Security News

Home Depot has agreed to shell out $17.5 million under a settlement with the attorney generals of 46 states and the District of Columbia over the massive data breach suffered by the home improvement retailer in 2014, when cybercriminals managed to steal email addresses and payment card data belonging to more than 40 million customers in the United States. Consistent with previous state data breach settlements, undergo a post settlement information security assessment which in part will evaluate its implementation of the agreed upon information security program.

Event-discovery application Peatix has disclosed a data breach, after ads for stolen user-account information were reportedly being circulated on Instagram and Telegram. In a data breach notice to affected users, Peatix said it learned on Nov. 9 that user account data had been improperly accessed.

Public health officials in Delaware on Sunday disclosed that the personal information of thousands of people who were tested for the coronavirus this summer was mistakenly shared with an unauthorized individual. The state's Division of Public Health said the data breach happened when a temporary staff member sent two unencrypted emails in August that included files with the test results, names, dates of birth and phone numbers of 10,000 people.

Japanese game giant Capcom has announced a data breach after confirming that attackers stole sensitive customer and employee information during a recent ransomware attack. On November 2nd, 2020, Capcom was hit with a cyberattack that led to them shutting down portions of their network to halt the infection's spread. It was soon learned that the Ragnar Locker ransomware operation caused Capcom's cyberattack after a security researcher found a sample of the malware used in their attack.

Ticketmaster's UK division has been slapped with a $1.65 million fine by the Information Commissioner's Office in the UK, over its 2018 data breach that impacted 9.4 million customers. The breach affected international customers who purchased, or attempted to purchase, event tickets between September 2017 and late June 2018; while UK users were impacted between February and June 2018.

Key to the criminals' success was Ticketmaster's decision to deploy a Javascript-powered chatbot on its website payment pages, giving criminals an easy way in by compromising the third party's JS - something the ICO held against Ticketmaster in its decision to award the fine. Ticketmaster 'fessed up to world+dog in June that year, and the final damage has now been revealed by the Information Commissioner's Office: 9.4m people's data was "Potentially affected" of which 1.5m were in the UK; 66,000 credit cards were compromised and had to be replaced; and Ticketmaster itself doesn't know how many people were affected between 25 May and 23 June 2018.

This post was originally published on November 7th. A Luxottica data breach has exposed the personal and protected health information of 829,454 patients at LensCrafters, Target Optical, EyeMed, and other eye care practices. In a "Security Incident" notification issued this week, Luxottica disclosed that their appointment scheduling application suffered a data breach after being hacked on August 5th, 2020.

Stock photo site 123RF has suffered a data breach after a hacker began selling a database containing 8.3 million user records on a hacker forum. 123RF is a popular stock photo and vector site that sells royalty-free images, videos, and audio to be used on websites, printed content, and videos.

The immensely popular children's online playground Animal Jam has suffered a data breach impacting 46 million accounts. Animal Jam is a virtual world created by WildWorks, where kids can play online games with other members.

This post was originally published on November 7th. A Luxottica data breach has exposed the personal and protected health information of 829,454 patients at LensCrafters, Target Optical, EyeMed, and other eye care practices. In a "Security Incident" notification issued this week, Luxottica disclosed that their appointment scheduling application suffered a data breach after being hacked on August 5th, 2020.