Security News
Communications giant T-Mobile said today it is investigating the extent of a breach that hackers claim has exposed sensitive personal data on 100 million T-Mobile USA customers, in many cases including the name, Social Security number, address, date of birth, phone number, security PINs and details that uniquely identify each customer's mobile device. On Sunday, Vice.com broke the news that someone was selling data on 100 million people, and that the data came from T-Mobile.
T-Mobile on Monday acknowledged a breach of customer information after a hacker group claimed to have obtained records of 100 million of the operator's US customers and offered some of the data on the dark web. The US wireless operator said it could not determine the number of customers impacted but that it had begun a "Deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed."
T-Mobile has confirmed that threat actors hacked their servers in a recent cyber attack but still investigate whether customer data was stolen.Yesterday, news broke that a threat actor was selling the alleged personal data for 100 million T-Mobile customers after they breached database servers operated by the mobile network.
Pearson agreed to pay a $1 million civil money penalty to settle charges "Without admitting or denying the findings" that it tried to hide and downplay the 2018 data breach that led to the theft of "Student data and administrator log-in credentials of 13,000 school, district and university customer accounts" in the United States. "As the order finds, Pearson opted not to disclose this breach to investors until it was contacted by the media, and even then Pearson understated the nature and scope of the incident, and overstated the company's data protections," said Kristina Littman, Chief of the SEC Enforcement Division's Cyber Unit.
Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May. The company says that it "Recently learned" that DarkSide operators were also able to collect and exfiltrate documents containing personal information of a total of 5,810 individuals during their attack."The affected records contained certain personal information, such as name, contact information, date of birth, government-issued ID, and health-related information," Colonial Pipeline reveals in the data breach notification letters.
Ransomware operators have added PrintNightmare exploits to their arsenal and are targeting Windows servers to deploy Magniber ransomware payloads. PrintNightmare is a class of security vulnerabilities impacting the Windows Print Spooler service, Windows print drivers, and the Windows Point and Print feature.
The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. Many ransomware gangs operate as a Ransomware-as-a-Service, which consists of a core group of developers, who maintain the ransomware and payment sites, and recruited affiliates who breach victims' networks and encrypt devices.
Text IQ announced that its solution for identifying personal information outperformed AWS, Microsoft and Google in a real-life comparison of AI recall and precision. As companies across the globe...
Authorities at the University of California San Diego Health reported a phishing attack lead to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data. A Wednesday notice from UCSD Health explains the attack occurred between Dec. 2, 2020 and April 8, 2021 and exposed personal information including full names, addresses, date of birth, email, social security number and the date and cost of medical services.
Data breaches now cost companies a total of $4.24 million per incident on average, according to the Cost of a Data Breach Report, conducted by Ponemon Institute and analyzed by IBM Security. "While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation and the adoption of a zero trust approach - which may pay off in reducing the cost of these incidents further down the line."