreats against US interest were ‘increasing in severity and sophistication”.

Read more:

Pentagon Announces New Strategy for Cyberwarfare – NY Times
Why the Pentagon is Publishing its Cyberwarfare Rulebook – The Register

Pharmacy Fined for Flouting HIPAA Guidelines – April 2015

Posted on May 22, 2015 1:44:00 PM by Georgina Park |Leave a comment|

After failing to dispose of patient records acceptably, a pharmacy in Denver has been fined $125,000 by the HIPAA. It will also have to adopt techniques to make its compliance program fit for purpose.

Read more:

Pharmacy Fined $125,000 for breach – Data Breach Today

Up to 80m Customer Records Stolen From Anthem Inc. – April 2015

Posted on Apr 14, 2015 4:15:56 PM by Georgina Park |Leave a comment|

In one of the largest corporate data breaches ever, the personal information of up to 80m Anthem customers was stolen. The insurer will provide from credit monitoring services to any customers affected by the hack.

Read more:

Insurance Giant Anthem Hit by Massive Data Breach – CNN Money
6 Ways to Protect Yourself After the Anthem Data Breach – Forbes

AT&T Fined $25m For Data Breaches In Its Call Centres – April 2015

Posted on Apr 14, 2015 4:09:21 PM by Georgina Park |Leave a comment|

After social security information and account details of 280,000 AT&T customers were leaked, the telecommunications provider was fined a record $25m. Staff at call centres in Mexico, Colombia and the Philippines stole codes to sell on to phone thieves.

Read more:

AT&T Pays Record $25m Fine Over Customer Data Thefts – BBC
AT&T’s Data Breach Settlement Called “A Slap on the Wrist” – Computer World

Morgan Stanley Client Information Distributed Online – February 2015

Posted on Apr 14, 2015 4:02:51 PM by Georgina Park |Leave a comment|

An investigation is under way to ascertain how information about 350,000 Morgan Stanley wealth management clients ended up online. Galen Marsh, the financial adviser in charge of the accounts, denies trying to sell the data for personal gain.

Read more:

Morgan Stanley Probe Said to Examine if Adviser Hacked – Bloomberg Business
Hackers May Have Taken Morgan Stanley Broker Information – NT Times

Bitstamp “Temporarily Suspended” Because of Compromised Wallets – January 2015

Posted on Apr 14, 2015 3:56:13 PM by Georgina Park |Leave a comment|

The Bitcoin exchange Bitstamp briefly suspended its service after suspicious behaviour occurred on one of its wallets. Customers were encouraged not to attempt to deposit to a previously-issued bitcoin address.

Read more:

Bitcoin Exchange Suspended After Hack – Wired
Bitstamp Exchange Hacked, $5m Worth of Bitcoin Stolen – ZD Net

Hilary Clinton Admits She Used Unprotected Email Account - March 2015

Posted on Mar 11, 2015 10:10:00 AM by Georgina Park |Leave a comment|

 The former US Secretary of State, Hilary Clinton, said that she had used an unprotected private email while serving in office. Clinton said that she sent around 30,000 work emails on the unsafe server “for convenience”

Read more:

Clinton’s Email Excuse Won’t Quiet Critics - CNN

Hilary Clinton: Private Email Set up For ‘Convenience’ – BBC

Sony Attacked by North Korean Hackers – December 2014

Posted on Feb 10, 2015 1:19:00 PM by Georgina Park |Leave a comment|

In one of the largest corporate security events ever, Sony was hacked by North Korean activists. After the attack, upcoming films were leaked, confidential emails were published and personal employee information was circulated.

Read more:

What Your IT Department Can Learn From the Sony Hack – Maytech

Sony Breach Also Exposed Deloitte Salary Information – SC Magazine
Sony Breach: Was it the Russians, not North Korea? - InfoSecurity Magazine

Australian Government Signs Up to the Cloud – October 2014

Posted on Nov 26, 2014 4:46:00 PM by Georgina Park |Leave a comment|

After similar initiatives by the US and UK governments, the ‘Cloud First’ enforcement by the Australian Government means that departments and affiliated agencies will be forced to adopt cloud services for the bulk of its AUS $6 billion IT spend.

Read more:

Australian Government Signs Up to Cloud First thinking – Diginomica

Bank of America protects debit card users with security chips – October 2014

Posted on Nov 26, 2014 4:44:00 PM by Georgina Park |Leave a comment|

All new debit cards issued by the Bank of America will be embedded with microchips to protect consumers from fraud. Bank of American has been issuing credit cards with the technology since 2012, but is the first major US bank to do so with debit cards.

