Security News

UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees' email accounts. UC San Diego Health is one of the nation's best hospitals, being repeatedly ranked as the best health care system in San Diego, according to the 2021-2022 U.S. News & World Report survey.

Law firm Campbell Conroy & O'Neil has warned of a breach from late February which may have exposed data from the company's lengthy client list of big-name corporations including Apple and IBM. The breach, which was discovered on 27 February 2021 when a ransomware infection blocked access to selected files on the company's internal systems, has been blamed on an unnamed "Unauthorised actor." While it's not yet known precisely what data was accessed during the breach, the system affected held a treasure trove including "Certain individuals' names, dates of birth, driver's license numbers/state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials," the company confirmed in a statement regarding the attack.

Attackers have stolen 1 TB of proprietary data belonging to Saudi Aramco and are offering it for sale on the darknet. Saudi Aramco has pinned this data incident on third-party contractors and tells BleepingComputer that the incident had no impact on Aramco's operations.

Fashion retailer Guess last week confirmed that the personal data of some customers was compromised in a ransomware attack it suffered in February 2021. The incident, Guess says, was discovered on February 19.

According to a recent study conducted by Aberdeen, an insider data breach can cost as much as 20% of annual revenue. Allowing the freedom of data movement and keeping trade secrets, including source code, and confidential customer lists, business plans, pricing and the like - secure from malicious and unintentional insider risks will be a continuing challenge if security organizations don't recast their data security strategies and approach to data stewardship.

American fashion brand and retailer Guess is notifying affected customers of a data breach following a February ransomware attack that led to data theft. "A cybersecurity forensic firm was engaged to assist with the investigation and identified unauthorized access to Guess' systems between February 2, 2021 and February 23, 2021," the company said in breach notification letters mailed to impacted customers.

Mint Mobile has disclosed a data breach after an unauthorized person gained access to subscribers' account information and ported phone numbers to another carrier. According to the data breach notification email sent to affected subscribers this weekend, between June 8th and June 10th, a threat actor ported the phone numbers for a "Small" number of Mint Mobile subscribers to another carrier without authorization.

CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. CNA is considered the seventh-largest commercial insurance firm in the US based on stats from the Insurance Information Institute.

Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor. Guidehouse, a third-party vendor that provides account maintenance services to Morgan Stanley's StockPlan Connect business, notified the investment banking company in May 2021 that attackers hacked its Accellion FTA server to steal information belonging to Morgan Stanley stock plan participants.

The British Airways data breach not-quite-a-class-action hasn't ended after all, a rival to yesterday's law firm has told The Register. Following PGMBM's announcement that it has settled its case with the airline over the theft of nearly 400,000 people's personal data - including some credit card details - rival outfit Your Lawyers says its own case against BA is still ongoing.