Security News
Personal information of over 2,3 million individuals has been stolen by attackers as part of the massive data grab via compromised Snowflake accounts without MFA protection, Advance Auto Parts has confirmed by filing notices with the attorney general offices in several US states. In May, the company has notified the US Securities and Exchange Commission of the compromise, without naming Snowflake - a cloud-based data storage and analytics company base in the US, as the third party hosting the data.
Advance Auto Parts is sending data breach notifications to over 2.3 million people whose personal data was stolen in recent Snowflake data theft attacks. Advance has completed its internal investigation into the incident and has determined that the data breach impacted 2,316,591 million people.
Evolve Bank & Trust (Evolve) is sending notices of a data breach to 7.6 million Americans whose data was stolen during a recent LockBit ransomware attack. [...]
A May 2024 data breach disclosed by American luxury retailer and department store chain Neiman Marcus last month has exposed more than 31 million customer email addresses, according to Have I Been Pwned founder Troy Hunt, who analyzed the stolen data. In a separate incident notification published on its website, Neiman Marcus revealed that the data exposed in the attack included names, contact information, dates of birth, gift card info, transaction data, partial credit card and Social Security numbers, and employee identification numbers.
Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees. [...]
Security in brief It's been a week of bad cyber security revelations for OpenAI, after news emerged that the startup failed to report a 2023 breach of its systems to anybody outside the organization, and that its ChatGPT app for macOS was coded without any regard for user privacy. According to an exclusive report from the New York Times, citing a pair of anonymous OpenAI insiders, someone managed to breach a private forum used by OpenAI employees to discuss projects early last year.
Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. The investigation revealed that the partner had been compromised by hackers who leveraged the hijacked account to gain unauthorized access to HealthEquity's systems and, later, exfiltrate sensitive health data.
FIA, the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. Founded in 1904 as the Association Internationale des Automobile Clubs Reconnus, FIA is a non-profit international association that coordinates many auto racing championships, including Formula 1 and the World Rally Championship.
Buy now, pay later loan company Affirm is warning that holders of its payment cards had their personal information exposed due to a data breach at its third-party issuer, Evolve Bank & Trust. After researchers analyzed the data, it was determined that it had been stolen from Evolve Bank & Trust, which confirmed to BleepingComputer that the data belonged to them.
Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach. According to an 8-K form filed with the U.S. Securities and Exchange Commission, Prudential detected the incident on February 5, one day after the attackers breached its systems and accessed administrative/user data and employee/contractor accounts.