Read more:

Bank of American debit cards to include security chips – Press Herald
Bank of America ‘chips’ its debit cards – MarketWatch

The Pentagon prepares to put sensitive files on the cloud – October 2014

Posted on Nov 26, 2014 4:40:00 PM by Georgina Park |Leave a comment|

The Pentagon is looking into ways to host ‘impact level 6’ high-risk documents on the digital cloud for the first time. The plans will see security professionals enjoy more flexibility than ever before by sharing critical files on private more flexibly cloud networks.

Read more:

Pentagon develops cloud computing strategy – IT World
Pentagon to put high-risk secret documents in the cloud? – Eurasia Review

Cloud computing to contribute €160 billion to the EU by 2020 – October 2014

Posted on Nov 26, 2014 4:38:00 PM by Georgina Park |Leave a comment|

Cloud services are anticipated to continue growing throughout the decade, and will be worth €160 by 2020, with more than 300,000 businesses created as a result of cloud technology. In 12 months’ time, up to 70% of businesses will use cloud computing in some form.

Read more:

Cloud delivers €160b boost to EU economy – Business Technology

Obama aims to incentivise safer online payment – October 2014

Posted on Nov 26, 2014 4:37:00 PM by Georgina Park |Leave a comment|

Through his executive order ‘Buy Secure’, President Obama tried to encourage businesses to invest in safer chip and pin payment methods. Next year, American Express will spend $10m replacing card machines at small businesses in the US.

Read more:

Obama Moves Without Congress on Data Security – Credit Union Times
Obama Signs Order to Protect Consumers From Identity Theft – The Washington Post

EU calls on Google to make privacy easier – October 2014

Posted on Nov 26, 2014 4:36:00 PM by Georgina Park |Leave a comment|

After several different national regulators found that Google breached privacy rules, EU authorities met with workers from the search engine to discuss how to make privacy policies more personal and easier to understand.

Read more:

Google Gets Privacy Lesson from the EU – Computer World
EU: This Is How We Would Improve Google’s Privacy Policy – PC Mag

Microsoft Goes on the Offensive Against Cybercriminals – September 2014

Posted on Nov 26, 2014 4:35:00 PM by Georgina Park |Leave a comment|

Microsoft teamed up with the Financial Services Information Sharing and Analysis Centre (FSISAC) to combat cybercriminals. Over a cloud network, the computing giant will provide real-time information from 67m IP addresses to help keep hackers at bay.

Read more:

Microsoft teams up with security ground to fight ‘cyber bank robbers’ – eweek

The iPhone 6 passes Chinese security testing – September 2014

Posted on Nov 26, 2014 4:34:00 PM by Georgina Park |Leave a comment|

Apple received permission to sell its iPhone 6 in China from the Chinese Ministry of Industry after ‘rigorous security testing’ and adapting the device to personal information standards. 10m handsets were sold in the first three days.

Read more:

Chinese Government approves iPhone 6 for sale – The Telegraph
Apple makes security assurances over iPhone 6 – Inc.

Colombian Government invests in internet security – September 2014

Posted on Nov 26, 2014 4:32:00 PM by Georgina Park |Leave a comment|

After hackers broke into the email account of a police chief and threatened to derail Havana peace talks, the Colombian government pledged to increase the amount that it was spending on cyber security.

Read more:

Columbia increases security after new attack

Apple iOS 8 Update increases user security – September 2014

Posted on Nov 26, 2014 4:31:00 PM by Georgina Park |Leave a comment|

New features like added TouchID fingerprint uses and updates for Siri made personal data safer on iPhones. Apple claims that the security enhancements now ensure that police will no longer be able to gain access to personal information on its devices.

Read more:

Apple iOS 8 private data problems? – Christian Post
Apple says ioS 8 update keeps data safe from police – The New York Times

Healthcare organisations invest in data security – September 2014

Posted on Nov 26, 2014 4:30:00 PM by Georgina Park |Leave a comment|

After a spate of cyber attacks against healthcare organisations, businesses in the healthcare industry are continuing to invest in online security. A poll showed that 73% of healthcare organisations had a data breach response plan in place.

Read more:

Data security plans on the rise in health care industry – iHealthBeat
Healthcare improves data security plans – Healthcare Dive

The UK Government invests in PSN Security – September 2014

Posted on Nov 26, 2014 4:29:00 PM by Georgina Park |Leave a comment|

Public services networks across the UK are set to be strengthened by central government investment. A report by the National Audit Office found that local governments were less secure than Whitehall and needed to improve understanding.

