Security News

Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month. The attacker claims to have stolen source code for D-Link's D-View network management software, along with millions of entries containing personal information of customers and employees, including details on the company's CEO. The stolen data allegedly includes names, emails, addresses, phone numbers, account registration dates, and the users' last sign-in dates.

Shadow PC, a provider of high-end cloud computing services, is warning customers of a data breach that exposed customers' private information, as a threat actor claims to be selling the stolen data for over 500,000 customers. According to multiple tips sent to BleepingComputer yesterday from Shadow customers, the company has begun sending data breach notifications following a successful social engineering attack targeting its employees.

Spanish airline Air Europa, the country's third-largest airline and a member of the SkyTeam alliance, warned customers on Monday to cancel their credit cards after attackers accessed their card information in a recent data breach. The credit card details exposed in the breach include card numbers, expiration dates, and the 3-digit CVV code on the back of the payment cards.

Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. A data breach notification sent to impacted customers explains that Flagstar was indirectly impacted by Fiserv, a vendor it uses for payment processing and mobile banking services.

Cloud computing provider Blackbaud reached a $49.5 million agreement with attorneys general from 49 U.S. states to settle a multi-state investigation of a May 2020 ransomware attack and the resulting data breach. In the breach disclosed by Blackbaud in July 2020, the highly sensitive data belonging to over 13,000 Blackbaud business customers and their clients from the U.S., Canada, the U.K., and the Netherlands was compromised, impacting millions of individuals.

Sony Interactive Entertainment has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.According to the data breach notification, the compromise happened on May 28, three days before Sony learned from Progress Software about the flaw, but it was discovered in early June.

In the current business environment, it is almost inevitable that an organization will experience a security breach that exposes collected personal data to unauthorized access. Under the provisions of the General Data Protection Regulation, regardless of the severity of the security breach, organizations must inform their EU customers and stakeholders of the incident in a timely manner.

The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer data, including the details of 150 credit cards. According to the company's press release, a group of unknown attackers infiltrated its network, intending to launch a ransomware attack, but had limited success thanks to its effective protective measures.

The BORN Ontario data breach that impacted 3.4 million people was caused by the exploitation of well-known zero-day vulnerability in Progress MOVEIt Transfer software. On Monday, September 25th, SickKids disclosed that it is "Among the many Ontario healthcare providers" that share sensitive health information with BORN Ontario, a perinatal and child registry that collects, interprets, shares and protects critical data about pregnancy, birth and childhood in the province of Ontario.

BORN is a perinatal and child registry that collects, interprets, shares and protects critical data about pregnancy, birth and childhood in the province of Ontario.BORN created a web page with details about the impact the incident has on its patients and who is likely affected by the data theft.