Marriott Faces $123 Million GDPR Fine Over Starwood Data Breach

By: Wang Wei

After fining British Airways with a record fine of £183 million earlier this week, the UK’s data privacy regulator is now planning to slap world’s biggest hotel chain Marriott International with a £99 million ($123 million) fine under GDPR over 2014 data breach.

This is the second major penalty notice in the last two days that hit companies for failing to protect its customers’ personal and financial information compromised and implement adequate security measures.

In November 2018, Marriott discovered that unknown hackers compromised their guest reservation database through its Starwood hotels subsidiary and walked away with personal details of approximately 339 million guests.

The compromised database leaked guests’ names, mailing addresses, phone numbers, email addresses, dates of birth, gender, arrival and departure information, reservation date, and communication preferences.

The breach, which likely happened in 2014, also exposed unencrypted passport numbers for at least 5 million users and credit card records of eight million customers.

According to the Information Commissioner’s Office (ICO), nearly 30 million residents of 31 countries in the European and 7 million UK residents were impacted by the Marriott data breach.

The ICO’s investigation found that Marriott failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems.

Last year, the General Data Protection Regulation (GDPR) was introduced in Europe that forces companies to make sure the way they collect, process, and store data are safe.

More: https://thehackernews.com/2019/07/marriott-data-breach-gdpr.html?m=1

Attackers steal credit card details in Vision Direct data breach

By: Keumars Afifi-Sabet

Personal information and sensitive credit card details, including CVV codes, taken in five-day attack

Attackers have compromised Vision Direct customers’ contact information and financial details, including complete card numbers, expiry dates and the CVV security code.

The UK retailer specialising in contact lenses told a number of its customers this weekend that their details had been stolen in a data breach that lasted five days, between 3 and 8 November.

The attackers made away with personal information, such as full name, address, phone number, email address, and password, as well as customers’ financial details including the CVV security code required to complete online transactions.

 “Unfortunately this information could be used to conduct fraudulent transactions,” Vision Direct UK said in a letter to customers.

“Vision Direct has taken steps to prevent any further data theft, the website is working normally and we are working with the authorities to investigate how this theft occurred.”

Vision Direct did not say how many users may have been affected and did not offer an explanation at this early stage.

The company has asked users to review their bank statements as soon as possible and change their passwords on the website.

More: https://www.itpro.co.uk/data-breaches/32393/attackers-steal-credit-card-details-in-vision-direct-data-breach

Boys Town Healthcare Data Breach Exposed Personal Details of Patients

By: Wang Wei

Another day, Another data breach!

This time-sensitive and personal data of hundreds of thousands of people at Boys Town National Research Hospital have been exposed in what appears to be the largest ever reported breach by a pediatric care provider or children’s hospital.

According to the U.S. Department of Health and Human Services Office for Civil Rights, the breach incident affected 105,309 individuals, including patients and employees, at the Omaha-based medical organization.

In a “Notice of Data Security Incident” published on its website, the Boys Town National Research Hospital admitted that the organization became aware of an abnormal behavior regarding one of its employees’ email account on May 23, 2018.

After launching a forensic investigation, the hospital found that an unknown hacker managed to infiltrate into the employee’s email account and stole personal information stored within the email account as a result of unauthorized access.

The hacker accessed the personal and medical data of more than 100,000 patients and employees, including:

  • Name
  • Date of birth
  • Social Security number
  • Diagnosis or treatment information
  • Medicare or Medicaid identification number
  • Medical record number
  • Billing/claims information
  • Health insurance information
  • Disability code
  • Birth or marriage certificate information
  • Employer Identification Number
  • Driver’s license number
  • Passport information
  • Banking or financial account number
  • Username and password

With this extensive information in hand, it’s most likely that hackers are already selling personal information of victims on the dark web or attempting to carry out further harm to them, particularly child patients at the hospital.

However, The Boys Town National Research Hospital says it has not received any reports of the misuse of the stolen information so far.

More: https://thehackernews.com/2018/07/data-breach-healthcare.html?m=1

Singapore’s Largest Healthcare Group Hacked, 1.5 Million Patient Records Stolen

By: Mohit Kumar

Singapore’s largest healthcare group, SingHealth, has suffered a massive data breach that allowed hackers to snatch personal information on 1.5 million patients who visited SingHealth clinics between May 2015 and July 2018.

