Security News

Croatian phone carrier 'A1 Hrvatska' has disclosed a data breach exposing the personal information of 10% of its customers, roughly 200,000 people. The announcement does not provide many details other than that they suffered a cybersecurity incident involving the unauthorized access of one of their user databases, which contained sensitive personal information.

Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021. The data breach notification filed with several attorney generals' offices earlier this month says the attackers also stole personal information belonging to Puma employees and their dependents from the Kronos Private Cloud cloud environment before encrypting the data.

Report: Data breach numbers may not actually be declining, and reporting them is getting slower. A study released by Flashpoint and Risk Based Security found two startling facts: It's report of a drop in the total number of breaches is likely erroneous, and the time it takes for an organization to report.

Italian luxury fashion giant Moncler confirmed that they suffered a data breach after files were stolen by the AlphV/BlackCat ransomware operation in December and published today on the dark web. Today, in a statement shared with Bleeping Computer, Moncler confirmed that some data related to its employees, former employees, suppliers, consultants, business partners, and customers was leaked today by the AlphaV ransomware operation.

American nonprofit Goodwill has disclosed a data breach that affected the accounts of customers using its ShopGoodwill.com e-commerce auction platform. ShopGoodwill's Vice President Ryan Smith said in data breach notification letters sent to impacted individuals that some of their personal contact information was exposed due to a site vulnerability.

The Federal Communications Commission has proposed more rigorous data breach reporting requirements for telecom carriers in response to breaches that recently hit the telecommunications industry. "I look forward to having my colleagues join me in taking a fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches."

Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums. All three breaches allegedly occurred a few days before Christmas and the intruder published the data on a hacker forum.

Ravkoo, a US Internet-based pharmacy service, has disclosed a data breach after the company's AWS hosted cloud prescription portal was involved in a security incident that may have led to personal and health information being accessed. "Ravkoo utilizes AWS cloud services for online hosting of its prescription portal. On September 27, 2021, Ravkoo detected that this portal was the target of a cybersecurity attack," the pharmacy said in data breach notification letters sent to 105,000 affected customers on January 3.

UScellular, self-described as the fourth-largest wireless carrier in the US, has disclosed a data breach after the company's billing system was hacked in December 2021. "On December 13, 2021, UScellular detected a data security incident in 'which unauthorized individuals illegally accessed our billing system and gained access to wireless customer accounts that contain personal information," the carrier explained.

A ransomware attack on the McMenamins dining and hospitality empire in the Pacific Northwest came along with a data breach covering 12 years of employee data, the organization has confirmed. The Dec. 12 incident - which some have attributed to the Conti gang - forced McMenamins to shut down various operations, though locations can still receive customers.