Hyatt is sending some customers enrolled in their loyalty points program, Gold Passport, notification of a possible breach of their information. As with some other loyalty card breach reports we’ve seen recently, Hyatt’s notification indicates that there is no evidence that their system was breached and that the miscreants may have obtained customers’ login credentials from other sources…
Month: April 2015
Costa Coffee Club warns of possible database intrusion
Paul Ducklin reports that A Naked Security reader just sent us a “possible breach” warning he received. This one’s from the Costa Coffee Club, a loyalty programme from Costa, a UK franchise that runs a chain of… …you guessed it, coffee shops. Read more on Naked Security.
Intuit lawsuit alleges firm facilitated fraud by lax security
Marisa Kendall reports: In a suit filed Monday against Intuit Inc., plaintiffs lawyers claim lax security protections in the company’s TurboTax software are to blame for a recent spike in fraudulent tax returns. Intuit didn’t take adequate steps to stop criminals from using TurboTax to steal customers’ personal information, file false returns on their behalf…
IN: St. Vincent Medical Group notifies patients after successful phishing attempt compromises PHI
St. Vincent Medical Group in Indiana, a member of Ascension Health, has provided a substitute notice following an e-mail phishing incident. According to their notice, a copy of which is posted on their web site, on December 3, 2014, they learned that an employee’s user name and password had been compromised as a result of e-mail phishing….
Dem: USIS data breach affected more than 27K
Elise Viebeck reports: The number of individuals victimized in a cyberattack on a major background investigation service is higher than previously reported, the House Oversight Committee’s top Democrat said Wednesday. Rep. Elijah Cummings (D-Md.) reported that the initial estimate of 27,000 federal employees compromised in the breach of government contractor USIS is now believed to…
CozyDuke hackers targeting prominent US targets
John Leyden reports: A newly discovered group of cyber-spies are closely targeting high profile US targets, possibly including both the White House and the State Department. The so-called CozyDuke hackers make extensive use of spear-phishing, sometimes using emails containing a link to a hacked (otherwise legitimate) websites such as “diplomacy.pl”. Read more on The Register.