SingHealth is the largest healthcare group in Singapore with 2 tertiary hospitals, 5 national specialty , and eight polyclinics.

According to an advisory released by Singapore’s Ministry of Health (MOH), along with the personal data, hackers also managed to stole ‘information on the outpatient dispensed medicines’ of about 160,000 patients, including Singapore’s Prime Minister Lee Hsien Loong, and few ministers.

“On 4 July 2018, IHiS’ database administrators detected unusual activity on one of SingHealth’s IT databases. They acted immediately to halt the activity,” MOH said.

The stolen data includes the patient’s name, address, gender, race, date of birth, and National Registration Identity Card (NRIC) numbers.

The Ministry of Health said the hackers “specifically and repeatedly” targeted the PM’s “personal particulars and information on his outpatient dispensed medicine.”

So far there’s no evidence of who was behind the attack, but the MOH stated that the cyber attack was “not the work of casual hackers or criminal gangs.” The local media is also speculating that the hack could be a work of state-sponsored hackers.

Investigations by the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) also confirmed that “this was a deliberate, targeted, and well-planned cyberattack.”

More: https://thehackernews.com/2018/07/singapore-healthcare-breach.html?m=1

UK Shipper Clarksons Suffers Data Breach

By: sikur

Capturar.JPG

Phil Muncaster

30 NOV 2017

UK shipping giant Clarksons admitted on Wednesday that it has suffered a data breach and warned that the hacker may soon start leaking the stolen information.

The 165-year-old shipping services organization employs nearly 2000 staff worldwide, with operations in 21 countries.

In a notice yesterday it said it had been the subject of a cyber-break-in:

“Our initial investigations have shown the unauthorized access was gained via a single and isolated user account which has now been disabled. We have also put in place additional security measures to best prevent a similar incident happening in the future. Clarksons would like to reassure clients and shareholders that this incident has not, and does not, affect its ability to do business.”

It claimed that the hacker may release some of the data, but gave no indication of the kind of information that was stolen, or how many records, saying only that it is “confidential” and that “lawyers are on standby wherever needed to take all necessary steps to preserve the confidentiality in the information.”

This lack of transparency may be harder to get away with when the GDPR comes into force, with firms required to give a detailed account to regulators within 72 hours of discovery of a breach.

Clarksons said it is working with police and data security experts to get to the bottom of the incident and has notified the regulators. It has also accelerated roll-out of IT security measures as part of a program that began earlier in the year.

MORE: https://www.infosecurity-magazine.com/news/uk-shipper-clarksons-suffers-data/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

‘The nail in the coffin’: Russia’s top cyber firm may have made a ‘catastrophic’ mistake

By: sikur

By Natasha Bertrand

 

FILE PHOTO - An employee works near screens in the virus lab at the headquarters of Russian cyber security company Kaspersky Labs in Moscow July 29, 2013.  REUTERS/Sergei Karpukhin/File Photo

An employee in the virus lab at the headquarters of the Russian cybersecurity company Kaspersky Lab in Moscow.

  • Russian hackers reportedly stole top-secret intelligence from the National Security Agency by exploiting Kaspersky antivirus software.
  • Experts say that, depending on what was stolen from the contractor, the revelation could be “catastrophic” for Kaspersky Lab.
  • The FBI has warned the private sector not to use Kaspersky software, and President Donald Trump in September banned all government agencies from using it.

Investigators believe that software from Russia’s top cybersecurity firm, Kaspersky Lab, was involved in a theft of top-secret National Security Agency intelligence outlining how the US hacks its adversaries, The Wall Street Journal reported Thursday.

And depending on what was stolen, the breach could spell catastrophe for the company.

The Journal reported that an NSA contractor stole and downloaded onto his personal computer highly classified details about how the US penetrates foreign computer networks and defends itself against cyberattacks. (The Washington Post reported that the person was not a contractor but an employee working for the NSA’s elite hacking division known as Tailored Access Operations.)

Russian hackers then reportedly stole that intelligence by exploiting the Kaspersky antivirus software the contractor had been running on his computer.

The breach wasn’t discovered until the spring of 2016, according to The Journal and The Washington Post – nearly one year after the hackers are believed to have gained access to the intelligence.

MORE: https://amp-businessinsider-com.cdn.ampproject.org/c/s/amp.businessinsider.com/russian-hackers-nsa-kaspersky-lab-software-2017-10

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Amazon’s Whole Foods Market Suffers Credit Card Breach In Some Stores

By: sikur

hole

by Swati Khandelwal

28/09/2017

Another day, another data breach. This time Amazon-owned grocery chain has fallen victim to a credit card security breach.

