Security News

Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information.A data breach notification shared with the Office of the Maine Attorney General reveals that a Verizon employee gained unauthorized access to a file containing sensitive employee information on September 21, 2023.

Hewlett Packard Enterprise is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information.IntelBroker, the threat actor selling the alleged HPE data, shared screenshots of some of the supposedly stolen HPE credentials but has yet to disclose the source of the information or the method used to obtain it.

Blackbaud, which had data on millions of people stolen from it by one or more crooks, has promised to shore up its IT defenses in a proposed deal with the FTC. In announcing the draft settlement, the US watchdog's boss Lina Khan, Commissioner Rebecca Slaughter, and Commissioner Alvaro Bedoya blasted Blackbaud - a cloud software provider for schools, charities, and other orgs - for its "Unfair and deceptive data security practices" in a statement [PDF]. "The FTC charges that Blackbaud's reckless data retention practices rendered its security failures much more costly: by hoarding reams of data that it did not reasonably need, Blackbaud's breach exposed far more data," they said.

Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and...

Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. The October Okta security breach involved more than 130 customers of that IT access management biz, in which snoops swiped data from Okta in hope of drilling further into those organizations.

Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. The FTC's complaint alleges that the company "Failed to monitor attempts by hackers to breach its networks, segment data to prevent hackers from easily accessing its networks and databases, ensure data that is no longer needed is deleted, adequately implement multifactor authentication, and test, review and assess its security controls" and "Allowed employees to use default, weak, or identical passwords for their accounts."

The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's strict data breach reporting rule. The SEC's rule require public companies hit by cybercriminals to report the incident within four days.

Car rental company Europcar says it has not suffered a data breach and that shared customer data is fake after a threat actor claimed to be selling the personal info of 50 million customers. The post included samples of the stolen data for 31 alleged Europcar customers, including names, addresses, birth dates, driver's license numbers, and other information.

Keenan & Associates is sending notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyberattack.Since 2017, it has been part of AssuredPartners NL, one of the largest brokerage firms in the U.S. The company submitted a notification to the Office of the Maine Attorney General, warning that 1,509,616 people were impacted by a data breach incident that occurred in the summer of 2023.

Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27. The credentials used by the attackers to breach the customers' accounts were stolen in other data breaches or used on previously compromised online platforms.