Security News

The Associated Press is warning of a data breach impacting AP Stylebook customers where the attackers used the stolen data to conduct targeted phishing attacks. This week, the Associated press warns that an old third-party-managed AP Stylebook site that was no longer in use was hacked between July 16 and July 22, 2023, allowing the data for 224 customers to be stolen.

According to IBM's Cost of a Data Breach Report 2023, the average cost of a data breach in Australia has grown by 32% in five years to AU $4.03 million. As the risk of data breach incidents rise, IT leaders are in a position to minimize the cost of a data breach by implementing DevSecOps, utilizing AI and automation, prioritizing incident response planning and testing, streamlining data breach discovery and taking out adequate cybersecurity insurance for when the worst happens.

Dymocks Booksellers is warning customers their personal information was exposed in a data breach after the company's database was shared on hacking forums.The company was informed that its customer data was stolen on September 6th, 2023, by Troy Hunt, the creator of the data breach notification service 'Have I Been Pwned', after a threat actor released it on a hacking forum.

Johnson & Johnson Health Care Systems has informed its CarePath customers that their sensitive information has been compromised in a third-party data breach involving IBM. IBM is a technology service provider for Janssen; specifically, it manages the CarePath application and database supporting its functions. IBM has published a separate announcement about the incident that says there are no indications the stolen data has been misused.

Freecycle, an online forum dedicated to exchanging used items rather than trashing them, confirmed a massive data breach that affected more than 7 million users. The nonprofit organization says it discovered the breach on Wednesday, weeks after a threat actor put the stolen data for sale on a hacking forum on May 30, warning affected people to switch passwords immediately.

Nearly four weeks after the Police Service of Northern Ireland published data on 10,000 employees in a botched response to a Freedom of Information request, another two men, aged 21 and 22, have been released on bail after being arrested under the Terrorism Act. On August 8, it mistakenly published a spreadsheet with the details of every serving Northern Ireland police officer online in response to a Freedom of Information request at the beginning of August.

The University of Sydney announced that a breach at a third-party service provider exposed personal information of recently applied and enrolled international applicants. In the data breach announcement, the university says that incident had a limited impact and the preliminary investigation found no evidence that local students, staff, or alumni have been impacted.

Topgolf Callaway suffered a data breach at the start of August, which exposed the sensitive personal and account data of more than a million customers.In a letter sent to impacted individuals on August 29, 2023, the company explains that an IT system incident that occurred on August 1st has affected the availability of its e-commerce services and exposed certain customer information to an unauthorized entity. This impacts customers of Callaway and its sub-brands Odyssey, Ogio, and Callaway Gold Preowned sites that all operate under the same business umbrella.

Forever 21 clothing and accessories retailer is sending data breach notifications to more than half a million individuals who had their personal information exposed to network intruders.The investigation revealed that hackers had intermittent access to Forever 21 systems between January and March this year and leveraged this access to steal data.

American entertainment giant Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally identifiable information.Paramount said in breach notification letters signed by Nickelodeon Animation Studio EVP Brian Keane sent to affected individuals that the attackers had access to its systems between May and June 2023.