On November 2, HSBC sent letters to an undisclosed number of customers concerning a breach of their accounts. A template of the letter was submitted to the California Attorney General’s Office. It states, in part: HSBC became aware of online accounts being accessed by unauthorized users between October 4, 2018 and October 14, 2018. When…
Category: Breach Incidents
Bowker Investigating Breach of ISBN Site
Jim Milliot reports: In a notice posted on its website late last week, R.R. Bowker said it has learned that unauthorized charges were being made on its www.myidentifiers.com website, which is responsible for issuing ISBNs. The company said its preliminary investigation has found that the breach appears to have happened over the course of multiple…
Australian Shipbuilder Hacked, Refuses to Pay Ransom
I thought I posted something on this already, but apparently I didn’t, so if you hadn’t heard already, an Australian shipbuilder who also has contracts with the U.S. Navy was hacked and the hacker made extortion demands that the firm has refused. Jeremy Kirk reports: Australia’s largest defense exporter says it hasn’t responded to an…
British Airways admits CVV data “potentially compromised” in hack
Mark Caswell reports: British Airways has this afternoon issued an update on the recent theft of customer data from its website and mobile app. The carrier said that investigations now show that the details of 77,000 payment cards may potentially have been compromised, including “billing address, email address, card payment information, including card number, expiry…
Hack on 8 adult websites exposes oodles of intimate user data
Dan Goodin reports: A recent hack of eight poorly secured adult websites has exposed megabytes of personal data that could be damaging to the people who shared pictures and other highly intimate information on the online message boards. Included in the leaked file are (1) IP addresses that connected to the sites, (2) user passwords…
What NOT to do when researchers notify you of a breach
This story is going to be straight up, forward and simple. What not to do when a researcher like myself contacts you about a security incident. Every day all around the world researchers are being ignored by those who they attempt to help out. Recently another researcher discovered a open s3 bucket that belong to…