For what… about 14 years now… I have pointed out how many non-medical entities hold sensitive medical information on consumers that may get caught up in breaches. Today’s example is out of the U.K., where Phoebe Ram reports: The bank account details and medical histories of ‘possibly thousands’ of people were stolen during a cyber…
Category: Business Sector
Israeli companies targeted with new Pay2Key ransomware
Catalin Cimpanu reports: Several companies and large corporations from Israel have been breached and had their systems encrypted using a new strain of ransomware named Pay2Key, in what appears to be a targeted attack against Israeli networks. The first attacks were seen in late October but have now grown in numbers while also remaining contained…
Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file
Thomas Claburn reports: Updated A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking. The site, found at the insecure non-HTTPS URL http://deloittehackeriq.com/, makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site’s mySQL database….
Club Fitness Provides Notice of Data Security Incident
A press release discloses a breach involving Club Fitness Holdings, Inc. (“Club Fitness”): On June 18, 2020, Club Fitness discovered a data security event that prevented access to data and programs on its network. Upon learning this, Club Fitness immediately began an investigation, and took action to secure and restore access to its network. Club Fitness…
Another Indian pharmaceutical giant reports cybersecurity breach within two weeks of ransomware hack on Dr Reddy’s
Prabhjote Gill reports: Another leading Indian pharmaceutical, Lupin, has reported a cybersecurity attack on its IT systems within two weeks of a ransomware attack on Dr Reddy’s Laboratories. “We have recently experienced an information security incident that has affected several of our internal IT systems. This has not impacted our core systems and operations,” Lupin…
Id: Fintech Cermati data breach points to urgency for data protection law: Experts
Eisya A. Eloksari reports: A recent data breach case involving fintech aggregator platform Cermati.com, the fifth known this year, again highlights the vulnerability of user data on digital platforms and the urgency of a personal data protection bill, experts have said. Data on almost 3 million users from fintech aggregator platform Cermati.com was leaked and sold online…