Whole Foods Market—acquired by Amazon for $13.7 billion in late August—disclosed Thursday that hackers were able to gain unauthorized access to credit card information for its customers who made purchases at certain venues like taprooms and full table-service restaurants located within some stores.

Whole Foods Market has around 500 stores in the United States, United Kingdom, and Canada.

The company did not disclose details about the targeted locations or the total number of customers affected by the breach, but it did mention that hackers targeted some of its point-of-sale (POS) terminals in an attempt to steal customer data, including credit details.

The company also said people who only shopped for groceries at Whole Foods were not affected, neither the hackers were able to access Amazon transactions in the security breach.

MORE: https://thehackernews.com/2017/09/amazon-whole-foods.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Equifax CEO Steps Down Amid Data Breach Mess

By: sikur

usa-equifax-breach

by Tara Seals

26/09/2017

Equifax chief executive Richard Smith has stepped down amidst the spiraling aftermath of an enormous data breach that affects 143 million people, including most adult Americans and around 400,000 Britons.

Paulino do Rego Barros, the former president of the company’s Asia Pacific division, has taken up the mantle of interim CEO; and, Equifax’s board of directors has appointed board member Mark Feidler as Equifax’s nonexecutive chairman.

“The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right,” Smith said in a statement. “At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward.”

The credit reporting giant which, among other things, is responsible for determining credit scores based on people’s debt loads, credit repayment histories, credit availability and so on, revealed the breach earlier in September, a full six weeks after it was discovered.

MORE: https://www.infosecurity-magazine.com/news/equifax-ceo-steps-down-data-breach/

 

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

1.9 Billion Data Records Exposed in First Half of 2017

By: sikur

images

by: Kelly Jackson Higgins

20/09/2017

Every second, 122 records are exposed in breaches around the globe, a new report shows. And that doesn’t even include the new Equifax breach data.

 More than 10 million data records are pilfered or lost every day around the world, a rate of more than 7,000 per minute: and that’s only the numbers from breaches that go public.

Some 1.9 billion data records were exposed in breaches in the first half of this year, a dramatic increase of 164% from the second half of 2016, according to the Breach Level Index for the first half of 2017, compiled by Gemalto.

“It blows me away at this moment that every single day, more than 10 million pieces of data are exposed,” says Jason Hart, vice president and CTO for data protection at Gemalto.

More: https://www.darkreading.com/attacks-breaches/19-billion-data-records-exposed-in-first-half-of-2017/d/d-id/1329929?elq_mid=80498&&elq_cid=23071917&&_mc=NL_DR_EDT_DR_daily_20170921&&cid=NL_DR_EDT_DR_daily_20170921&&elqTrackId=63987bfff3734837ad4490d577d696ba&&elq=a07b96d033cd41e88e62cf937517dc3e&&elqaid=80498&&elqat=1&&elqCampaignId=28083

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

The future of cybersecurity – Analytics and automation are the next frontier

By: sikur

cq5dam.web.1440.660

Cyber threats are growing in number and strength and the future of cybersecurity is looking ever more complex and challenging. Organizations are therefore turning to analytics and automation to aid cyber specialists in their job.

While cybersecurity can be a complex and challenging field, some aspects of it are all too clear. The number of threats to large organizations is growing rapidly, as is the number of bad actors who create them and the number of systems at risk from cyberattacks. Statista, a statistics portal, estimates that there are 22.9 billion connected devices in 2016, and predicts they will grow to 50 billion by 2020.1 The Internet of Things (IoT) will create massive needs and problems for cybersecurity as millions of devices come online. Data breaches are increasing, according to one report, by 85 percent a year, and in 2016, half a billion personal records were stolen or lost.2 How can organizations possibly keep up with such a scary growth trajectory?

In other domains of business that are subject to massive numbers of entities, a typical approach is to employ analytics and automation. These tools identify the most important events and entities. In customer analytics, for example, the normal approach is to segment customers by their value, focus on the most important ones, and predict what those customers are likely to buy. Automated offers can be customized to each customer’s preferences.

MORE: https://dupress.deloitte.com/dup-us-en/topics/analytics/future-of-cybersecurity-in-analytics-automation.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist