Security News

Car insurance provider Geico has suffered a data breach where threat actors stole the driver's licenses for policyholders for over a month. Geico is the second-largest car insurance company in the United States, with over 17 million policies for more than 28 million vehicles.

Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. Reacting to the development, the company however said it had recently upgraded its security systems following reports of "Unauthorized access into our database" while stressing that users' funds and securities remained protected.

How scammers copied a government website almost to perfection. What to do about those fake "Bug" hunters who ask for payment for finding "Vulnerabilities" that aren't.

Specialty networking solutions provider Belden on Wednesday shared an update on the data breach disclosed in November 2020, and said health-related information was also exposed. Belden revealed in November that it had detected a data breach that resulted in the theft of some information pertaining to business partners, as well as current and former employee data.

The Dutch Data Protection Authority - the country's data protection regulator - has fined online travel and hotel booking company Booking.com almost half a million Euros over a data breach. The Dutch Data Protection Authority has imposed a €475,000 fine on Booking.com because the company took too long to report a data breach to the DPA. When the breach occurred, criminals obtained the personal data of over 4,000 customers.

US bank Capital One notified additional customers that their Social Security numbers were exposed in a data breach announced in July 2019. The day the breach was disclosed, the Department of Justice arrested and indicted the suspected hacker, former Amazon Web Services employee Paige Thompson, who posted about stealing data on GitHub after infiltrating Capital One's AWS cloud servers.

Shares of New York City-based IoT device maker Ubiquiti fell significantly this week following a report claiming that the recently disclosed data breach was "Catastrophic" and that its impact was downplayed. Cybersecurity blogger Brian Krebs reported on Tuesday, March 30, that he learned from someone involved in the response to the breach that Ubiquiti "Massively downplayed" an incident that was actually "Catastrophic," in an effort to minimize impact on its value on the stock market.

Indian digital financial services platform Mobikwik denies claims that almost 8 TB of data put up for sale was allegedly stolen from its servers. The threat actor who put the allegedly stolen data up for sale also created a search portal to allow anyone to check if their data is included in the stolen data.

British clothing brand FatFace has sent a controversial 'confidential' data breach notification to customers after suffering a ransomware attack earlier this year. This week, customers began receiving data breach notifications revealing that the popular lifestyle clothing brand, FatFace, had suffered a data breach after a cyberattack on January 17th, 2021.

A proposed executive order would set new rules on the disclosure of data breaches that also affect United States government agencies, according to a Reuters news report. The report said the executive order, which could be released as soon as the next week, would require software vendors to notify U.S. government customers of cyber-security breaches that also affect them.