Security News

American Express is warning customers that credit cards were exposed in a third-party data breach after one of its service providers was hacked. In a data breach notification filed with the state of Massachusetts, American Express said that the breach occurred at one of its service providers used by their travel services division, American Express Travel Related Services Company.

The Golden Corral American restaurant chain disclosed a data breach after attackers behind an August cyberattack stole the personal information of over 180,000 people. "On or about August 15, 2023, Golden Corral experienced a data security incident that caused a temporary disruption to our corporate operations," Golden Corral said.

Pro has suffered a data breach exposing the personal information of 20 million members, including email addresses, hashed and salted passwords, IP addresses, and names. On Tuesday, someone using the alias 'KryptonZambie' shared a link on the BreachForums hacking forum to CSV files containing 5.93 GB of data stolen from Cutout.

Russian threat actors APT29 are changing their techniques and expanding their targets to access cloud environments, members of the Five Eyes intelligence alliance have warned. Microsoft was victim of the same breach and, more recently, the same threat actors hacked into its corporate mailboxes, stealing emails and attached documents.

Sony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November. In December, Sony said they were investigating the Rhysida ransomware gang's claims that they breached Insomniac Games and stole over 1.3 million files from its network.

Microsoft has expanded free logging capabilities for all Purview Audit standard customers, including U.S. federal agencies, six months after disclosing that Chinese hackers stole U.S. government emails undetected in an Exchange Online breach between May and June 2023. "Beginning this month, expanded logging will be available to all agencies using Microsoft Purview Audit regardless of license tier," a press release issued today reads.

The Romanian national cybersecurity agency has pinned the outbreak of ransomware cases across the country's hospitals to an incident at a service provider. All hospitals caught up in the ransomware scourge are thought to have been breached via the HIS. Per legal reporting obligations in Romania, service providers must inform the DNSC and national CSIRT of incidents that significantly impact the continuity of essential services.

Integris Health has reported to U.S. authorities that the data breach it suffered last November exposed personal information belonging to almost 2.4 million people. Unless Integris Health met the attacker's demands, the stolen data would be sold to other cybercriminals on January 5, 2024.

Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year.While Bank of America has yet to disclose how many customers were impacted by the data breach, Infosys McCamish Systems, the vendor that had its systems compromised, revealed in a recent filing with the Attorney General of Maine that 57,028 had their data exposed in the incident.

Nearly half the citizens of France have had their data exposed in a massive security breach at two third-party healthcare payment servicers, the French data privacy watchdog disclosed last week.Payments outfits Viamedis and Almerys both experienced breaches of their systems in late January, the National Commission on Informatics and Liberty revealed, leading to the theft of data belonging to more than 33 million customers.