Items tagged with breach

There are data breaches and then there are data breaches. The Target breach, for example, was (and continues to be) a total disaster for the company with millions affected. Other hacks are made better or worse by a given company’s attitude and response. Spotify has apparently experienced some sort of breach of its own, but if you’re going to get hacked, this is a best case scenario. A total of one user has been affected according to a post by Spotify CTO Oskar Stål, but even so, the company is hitting the big red button just to be safe. “We’ve become aware of some unauthorized access to our systems and internal company data and we wanted to let you know the steps... Read more...
Although news about Target’s huge data breach broke almost two months ago, the post-mortem has persisted, and a security firm has posted a detailed breakdown of what went wrong. The story is unnerving, to say the least, as it’s not so much about system-wide failures or anything so big as it is about how all it takes for a body with so many moving parts to fall apart is one weak link and some good old-fashioned phishing. It’s already been established that the breach appears to have emanated from a malware email phishing attack on a Pennsylvania HVAC company called Fazio Mechanical that contracts with Target. The thief made off with network credentials that Target had issued the... Read more...
These days, the old "when, not if" saying applies to websites getting hacked just as much as it does for the likelihood of getting into a car accident. LivingSocial is the latest site to fall victim to an attack, but the Amazon-backed company has clearly learned from the mistakes of others and rushed to get out in front of the issue. Anyone visiting the site right now is greeted with a message that encourages users to change their passwords and links to a page that goes into detail about the attack. Customers have also received emails from LivingSocial. Notice anything different about LivingSocial's main page? The site is going out of its way to alert customers that it has been breached. Although... Read more...
Sony's PlayStation Network and Qriocity servers were apparently running obsolete, unpatched software, and had no firewall in place, both no-nos for any company, but definitely for a company as large as Sony, trying to run a cloud-based service. In testimony in front of Congress on Wednesday, Dr. Gene Spafford of Purdue University said that security experts monitoring open Internet forums were aware months ago that Sony was using outdated versions of the Apache Web server software, which "was unpatched and had no firewall installed." Not only that, Spafford added that the "oversights" were "reported in an open forum monitored by Sony employees" two to three months prior to the recent security... Read more...
Wow. This is not at all what AT&T or Apple had in mind for today. Just hours after Apple made a huge announcement that involved the next great smartphone for AT&T (yes, the iPhone 4), there's been a bombshell dropped that has temporarily made the focus on both companies distinctively more negative than usual. So, what could happen to put both Apple and AT&T in such a bad light? Oh, nothing but letting hackers access well over 100,000 e-mail addresses from prior iPad 3G + Wi-Fi buyers. We told you "wow" was an appropriate response, didn't we? According to reports, a hacker group by the name of Goatse Security was able to slide into AT&T's website and trick it into sending back... Read more...
Earlier this week we reported on Scotland's Sunday Herald's claim that the Best Western hotel group was hit with the world's largest known data breach of eight million people's sensitive information, as well as Best Western's adamant denial. Even if the Sunday Herald story turns out to be true, the Best Western data breach would no longer hold the title of the world's largest known data breach. That record now goes to the Bank of New York (BNY) Mellon, which "lost" the sensitive information of 12.5 million customers. The BNY Mellon data breach itself is not new news. As documented in the Identity Theft Resource Center's ITRC Breach Report 2008, on February 27, 2008, BNY Mellon gave "an unencrypted... Read more...
No matter how carefully you try to protect your personal and financial information, you are still at the mercy of those companies you choose to give your information too. Unfortunately, it looks like keeping your sensitive data secure is becoming increasingly difficult for some companies. According to the Identity Theft Resource Center (ITRC), 2008 is shaping up to be the year of the greatest number of reported identity-theft security breaches to date: "As of 9:30 a.m. August 22nd, the number of confirmed data breaches in 2008 stood at 449. The actual number of breaches is most likely higher, due to under-reporting and the fact that some of the breaches reported, which affect multiple businesses,... Read more...
Certainly, there's no lack of accidental data breaches. Companies, even countries like the U.K. have accidentally exposed sensitive information about customers or citizens. But to do it deliberately? Whoa.There has been outrage in Italy after the outgoing government published every Italian's declared earnings and tax contributions on the internet.The tax authority's website was inundated by people curious to know how much their neighbours, celebrities or sports stars were making.The Italian treasury suspended the website after a formal complaint from the country's privacy watchdog.The information was put on the site with no warning for nearly 24 hours.The release of the information was one of... Read more...
Monday the Massachusetts Bankers Association (MBA) issued a press release announcing a major data breach at what Visa and MasterCard said was an unnamed "major retailer."  The details were far worse than the original news, though.A security breach at an East Coast supermarket chain exposed more than 4 million card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday.Hannaford said credit and debit card numbers were stolen during the card authorization process and about 4.2 million unique card numbers were exposed, placing the case among the largest data breaches ever.The breach affected all of its 165 stores in the Northeast, 106 Sweetbay stores in... Read more...
You may recall earlier in the year the crackdown placed on bloggers by the military, who said that such blogging could pose a security threat by leaking sensitive wartime information.  Yet, haven't we seen huge amounts of sensitive information leaked on the Internet by government agencies?  (Nods head in agreement)  A series of audits has shown that official DoD websites pose far more of a threat than soldiers' blogs. The audits, performed by the Army Web Risk Assessment Cell between January 2006 and January 2007, found at least 1,813 violations of operational security policy on 878 official military websites. In contrast, the 10-man, Manassas, Virginia, unit discovered 28 breaches, at most,... Read more...
No one should be surprised nowadays when a site gets hacked.  Even sites that you would expect would have an extremely high level of security are vulnerable, as shown by the hacking today of the United Nations official website. Slogans accusing the US and Israel of killing children appeared on the pages reserved for statements from UN Secretary General Ban Ki-Moon. Other pages on the site were also breached by the group, who described their actions as a "cyberprotest". The UN only took sections down for "maintenance;" most of the site remained available.  However, at the time of this writing the Secretary General's page was still being repaired.... Read more...
It wasn’t that long ago that the loss of a laptop or hard disk containing sensitive information about consumers was big news.  Sadly, it’s becoming much more common these days.  In fact, it’s so common that U.K. Information Commissioner Richard Thomas and his staff have looked into some 6000 complaints. "The roll call of banks, retailers, government departments, public bodies and other organizations which have admitted serious security lapses is frankly horrifying," Richard Thomas wrote in a report. "How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store card transactions fall into the wrong hands?" The best leak... Read more...
Waterloo-based Research In Motion Ltd. has recently penetrated the Chinese market after a grueling eight-year effort. Last month, the Chinese Ministry of Information Industry gave RIM a pass to sell its handsets in China. According to a manager at RIM’s Beijing office, the company plans to launch the 8700g in Chinese shops at the end of August. The company has received about 5,000 pre-orders for the 8700g, mostly from foreign multinationals with operations in China and from local corporate customers. Moreover, reports say that RIM is even considering the production of devices in China itself. In Asia, RIM has already infiltrated the South Korea, Indian, and Japanese markets.... Read more...
I am very interested in power principles with respect to the semiconductor industry, so imagine my surprise when the following popped up on my desk this morning. Transmeta Corp. on Wednesday said it sued Intel Corp., claiming that the world's biggest semiconductor manufacturer infringed patents covering computer architecture and power efficiency technologies. The complaint in U.S. district court in Delaware charges that Intel is infringing 10 Transmeta patents by making and selling microprocessor products including Intel's Pentium III, Pentium 4, Pentium M, Core and Core 2 product lines, the computing technology company said. What is amazing is that the suit claims infringements all the way back... Read more...
Prev 1 2