Tag: Data Breach

Caribou Coffee chain announces card breach impacting 239 stores

US coffee store chain Caribou Coffee announced a security breach today after it discovered unauthorized access of its point of sale (POS) systems. The company listed 239 stores of its total 603 locations as impacted, which roughly amounts to 40 percent of all its sites.

All customers who used a credit or debit card at one of the affected stores between August 28, 2018, and December 3, 2018, should consider their card details compromised and take precautions such as asking for a card replacement, reviewing credit card reports, and enrolling in identity protection programs. Users can consult the list of impacted stores via the company’s data breach notice, posted on its homepage.

Read more about the Caribou Coffee data breach on ZDNet.

Hackers earned $1.7 million from trading stolen US gov payment portal data

In September this year, cybersecurity firm FireEye disclosed that Click2Gov, a payment portal system used by many US cities, had been breached by hackers. Security research firm Gemini Advisory has now released a report examining the after-effects of the attack, in which it is believed 294,929 payment records have been compromised across at least 46 cities in the US, as well as one in Canada.

The report findings suggest that less than 50 percent of cities which have lost customer data either know or have publicly disclosed data breaches occurring at their sites. The company said that by selling this information in the Dark Web, the threat actors have earned themselves at least $1.7 million.

Read more about the findings of the new report on ZDNet.

NASA Notifies Employees of Data Breach

Social security numbers and other personal information belonging to employees of the U.S. National Aeronautics and Space Administration (NASA) may have been stolen after at least one of the agency’s servers was breached. In a message obtained by SpaceRef, NASA officials told employees that cybersecurity staff started investigating a possible breach of servers on October 23.

An initial analysis revealed that social security numbers and other personally identifiable information (PII) stored on one server may have been compromised. An investigation has been launched in an effort to determine “the scope of potential data exfiltration” and identify the individuals who may be impacted. However, NASA says this process “will take time.”

Read more about the NASA data breach on SecurityWeek.

The year ahead: More breaches, bolstered regulation and the rise of AI

This time of the year is always exciting for infosec experts, as they get to take a step back, analyze how they did throughout the year, and look ahead at what the coming year will bring. The experts from Help Net Security have decided to take a different approach this time around and focus on three key, and overriding trends they see taking center stage in 2019.

2018 brought with it the proliferation of both data and application security events and, as they predicted, data breaches grew in size and frequency and cloud security took center stage globally.

Read more about the infosec predictions for 2019 on Help Net Security.

Facebook’s Latest Breach Illustrates The Limits Of GDPR

Another week, another security failure at Facebook. This week’s “bug” allowed the private photos of up to 6.8 million users to be improperly accessible to up to 1,500 different applications built by 876 different developers for nearly two weeks before the company noticed the security lapse and fixed it. Once again the company is merely “sorry this happened” but offering no compensation to those users whose trust it violated.

As Facebook racks up security failure after security failure, it raises the question of why users should continue to trust it with their data. Moreover, the company’s two month wait to notify data protection authorities after it discovered the breach, in spite of GDPR’s 72-hour notification requirement, reminds us that GDPR is far more limited than the public understands.

Read more about the latest Facebook breach on Forbes.

Most organizations suffered a business-disrupting cyber event

A study conducted by Ponemon Institute found that 60 percent of organizations globally had suffered two or more business-disrupting cyber events — defined as cyber attacks causing data breaches or significant disruption and downtime to business operations, plant and operational equipment — in the last 24 months. Further, 91 percent of respondents had suffered at least one such cyber event in the same time period.

Despite this documented history of damaging attacks, the study found that 54 percent of organizations are not measuring, and therefore don’t understand, the business costs of cyber risk.

Read more about the findings of the new report on Help Net Security.

U.S. Believes Chinese Intelligence Behind Marriott Hack

The United States said that China was behind the massive hack of data from hotel giant Marriott, part of an ongoing global campaign of cyber-theft run by Beijing. Secretary of State Mike Pompeo confirmed to Fox News that the government believes China masterminded the Marriott data theft. “They have committed cyber attacks across the world,” he said.

“We consider them a strategic competitor. They are taking actions in the South China Sea. They’re conducting espionage and influence operations here in the United States,” he said. The Marriott hacking allegation came amid heightened tensions between Beijing and Washington that encompasses geopolitics, trade, technology rivalry and espionage.

Read more about this developing story on SecurityWeek.

Google Accelerates Google+ Shutdown After New Bug Discovered

The discovery of a new API bug in Google+ has led Google to hasten the shuttering of its consumer version of the social-networking platform, the tech giant said.

Google was already in the process of shutting down Google+ after a different API software bug in the platform, disclosed in October, left the company embroiled in a privacy scandal. However, the discovery of this newer bug – which impacts a whopping 52.5 million users – has now led the tech company to move up the timetable for discontinuing its platform.

Read more about the accelerated Google+ shutdown after the discovery of a bug affecting 52.5 million users, on Threatpost.

Congressional committee slams Equifax in report on data breach

Equifax didn’t take steps to prevent a massive data breach in 2017 that allowed hackers to steal the personal information of 147.7 million Americans from its servers. It wasn’t ready to handle the aftermath, either. That’s the takeaway from a House Oversight Committee report (PDF), released Monday, which calls the breach “entirely preventable.”

The 96-page report said Equifax lacked clear lines of authority in its IT department, which meant important security measures weren’t put in place when they should have been. What’s more, the company’s collection of sensitive consumer information was spread out among out-of-date, custom-built systems, the report said.

Read more about the congressional report slamming Equifax on CNet.

Clues in Marriott hack implicate China – sources

Hackers behind a massive breach at hotel group Marriott International Inc (MAR.O) left clues suggesting they were working for a Chinese government intelligence gathering operation, according to sources familiar with the matter.

Marriott said last week that a hack that began four years ago had exposed the records of up to 500 million customers in its Starwood hotels reservation system. Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources who were not authorized to discuss the company’s private probe into the attack.

Read more about the alleged clues suggesting Chinese involvement in the attack on Reuters.