Security News

American VC firm Sequoia Capital has disclosed a data breach following what looks like a failed business email compromise attack from January. Since its founding in 1972, the venture capital firm Sequoia has invested in a long list of high-profile companies.

Kroger became the latest major company to announce a data breach, acknowledging in a statement that information from some current and former employees as well as customers of Kroger Health and Money Services were impacted by an attack on a third-party file transfer tool from Accellion. The company said it is in the process of contacting victims but confirmed that none of its IT systems or any grocery store systems or data were affected by the breach.

Business jet maker Bombardier is the latest company to suffer a data breach by the Clop ransomware gang after attackers exploited a zero-day vulnerability to steal company data. Soon after BleepingComputer contacted the company about the data leak, Bombardier issued a press release stating that they suffered a breach after hackers stole data from their "File-transfer application."

Silicon Valley-based venture capital giant Sequoia Capital informed investors last week that their information may have been compromised in a data breach. Axios, which broke the news on Saturday, said investors were told that some of their personal and financial information may have been accessed after a Sequoia employee fell victim to an email phishing attack.

Grocery and pharmacy chain Kroger has started informing customers and associates of a data breach involving Accellion's file transfer service FTA. The Cincinnati-based retail company operates more than 2,900 locations across 35 states and the District of Columbia, including department stores, hypermarkets, jewelry stores, supermarkets, and superstores. In a data breach notification on its website, the company says that a data security incident involving Accellion's FTA service has resulted in unauthorized access to certain Kroger data.

Supermarket giant Kroger has suffered a data breach after a service used to transfer files securely was hacked, and threat actors stole files. Yesterday, Kroger disclosed that they were the latest company to be affected by a security vulnerability in the Accellion FTA software that allowed hackers to steal data from companies utilizing the service.

Yandex - one of Europe's largest internet companies - is warning of a data breach that compromised 4,887 email accounts. The company found that a Yandex employee had been providing unauthorized access to users' mailboxes "For personal gain." This employee was one of three system administrators, who had the access privileges to provide technical support for mailboxes, said Yandex.

Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. The investigation revealed that the employee's actions led to the compromise of almost 5,000 Yandex email inboxes.

Researchers say they found several stolen and leaked credentials for a Florida water-treatment plant, which was hacked last week. Researchers at CyberNews said they found 11 credential pairs linked to the Oldsmar water plant, in a 2017 compilation of stolen breach credentials.

Antivirus solutions provider Emsisoft revealed last week that a third-party had accessed a publicly exposed database containing technical logs. The database was initially exposed on January 18, 2021, and remained so until the data breach was identified, on February 3.