A breach involving coffee customer data at Caribou Coffee stores throughout the country. A notice on their web site explains: Data Security Notice Dear Valued Guests: We want to be in touch with you regarding a recent incident that may have involved access to your payment card information. What Happened On November 28, 2018, we…
Month: December 2018
Eyeware retailer Warby Parker forces password reset; notifies 198,000 customers of credential stuffing attack
Sam Woods reports: Eyewear retailer Warby Parker announced Thursday that it had suffered a cybersecurity breach that may have affected up to 198,000 customers.Hackers accessed customer usernames and passwords from unrelated cyber break-ins at other companies, according to a Warby Parker news release. The hackers then used that information to try to gain unauthorized access to client…
LifeBridge sued over 2016 breach
Remember the LifeBridge malware incident disclosed earlier this year where more than 500,000 patients were notified of a malware incident that had been discovered in March, 2018? LifeBridge’s notification indicated that their investigation had revealed that an unauthorized person had accessed the server in 2016. It wasn’t totally clear to me at the time whether…
Man pleads guilty to phishing scheme that victimized Connecticut school employees
A 36-year-old Nigerian citizen pleaded guilty Thursday before a federal judge to a conspiracy charge stemming from a scheme to obtain the personal identifying information of school employees, including some at Sacred Heart Academy in Hamden. Olukayode Ibrahim Lawal, last living in Smyrna, Georgia, pleaded guilty before U.S. District Judge Jeffrey A. Meyer in New…
NY: Ronin Gallery notifies customers of payment card breach
So I meant to report on this breach last week, but when I went to their web site to see if they had any notification up, I started browsing all the Japanese and Eastern Asian art, and forgot to get back to writing up the breach report. Thanks to “Russy” who sent me a reminder…
Hackers bypass two-factor authentication “at scale”
Sam Tidmarsh reports: Multiple credentials phishing campaigns targeting human rights activists and journalists across the Middle East and North Africa have been disclosed by Amnesty International. Credentials phishing deploys imitations of websites, wherein a login prompt lures a victim into entering their personal details, which are then transmitted to the attacking party. In this case,…