Read more:

Government boosts spending on PSN security – Business Cloud

New G-Cloud framework to be more secure than ever before – September 2014

Posted on Nov 26, 2014 4:27:00 PM by Georgina Park |Leave a comment|

The 6th iteration of the government’s public sector marketplace G-Cloud will be stricter and more secure than ever before. Suppliers will have to answer up to 50 different questions, and will be banned if found to have lied about their security status.

Read more:

Government consults on new G-Cloud security regime – Public Technology
Government seeks to strengthen security requirements – Out-Law.com

‘Right to be forgotten’ aims to boost data protection in the EU – September 2014

Posted on Nov 26, 2014 4:26:00 PM by Georgina Park |Leave a comment|

A landmark CJEU ruling which ‘addressed a genuine demand for data protection’ has allowed individuals in some cases to have personal information removed from search engine results. The EU has now set up a dashboard to deal with requests.

Read more:

Right-to-be-forgotten to help EU’s data protection authorities – Computer World UK
Giving European citizens the data protection they deserve – Europa.eu Press releases

Barclays and Vodafone secure new data security accreditation – July 2014

Posted on Nov 26, 2014 4:23:00 PM by Georgina Park |Leave a comment|

The bank and mobile operator became the first major organisations to be awarded the Government Cyber Essentials certification for their commitments to online security. Launched in June, the scheme aims to promote companies that invest in secure data processing.

Read more:

Barclays first major organisation to gain new data security accreditation – Computer World
Vodafone becomes first telecoms firm to win cyber security recognition – The Inquirer

NSA leaks change business security for the better – April 2014

Posted on Nov 26, 2014 4:21:00 PM by Georgina Park |Leave a comment|

A survey found that Edward Snowdon’s whistleblowing had changed business attitudes towards cyber threats for the better. 58.6% of technology professionals said there have been boardroom action at their organisation because of Snowdon.

Read more:

NSA Leaks ‘Have Had a Positive Effect on Cyber Security’ – Sovereign Data Connect
Data Residency After The Edward Snowden Leaks – Maytech

Apple improves database security after hack – July 2013

Posted on Nov 26, 2014 4:13:00 PM by Georgina Park |Leave a comment|

A Turkish security researcher took credit for compromising Apple’s portal for third-party developers. The company couldn’t confirm whether personal information was stolen, but said that it was ‘overhauling’ systems to make them more secure.

Read more:

Turkish Security Researcher Claims Responsibility for Apple Site Hack – The Guardian
Apple’s Developer Site Was Hacked – Time

The cloud market continues to grow in China - July 2013

Posted on Nov 26, 2014 4:12:00 PM by Georgina Park |Leave a comment|

A Chinese research firm predicts that cloud computing in the country will grow annually by 50% in the next few years. By the end of 2015 it will be worth nearly 14b CNY – although there are still many concerns in the business community about its reliability and safety.

Read more:

Cloud – a growing market for China – Data Center Dynamics

Facebook admits 6 million users were affected by year-long data breach – June 2013

Posted on Nov 26, 2014 4:10:00 PM by Georgina Park |Leave a comment|

A technical glitch by the social media giant caused 6 million phone numbers and email addresses to be leaked to other users. After being alerted to the bug, Facebook’s security team fixed the problem in 24 hours.

Read more:

Facebook Admits to Year-Long Data Breach – Reuters
Facebook Exposed 6 Million Users’ Contact Information – Mashable

Evernote tells 50m users to change passwords after hack – March 2013

Posted on Nov 26, 2014 4:09:00 PM by Georgina Park |Leave a comment|

The online note-taking website Evernote spotted ‘suspicious activity’ and told its 50m users to change their passwords to ensure that personal data remained safe.

Read more:

50m Forced to Change Passwords – Digital Trends

NHS Wales launches file sharing portal – April 2012

Posted on Nov 26, 2014 4:06:00 PM by Georgina Park |Leave a comment|

The NHS helped patients exchange potentially-sensitive and identifiable information by its secure file sharing portal. Capable of being connected to outlook email accounts, the exchange had over 2000 users in its first year.

Read more:

Secure File Sharing Expanded – NHS Wales

Data breaches cause security shake up at Betfair – October 2011

Posted on Nov 26, 2014 4:03:00 PM by Georgina Park |Leave a comment|

Hackers stole millions of pieces of contact information and card numbers before the gambling company Betfair launched on the London Stock Exchange. Since then, Betfair’s Head of Security, as well as other affiliated employees, have left the company.

