Security News

CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. CNA is considered the seventh-largest commercial insurance firm in the US based on stats from the Insurance Information Institute.

In this week's Oh! No! story, a server room fills with toxic fumes. Download the IBM 3270 retrofont that Duck admired in the podcast.

Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor. Guidehouse, a third-party vendor that provides account maintenance services to Morgan Stanley's StockPlan Connect business, notified the investment banking company in May 2021 that attackers hacked its Accellion FTA server to steal information belonging to Morgan Stanley stock plan participants.

The British Airways data breach not-quite-a-class-action hasn't ended after all, a rival to yesterday's law firm has told The Register. Following PGMBM's announcement that it has settled its case with the airline over the theft of nearly 400,000 people's personal data - including some credit card details - rival outfit Your Lawyers says its own case against BA is still ongoing.

The Republican National Committee says none of its data was compromised in a cyberattack that involved B2B IT services provider Synnex. Over the weekend, Synnex was the target of a cyberattack by threat actors who attempted to access "Customer applications within the Microsoft cloud environment." As part of the services it offers, Synnex manages cloud accounts for its customers.

British Airways has settled a class action brought by individuals impacted by the data breach suffered by the company in 2018, but terms of the settlement have been kept private. Stolen information in the case of British Airways included names, payment card data, addresses, and email addresses.

British Airways has settled the not-quite-a-class-action* lawsuit against it, potentially paying millions of pounds to make the data breach case in the High Court of England and Wales go away. "The resolution includes provision for compensation for qualifying claimants who were part of the litigation. The resolution does not include any admission of liability by British Airways Plc," said PGMBM. The lawsuit was based on the 2018 BA data breach, where the credit card details of 380,000 people were stolen thanks to a Magecart infection on its payment processing pages.

British Airways has settled the not-quite-a-class-action* lawsuit against it, potentially paying millions of pounds to make the data breach case in the High Court of England and Wales go away. "The resolution includes provision for compensation for qualifying claimants who were part of the litigation. The resolution does not include any admission of liability by British Airways Plc," said PGMBM. The lawsuit was based on the 2018 BA data breach, where the credit card details of 380,000 people were stolen thanks to a Magecart infection on its payment processing pages.

Arthur J. Gallagher, a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September. "Working with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected, we determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020 and September 26, 2020," AJG said.

In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess passwords and gain access to its customer accounts. Nobelium is the name assigned by Microsoft to the nation-state adversary responsible for the unprecedented SolarWinds supply chain attacks that came to light last year.