July 2, 2024 at 05:30PM A ransomware attack on a financial services provider has reverberated across its partners, leading to potential exposure of customer data. The attack, launched by the LockBit group, targeted Evolve Bank & Trust, compromising customer information. This has rippled through multiple companies, including Wise and Affirm, prompting investigations and concerns among … Read more
June 4, 2024 at 10:14AM An API authorization-bypass flaw in Cox Communications’ infrastructure exposed millions of business customer devices to attacks. Independent bug researcher Sam Curry identified and reported the issue, leading to a prompt fix by the provider. Potential risks included unauthorized access to customer information, Wi-Fi passwords, and connected devices. The vulnerability highlighted … Read more
May 17, 2024 at 01:42PM Slack’s privacy controversy arises from scraping customer data, including messages and files, for AI/ML model development without user opt-in. Despite assurances, Slack admins are seeking to opt-out of data scraping. While Slack insists on technical controls, CISOs argue customers should not bear this burden. Slack assures platform-level ML model transparency … Read more
April 29, 2024 at 10:00AM Businesses urgently adopt new technology to meet customer demands, but this poses cybersecurity risks. A proactive approach integrating cybersecurity defenses with new technology implementation is essential. CEOs invest in AI and cloud solutions to enhance customer experience but often neglect cybersecurity, leaving businesses and customers vulnerable. Integrated cybersecurity measures improve … Read more
February 23, 2024 at 03:11PM U-Haul notifies 67,000 customers in the US and Canada of a security breach on December 5th. Intruders gained access to customer records with personal data, but no financial info was compromised. U-Haul enhanced security measures and offered affected customers a free one-year membership with Experian IdentityWorks Credit 3B. Identity-related attacks … Read more
January 26, 2024 at 11:03AM 23andMe admitted to failing to detect malicious activity for 5 months while attackers exploited user accounts using credential stuffing techniques. The breach exposed data from 6.9 million individuals with DNA Relatives enabled. The company started mandating two-factor authentication only after the breach, and blamed users’ negligence for the incident. The … Read more
December 27, 2023 at 12:46PM LoanCare, a sub-servicing provider overseeing $390 billion in balances from 1.2 million loans, reported a data breach at its parent company, Fidelity National Financial. Approximately 1.3 million borrowers’ sensitive information was compromised, including names, addresses, Social Security numbers, and loan numbers. LoanCare is offering affected individuals identity monitoring services through … Read more
December 19, 2023 at 05:51AM Xfinity, a division of Comcast Cable Communications, revealed a security breach where attackers exploited a Citrix server vulnerability, compromising sensitive data of 35,879,455 customers. This includes usernames, hashed passwords, and potentially other personal details. Despite password reset requests, customers were left uncertain. Comcast asserts prompt patching and monitoring for customer … Read more
December 18, 2023 at 11:09AM VF Corporation, a major apparel and footwear company, has suffered a ransomware attack resulting in the theft of sensitive corporate and personal data. Hackers disrupted business operations, affecting its ability to fulfill ecommerce orders and hijacked company and personal data. Retail stores remain open but are experiencing operational disruptions. The … Read more
October 18, 2023 at 02:08PM An additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany have been leaked by a hacker known as ‘Golem’. The data was obtained through credential stuffing attacks on weak passwords. The hacker claims the stolen data includes genetic information on wealthy individuals and a … Read more