Equifax had patch 2 months before hack and didn’t install it, security group says

SAN FRANCISCO — Hackers took advantage of an Equifax security vulnerability two months after an industry group discovered the coding flaw and shared a fix for it, raising questions about why Equifax didn’t update its software successfully when the danger became known.

A week after Equifax revealed one of the largest breaches of consumers’ private financial data in history — 143 million consumers and access to the credit-card data of 209,000 — the industry group that manages the open source software in which the hack occurred blamed Equifax.

“The Equifax data compromise was due to (Equifax’s) failure to install the security updates provided in a timely manner,” The Apache Foundation, which oversees the widely-used open source software, said in a statement Thursday.

Read more details here.

Author: Elizabeth Weise and Nathan Bomey

Equifax Inc., Cyber-attack & Breach

Equifax Inc. said its systems were struck by a cyber-attack that may have affected about 143 million U.S. customers of the credit reporting agency, shedding light on one of the largest and most intrusive breaches in history.

Intruders accessed names, Social Security numbers, birth dates, addresses and driver’s license numbers.

Read more details here.

Author:Brian Womack

14M customers vulnerable in massive Verizon data leak


“Names, address, account details and personal identification numbers for as many as 14 million Verizon customers were publicly accessible and unsecured in June because of a third-party cloud server problem, according to a new report.

Chris Vickery, of Upguard, reported the breach after he discovered a database of Verizon customers on a cloud server account of a Verizon subcontractor in a way that could be accessed by anyone who knew where to look for it.

The cloud account, administered by the Israeli firm NICE Systems, hosted what appeared to be a daily log of Verizon accounts, Upguard reported.

The files “exposed the names, addresses, account details, and account personal identification numbers (PINs) of as many as 14 million US customers of telecommunications carrier Verizon, per analysis of the average number of accounts exposed per day in the sample that was downloaded,” according to the report.
Vickery contacted Verizon about the files after discovering them on June 8, and the data was secured by June 22.”

Read more details here.

Author: Joe Uchill

Target Reaches $18.5M Settlement on Breach


“Target Corp. has reached an $18.5 million settlement over a massive data breach that occurred before Christmas in 2013, New York’s attorney general announced Tuesday.

The agreement involving 47 states and the District of Columbia is the largest multistate data breach settlement to date, Attorney General Eric T. Schneiderman’s office said. The settlement, which stipulates some security measures the retailer must adhere to, resolves the states’ probe into the breach.

Target spokeswoman Jenna Reck said in a statement that the company has been working with state authorities for several years to address claims related to the breach.”

Read more article details here.

Author: Anne D’Innocenzio, U.S. News

Abta data breach: Tens of thousands of holidaymakers hit in massive cyber attack

“The Association of British Travel Agents (ABTA) has come forward and disclosed a major data breach, with as many as 43,000 people at possible risk from the huge cyber attack.

The attack that breached the website resulted in the hackers gaining access to around 1,000 files containing information that could include encrypted passwords and email addresses of ABTA members and customers registered on the site.

Files containing the contact details of customers of travel agencies registered with ABTA who have posted complaints via the breached website are also said to be possibly affected. In addition to this, data uploaded by ABTA members regarding membership could also be accessed within the files.”

Read more details here.

Author: Tom Ball

Reports of Potential Data Breach at Saks Fifth Ave


“There are reports of Saks Fifth Avenue inadvertently exposing the personal information of customers online.

The breach, which was first reported by Buzzfeed, had the e-mail addresses and phone numbers of shoppers visible on the Saks website.

Parent company Hudson’s Bay Co. released the following statement regarding the incident:

“We take this matter seriously. We want to reassure our customers that no credit, payment, or password information was ever exposed. The security of our customers is of utmost priority and we are moving quickly and aggressively to resolve the situation, which is limited to a low single-digit percentage of email addresses. We have resolved any issue related to customer phone numbers, which was an even smaller percent.”

Read more details here.

Author: NBC Miami

Memorial Hospital pays $5.5M in settlement over potential HIPAA violations

“Memorial Healthcare Systems has agreed to pay a $5.5 million settlement to the U.S. Department of Health and Human Services over potential HIPAA violations.

The security breach was discovered when Memorial launched an internal investigation in 2012 after two hospital employees stole patients’ personal information to make money filing phony tax returns, said Kerting Baldwin, a spokeswoman Memorial Healthcare System.”

Read more details here.

Author: Rebecca Piccardo

As many as 7.5 million voter records involved in Georgia data breach

“Millions of Georgia voters may have had their personal information compromised for the second time in as many years, as the Federal Bureau of Investigation opened an investigation Friday at Kennesaw State University’s Center for Election Systems involving an alleged data breach.

As many as 7.5 million voter records may be involved, according to a top state official briefed on the information but not authorized to speak on the record. Neither federal officials nor university officials would confirm the scope of the investigation or how many records had potentially been accessed.

State officials found out about the breach Thursday evening, after being notified by the university. The governor’s office said it asked the Georgia Bureau of Investigation to contact the FBI after learning about the scope of the problem.”

Read more details here.

Author: Kristina Torres

Weekends Only reports credit card data breach

“The credit card information of Weekends Only online shoppers has been compromised, the furniture retailer has learned.

The company says Aptos, the company that hosts its online payment platform experienced a data breach. That company is working with cyber security experts, the FBI and the U.S. Department of Justice in the investigation.

Weekends Only has mailed a letter and is offering complimentary identity monitoring and restoration services to about 8,000 potentially affected customers.

The data breach does not affect any customers who made purchases in Weekends Only retail stores.”

Read more details here.

Author: Alexandra Martellaro and Rachel Menitoff, KSDK

Daytona State College warns employees of potential data breach

“Daytona State College is warning its staff about a potential data breach involving W-2 information after one employee had his or her personal information misused.

The investigation is in its early stages and at this point officials aren’t sure if a data breach did in fact occur.

“Our investigation is ongoing, and we are working as quickly as we can,” executive vice president Brian Babb said in a statement to employees. “If we determine that your information was compromised, we will be in contact with you and will provide additional information.”

Current and former employees could potentially be affected. The college has arranged free data protection services for employees.”

Read more details here.

Author: Adrienne Cutway