Read more:

Betfair security chief departs after data breach exposed – Information Age
Betfair in for a Rough Ride Over Data Theft – The Telegraph

Wikileaks publishes nearly 400,000 Iraq War documents – October 2010

Posted on Nov 26, 2014 4:00:00 PM by Georgina Park |Leave a comment|

In the biggest classified data breach ever, Wikileaks published 391,832 documents about the Iraq War on a number of different sites.

Read more:

Wikileaks Reveals The Biggest Classified Data Breach In History – Forbes
Data Journalism Maps Every Death – The Guardian

iPad users’ details leaked after phone network breach – June 2010

Posted on Nov 26, 2014 3:54:00 PM by Georgina Park |Leave a comment|

Over 100,000 US iPad owners – including the White House Chief of Staff and military officials – had their personal details compromised when hackers breached the website of the phone network AT&T.

Read more:

Security Risk Leaves US Apple iPad Owners at Risk – The Guardian
114,000 iPod Owners Exposed – Gawker

Whistleblower exposes UK MPs’ expense scandal – May 2009

Posted on Nov 26, 2014 3:51:00 PM by Georgina Park |Leave a comment|

An unnamed government employee copied 1TB of data about UK MPs’ expenses and sold it on to the Daily Telegraph to fuel one of the most significant British political stories of recent times.

Read more:

MPs’ Expenses: How Scoop Came to Light – The Guardian
Five Years On: A Scandal That Will not Die – The Telegraph

Heartland security breach affects millions – January 2009

Posted on Nov 26, 2014 3:49:00 PM by Georgina Park |Leave a comment|

A hacking ring stole information about 100m payment cards affiliated with Heartland Payment Systems in the largest-ever criminal card breach – emphasising the importance of online security for financial companies.

Read more:

Lessons From the Data Breach at Heartland – Bloomberg Business Week
How to Keep Sensitive Data From Bad Guys – Information Week

Boeing laptop stolen with 382,000 employee details stolen – December 2006

Posted on Nov 26, 2014 3:46:00 PM by Georgina Park |Leave a comment|

Boeing employees’ social security information, addresses, birth dates and salary information was compromised after a staff laptop was stolen from a car. The information was password protected but had no encryption.

Read more:

Boeing Employee Fired After Laptop With Employee Info is Stolen – Information Week
382,000 Employees’ Data Stolen at Boeing – Computer World

AOL publishes search data – August 2006

Posted on Nov 26, 2014 3:45:00 PM by Georgina Park |Leave a comment|

Search engine AOL published a series of detailed personal logs from its own customers for research purposes. The leak caused privacy concerns as some individuals were able to be identified by cross referencing searches with phonebook listings.

Read more:

AOL Proudly Releases Massive Amounts of Private Data – TechCrunch
AOL’s Disturbing Glimpse into Users’ Lives - Cnet

UltraDNS announced – October 2005

Posted on Nov 26, 2014 3:44:00 PM by Georgina Park |Leave a comment|

UltraDNS offered new levels of online security to millions of internet users when it launched the DNS Shield™. The shield connected directly to UltraDNS’ infrastructure and was able to safely isolate potential problems in individual infrastructure.

Read more:

UltraDNS Deploys DNA Shield – The Whir
Ultra DNS Announces a Major Advancement in Internet Security – CircleID

The PCI DSS is released for the first time – December 2004

Posted on Nov 26, 2014 3:42:00 PM by Georgina Park |Leave a comment|

Visa, MasterCard, American Express, Discover and JBC joined together to create the Payment Card Industry Data Security Standard (PCI DSS), a scheme which compels businesses to protect shoppers’ credit and debit card information.

Read more:

A Beginner’s Guide to PCI Compliant Data Acquisition – Maytech
Getting Started With the PCI Data Security Standard – PCI Security Standards Council

Acxiom hackers cause the ‘largest personal data theft’ to date – August 2003

Posted on Nov 26, 2014 3:41:00 PM by Georgina Park |Leave a comment|

The analytics company Acxiom had more than 1.6bn pieces of personal information stolen by hackers. Names, addresses and email details were stolen – highlighting the importance of security in the internet age.

Read more:

Acxiom Database Hack Highlights Risk – Tech News World
Acxiom Database Hacker Jailed for 8 Years – The Register

The HIPAA is enacted – August 1996

Posted on Nov 26, 2014 3:40:00 PM by Georgina Park |Leave a comment|

US President Bill Clinton enacted the Health Insurance Portability and Accountability Act, which governs health insurance for employees and also sets guidelines for how health records should be stored electronically by businesses.

Read more:

The Essential 2-step Cheat Sheet for HIPAA Compliance – Maytech
Health Insurance Portability and Accountability Act – Wikipedia