Data Breach

FedEx Grapples With TNT Express Cyberattack: Time to Dump?

by
http://about.van.fedex.com/wp-content/uploads/2017/06/FedEx-Express-airplane-at-dawn-s.jpg

“FedEx’s operations have been severely hurt by the Jun 27 cyberattack on its subsidiary, TNT Express. The attack caused large-scale service delays on its TNT Express unit. Evidently, the company’s top line in first-quarter fiscal 2018 was affected, primarily due to decreased volumes at TNT Express. First-quarter results were also hampered by Hurricane Harvey. In fact, the company incurred costs of approximately $300 million during the quarter due to the catastrophe.”

Read more details here.

Author: Zacks Equity Research

Hackers may have accessed data of millions of T-Mobile customers

by
http://media.syracuse.com/news/photo/2014/07/02/t-mobile-3c4c4b06bcf7a433.jpg

“A bug on T-Mobile‘s website may have allowed hackers to view your personal information. The bug, which has since been patched, allowed hackers to view your email address, account number, and even your phone’s IMSI number (a unique number that identifies subscribers). According to the researcher that found the bug, there was no way to prevent someone writing a script and finding out the information for all 69.6 million potential victims.”

For more details, read here.

Author: Matt Adams

Hyatt breach exposed customer payment data at 41 hotels

by
https://tctechcrunch2011.files.wordpress.com/2015/12/hyatt.jpg?w=738

Hyatt announced today that its payment systems were breached, exposing credit card data from 41 hotels in 11 countries. The hack was discovered in July and the investigation only just recently concluded.

The three U.S. hotels affected were all in Hawaii, with the remaining 38 scattered around the world (China had the most trouble).

In a statement, Hyatt said it “has taken steps to strengthen the security of its systems, and customers can feel confident using payment cards at Hyatt hotels worldwide.”

Wait, no. That’s from the statement it issued when it was hacked in late 2015.

The new statement reads: “we have resolved the issue and implemented additional security measures to strengthen the security of our systems. Customers can confidently use payment cards at Hyatt hotels worldwide.”

For more details, read here.

Author: Devin Coldeway

1,200 Football Players’ Personal Data Exposed In NFL Leak — Colin Kaepernick Included

by

But that’s what has happened, in a data leak from the website of the NFL Players Association that affects as many as 1,135 football players. And hackers may now have access to all that information, a security expert warned Tuesday.

Ostensibly, hackers had found the database, attempted to lock it up and demand payment to open it. That ransom note contained the threat that hackers would release information from the database to the public unless 0.1 bitcoins (worth approximately $428) was sent to their wallet. It’s unclear if the ransomware attempt was successful; the bitcoin wallet had not received any funds at the time of publication.

For more details, read here.

Author: Thomas Fox-Brewster

Whole Foods Data Breach 2017: 10 Things We Know

by
http://marlboroughedc.com/wp-content/uploads/2017/01/whole-foods-moves-hq-to-marlborough.jpg

“Whole Foods, which was recently acquired by Amazon, suffered a data breach of credit card information used in taprooms and full table-service restaurants in some of the grocery chain’s stores, the company said Thursday.

Whole Foods noted these venues use a different point-of-sale system than the main checkout systems.”

For full list, read here..

For more details, watch this video.

Author: Angelica LaVito and William White

Millions Of Credit Card Numbers May Have Been Stolen In Sonic Drive-In Breach

by
https://www.longislandpress.com/wp-content/uploads/2017/02/Sonic_Franchise_Brochure_Img31_1000px.jpg

“It’s a day of the week ending in “y,” which can only mean one thing: Another national company’s payment system has been compromised. This time, it’s the Sonic Drive-In fast food chain, where potentially millions of credit card numbers may have been stolen.

KrebsOnSecurity.com confirmed the breach with Sonic earlier today, after recently coming across a for-sale stash of around 5 million stolen credit card numbers. According to Krebs, a common link for some of these purloined credit card numbers was that they had recently been used to make purchases at Sonic.

