Security News

UPDATE. Magellan Health, the Fortune 500 insurance company, has reported a ransomware attack and a data breach. "Once the incident was discovered, Magellan immediately retained a leading cybersecurity forensics firm, Mandiant, to help conduct a thorough investigation of the incident. The investigation revealed that prior to the launch of the ransomware, the unauthorized actor exfiltrated a subset of data from a single Magellan corporate server, which included some of your personal information."

According to the security company that verified its authenticity, Cyble, this is data that a specialised group of internet users will find far more interesting - a database of criminal account holders of the now defunct WeLeakData.com breach data trading forum. Such sites have sprung up in the wake of a tidal wave of public data breaches, giving criminals a one-stop shop for accessing the stuff without having to do unnecessary legwork.

Web hosting provider and domain registrar GoDaddy was hit by a data breach that compromised the account credentials of around 28,000 customers. "On April 23, 2020, we identified SSH usernames and passwords had been compromised by an unauthorized individual in our hosting environment. This affected approximately 28,000 customers. We immediately reset these usernames and passwords, removed an authorized SSH file from our platform, and have no indication the individual used our customers' credentials or modified any customer hosting accounts. The individual did not have access to customers' main GoDaddy accounts."

GoDaddy has been notifying customers of a data breach that may have resulted in their web hosting account credentials getting compromised. "We need to inform you of a security incident impacting your GoDaddy web hosting account credentials," the accompanying customer notification letter reads.

American education technology company Chegg this week sent notifications to its employees to inform them of a data breach that occurred earlier this month. The company says that it learned of the data breach on April 10, 2020, and that the information of both current and former employees might have been exfiltrated in the incident.

Attackers used an account checker tool to identify Nintendo accounts with compromised and vulnerable login credentials, says SpyCloud. The recent data breach that hit Nintendo affected 160,000 people, resulting in account takeovers and financial losses for a host of users.

A breach has impacted the accounts of some 160,000 Nintendo users. Nintendo users are being forced to change passwords following a data breach that has affected 160,000 people.

A data breach is an event that can affect any website, especially at the worst possible time. One of the latest organizations impacted by a breach is the Small Business Administration through an incident in which the personal data of 7,913 users was mistakenly shared with other people.

Thousands of small business owners reeling from the aggressive measures taken to halt the spread of the coronavirus may have had their personal information exposed last month on a government website that handles disaster loan applications. The Small Business Administration said Tuesday that the personal information of more than 7,000 business owners applying for economic injury disaster loans was potentially seen by other applicants on the SBA website on March 25.

Massachusetts and Indiana, the only two U.S. states that independently sued Equifax over the massive data breach that occurred in 2017, have settled with the credit reporting agency for a total of close to $40 million. The Equifax data breach affected roughly 147 million people.