Security News

US bank Capital One notified additional customers that their Social Security numbers were exposed in a data breach announced in July 2019. The day the breach was disclosed, the Department of Justice arrested and indicted the suspected hacker, former Amazon Web Services employee Paige Thompson, who posted about stealing data on GitHub after infiltrating Capital One's AWS cloud servers.

Shares of New York City-based IoT device maker Ubiquiti fell significantly this week following a report claiming that the recently disclosed data breach was "Catastrophic" and that its impact was downplayed. Cybersecurity blogger Brian Krebs reported on Tuesday, March 30, that he learned from someone involved in the response to the breach that Ubiquiti "Massively downplayed" an incident that was actually "Catastrophic," in an effort to minimize impact on its value on the stock market.

Indian digital financial services platform Mobikwik denies claims that almost 8 TB of data put up for sale was allegedly stolen from its servers. The threat actor who put the allegedly stolen data up for sale also created a search portal to allow anyone to check if their data is included in the stolen data.

British clothing brand FatFace has sent a controversial 'confidential' data breach notification to customers after suffering a ransomware attack earlier this year. This week, customers began receiving data breach notifications revealing that the popular lifestyle clothing brand, FatFace, had suffered a data breach after a cyberattack on January 17th, 2021.

A proposed executive order would set new rules on the disclosure of data breaches that also affect United States government agencies, according to a Reuters news report. The report said the executive order, which could be released as soon as the next week, would require software vendors to notify U.S. government customers of cyber-security breaches that also affect them.

Private aviation services provider Solairus Aviation on Tuesday announced that some employee and customer data was compromised in a security incident at third-party vendor Avianis. In a data breach announcement on March 23, Solairus said aviation business management platform provider Avianis provided notification last December about an intrusion into Avianis' Microsoft Azure cloud platform, which hosts Solairus flight scheduling and tracking system.

Energy giant Shell has disclosed a data breach after attackers compromised the company's secure file-sharing system powered by Accellion's File Transfer Appliance. Shell disclosed the attack in a public statement published on the company's website last week and said that the incident only affected the Accellion FTA appliance used to transfer large data files securely.

Sontiq announced it has acquired data breach intelligence fintech Breach Clarity. As a result of the acquisition, Sontiq's products - IdentityForce, Cyberscout, and EZShield - all built on its tech-enabled IIS Platform, will have the proprietary capability, BreachIQ. Sontiq is the first provider in the identity security marketplace to offer consumers an AI-driven and proprietary personalized risk score with actionable next steps based on their unique data breach history.

US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January. On Friday, Flagstar Bank issued a security disclosure on their website and began emailing customers about a breach of their Accellion FTA server.

Passenger data from multiple airlines around the world has been compromised after hackers breached servers belonging to SITA, a global information technology company. A SITA representative told BleepingComputer that the intrusion impacts data of passengers from the airlines listed below.