It’s not clear yet whether all 5 million cards for sale in that batch were stolen from the same source, or if they were taken from multiple sources.”

Read more details here.

Author: Chris Morran

Equifax has been sending customers straight into a hacker’s trap for weeks

by

The credit management company Equifax has been sending customers to a fake “phishing” website for weeks, potentially causing them to hand over their personal data and full financial information to hackers.

The Verge reported Wednesday that Equifax representatives sent customers looking for help with the massive data breach — which potentially compromised 143 million people’s private information — to a copycat site thanks to a typographical error.

After the data breach was revealed earlier this month, Equifax established the domain www.equifaxsecurity2017.com to handle incoming customer questions and complaints. This website is not connected to Equifax’s main website.

“If users end up on the wrong site, they could end up leaking the data they’re already concerned was stolen,” the Verge reported.

On Wednesday, a user reached out to Equifax on Twitter asking for assistance. The responding tweet sent the user to www.securityequifax2017.com, which is an impostor site designed to look like the Equifax splash page.

The company deleted the erroneous tweet, but a quick scan of their Twitter feed showed that they have sent multiple customers to the phony address. Those tweets have been deleted now, as well.

Fortunately for users who followed the mistaken link, www.securityequifax2017.com is a “white hat” hacker site set up by developer Nick Sweeting as a demonstration of popular phishing techniques.

“I made the site because Equifax made a huge mistake by using a domain that doesn’t have any trust attached to it [as opposed to hosting it on equifax.com],” Sweeting told The Verge. “It makes it ridiculously easy for scammers to come in and build clones — they can buy up dozens of domains, and typo-squat to get people to type in their info.”

Sweeting says he notified Equifax of their vulnerability and emailed them about his decoy site, but never got any response.

The Verge said, “Equifax’s entire response to the breach has been a mess. The company’s website set off alarms for lawyers who worried it might waive victims’ right to sue the company, and the response phone line representatives actually had no information and just directed concerned consumers back to the website.”

Read more details here.

Author: David Ferguson

Equifax had patch 2 months before hack and didn’t install it, security group says

by

SAN FRANCISCO — Hackers took advantage of an Equifax security vulnerability two months after an industry group discovered the coding flaw and shared a fix for it, raising questions about why Equifax didn’t update its software successfully when the danger became known.

A week after Equifax revealed one of the largest breaches of consumers’ private financial data in history — 143 million consumers and access to the credit-card data of 209,000 — the industry group that manages the open source software in which the hack occurred blamed Equifax.

“The Equifax data compromise was due to (Equifax’s) failure to install the security updates provided in a timely manner,” The Apache Foundation, which oversees the widely-used open source software, said in a statement Thursday.

Read more details here.

Author: Elizabeth Weise and Nathan Bomey

Equifax Faces Multibillion-Dollar Lawsuit Over Hack

by

A proposed class-action lawsuit was filed against Equifax Inc. late Thursday evening, shortly after the company reported that an unprecedented hack had compromised the private information of about 143 million people.

In the complaint filed in Portland, Ore., federal court, users alleged Equifax was negligent in failing to protect consumer data, choosing to save money instead of spending on technical safeguards that could have stopped the attack. Data revealed included Social Security numbers, addresses, driver’s license data, and birth dates. Some credit card information was also put at risk.

Equifax first discovered the vulnerability in late July, though it chose not to announce it publicly until more than a month later. The company was widely criticized for its customer service approach in the aftermath of the hack, as users struggled to understand whether their information had been affected. Others expressed frustration that three senior executives sold about $1.7 million in stock in the days following the discovery of the hack. A spokeswoman for Equifax said the men “had no knowledge that an intrusion had occurred at the time.”

The plaintiffs in the lawsuit are Mary McHill and Brook Reinhard. Both reside in Oregon and had their personal information stored by Equifax.

Read more details here.

Author: Polly Mosendz
Image: CBS

See if you were someone impacted by the breach.