In my inbox last night: Hello, At ShareThis, protecting the security of the information in our possession is a responsibility we take very seriously. We write to notify you of a data security incident that may have exposed some of your personal information. This notice explains the incident and steps ShareThis has undertaken to address…
Category: Business Sector
UK: Newsquest websites compromised by major security breach
UKNIP247 reports: Hundred of thousands of website users trying to access local news have been effected (sic) by a virus that has been injected into a Newsquest sever we can reveal. Web users trying to access any of the Newquest titles are having their phone or web site browser hijacked greeting them with a thank…
Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach
Bob Diachenko reports: On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look (hint: any public IoT search engine, such as BinaryEdge). “Used by eight of the world’s ten largest,…
Axa staff sentenced for data theft in 2015 “Wolf of Manchester” case
Sian Barton reports: Four people have been sentenced for their part in a scam which saw 100 pieces of data a week stolen from Axa Insurance between July and December in 2015. The City of London Police’s Insurance Fraud Enforcement Department (IFED), which worked closely with Axa during the investigation, discovered that between 15 July…
Payroll Provider Gives Extortionists a Payday
Brian Krebs reports: Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company’s customers for nearly three days. Faced with the threat of an extended outage, Apex chose to pay the ransom demand and begin the process of restoring service to customers….
Tax Returns Exposed in TurboTax Credential Stuffing Attacks
Sergiu Gatlan reports: Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack. A credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and…