Security News

Being “Threat-Led” is the answer. Your ISO certificate won’t save you from a breach!
2022-01-20 07:30

Another CISO walks into a board meeting and muddles through stats showing their compliance status. In the classic risk management equation of Risk = Threat x Vulnerability, I have no control over the threat actor's motivation, skill, or resources.

Fashion giant Moncler confirms data breach after ransomware attack
2022-01-18 19:51

Italian luxury fashion giant Moncler confirmed that they suffered a data breach after files were stolen by the AlphV/BlackCat ransomware operation in December and published today on the dark web. Today, in a statement shared with Bleeping Computer, Moncler confirmed that some data related to its employees, former employees, suppliers, consultants, business partners, and customers was leaked today by the AlphaV ransomware operation.

Goodwill discloses data breach on its ShopGoodwill platform
2022-01-14 21:13

American nonprofit Goodwill has disclosed a data breach that affected the accounts of customers using its e-commerce auction platform. ShopGoodwill's Vice President Ryan Smith said in data breach notification letters sent to impacted individuals that some of their personal contact information was exposed due to a site vulnerability.

FCC wants new data breach reporting rules for telecom carriers
2022-01-13 21:39

The Federal Communications Commission has proposed more rigorous data breach reporting requirements for telecom carriers in response to breaches that recently hit the telecommunications industry. "I look forward to having my colleagues join me in taking a fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches."

FlexBooker discloses data breach, over 3.7 million accounts impacted
2022-01-06 20:53

Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums. All three breaches allegedly occurred a few days before Christmas and the intruder published the data on a hacker forum.

US online pharmacy Ravkoo links data breach to AWS portal incident
2022-01-06 16:48

Ravkoo, a US Internet-based pharmacy service, has disclosed a data breach after the company's AWS hosted cloud prescription portal was involved in a security incident that may have led to personal and health information being accessed. "Ravkoo utilizes AWS cloud services for online hosting of its prescription portal. On September 27, 2021, Ravkoo detected that this portal was the target of a cybersecurity attack," the pharmacy said in data breach notification letters sent to 105,000 affected customers on January 3.

Broward Breach Highlights Healthcare Supply-Chain Problems
2022-01-05 21:09

This week's announcement by Florida's Broward Health System that the most intimate medical data of 1,357,879 of its patients was breached in the fall should serve as a warning that the healthcare software supply chain will be a juicy target for cybercriminals as we head into 2022, researchers warn. As startling as the number of impacted Broward patients may seem, Ron Bradley, vice president of Shared Assessments calls this breach, "Just a drop in the proverbial bucket related to healthcare losses in 2021.".

UScellular discloses data breach after billing system hack
2022-01-04 17:07

UScellular, self-described as the fourth-largest wireless carrier in the US, has disclosed a data breach after the company's billing system was hacked in December 2021. "On December 13, 2021, UScellular detected a data security incident in 'which unauthorized individuals illegally accessed our billing system and gained access to wireless customer accounts that contain personal information," the carrier explained.

McMenamins Data Breach Affects 12 Years of Employee Info
2022-01-04 16:43

A ransomware attack on the McMenamins dining and hospitality empire in the Pacific Northwest came along with a data breach covering 12 years of employee data, the organization has confirmed. The Dec. 12 incident - which some have attributed to the Conti gang - forced McMenamins to shut down various operations, though locations can still receive customers.

Have I Been Pwned warns of DatPiff data breach impacting millions
2022-01-04 16:22

The cracked passwords for almost 7.5 million DatPiff members are being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service. It is unclear when the data breach occurred, but the DatPiff database was first sold privately and then publicly on hacking forums in July 2020.