Showing only posts tagged Data Breaches. Show all posts.

Fintech Giant Finastra Investigating Data Breach

Source

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more …

An Interview With the Target & Home Depot Hacker

Source

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview …

Suspect arrested in Snowflake data-theft attacks affecting millions

Source

Canadian authorities have arrested a man on suspicion he breached hundreds of accounts belonging to users of cloud storage provider Snowflake and used that access to steal personal data belonging to millions of people, authorities said Tuesday. “Following a request by the United States, Alexander Moucka (aka Connor Moucka …

Change Healthcare Breach Hits 100M Americans

Source

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com. A ransomware attack at Change …

Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

Source

Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being “ USDoD,” a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI’s InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker …

National Public Data Published Its Own Passwords

Source

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently …

NationalPublicData.com Hack Exposes a Nation’s Data

Source

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds …

Low-Drama ‘Dark Angels’ Reap Record Ransoms

Source

A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. Security experts say the Dark Angels have been around since 2021, but the group doesn’t get …

Rite Aid says breach exposes sensitive details of 2.2 million customers

Source

Enlarge / Rite Aid logo displayed at one of its stores. (credit: Getty Images) Rite Aid, the third biggest US drug store chain, said that more than 2.2 million of its customers have been swept into a data breach that stole personal information, including driver's license numbers, addresses, and …

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Source

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated …

Crooks Steal Phone, SMS Records for Nearly All AT&T Customers

Source

AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers. AT&T said it delayed disclosing the incident in response to “national security and public safety concerns,” noting that some of …

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Source

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today reports the suspect was …

Hackers steal “significant volume” of data from hundreds of Snowflake customers

Source

Enlarge (credit: Getty Images) As many as 165 customers of cloud storage provider Snowflake have been compromised by a group that obtained login credentials through information-stealing malware, researchers said Monday. On Friday, Lending Tree subsidiary QuoteWizard confirmed it was among the customers notified by Snowflake that it was affected …

Ticketmaster hacked in what’s believed to be a spree hitting Snowflake customers

Source

Enlarge (credit: Getty Images) Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware or by purchasing them on online crime forums. Ticketmaster parent Live Nation—which disclosed Friday that hackers gained access to data it stored …

Who Stole 3.6M Tax Records from South Carolina?

Source

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may …

Why CISA is Warning CISOs About a Breach at Sisense

Source

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any …

AT&T: Data breach affects 73 million or 51 million customers. No, we won’t explain.

Source

Enlarge (credit: Getty Images) AT&T is notifying millions of current or former customers that their account data has been compromised and published last month on the dark web. Just how many millions, the company isn't saying. In a mandatory filing with the Maine Attorney General’s office, the …

BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare

Source

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ ALPHV “) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However …

Fulton County, Security Experts Call LockBit’s Bluff

Source

The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming the county had paid. But county …

New Leak Shows Business Side of China’s APT Menace

Source

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns …

U.S. Internet Leaked Years of Internal, Customer Emails

Source

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of …

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Source

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just filed for …

Okta: Breach Affected All Customer Support Users

Source

When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that …

ID Theft Service Resold Access to USInfoSearch Data

Source

One of the cybercrime underground’s more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned. Since at least February 2023, a service advertised on Telegram called USiSLookups has operated …

page 1 | older articles »