Jim Milliot reports: In a notice posted on its website late last week, R.R. Bowker said it has learned that unauthorized charges were being made on its www.myidentifiers.com website, which is responsible for issuing ISBNs. The company said its preliminary investigation has found that the breach appears to have happened over the course of multiple…
Category: Breach Incidents
Australian Shipbuilder Hacked, Refuses to Pay Ransom
I thought I posted something on this already, but apparently I didn’t, so if you hadn’t heard already, an Australian shipbuilder who also has contracts with the U.S. Navy was hacked and the hacker made extortion demands that the firm has refused. Jeremy Kirk reports: Australia’s largest defense exporter says it hasn’t responded to an…
British Airways admits CVV data “potentially compromised” in hack
Mark Caswell reports: British Airways has this afternoon issued an update on the recent theft of customer data from its website and mobile app. The carrier said that investigations now show that the details of 77,000 payment cards may potentially have been compromised, including “billing address, email address, card payment information, including card number, expiry…
Hack on 8 adult websites exposes oodles of intimate user data
Dan Goodin reports: A recent hack of eight poorly secured adult websites has exposed megabytes of personal data that could be damaging to the people who shared pictures and other highly intimate information on the online message boards. Included in the leaked file are (1) IP addresses that connected to the sites, (2) user passwords…
What NOT to do when researchers notify you of a breach
This story is going to be straight up, forward and simple. What not to do when a researcher like myself contacts you about a security incident. Every day all around the world researchers are being ignored by those who they attempt to help out. Recently another researcher discovered a open s3 bucket that belong to…
An OCR investigation illustrates the value of investigating small and medium-sized entities
One of the common themes in discussing security is that many organizations are not “mature” yet. And of course, as HIPAA recognizes in its security rule, smaller practices should not be expected to do everything you might expect a larger hospital system to do. But even small or medium-sized entities need to comply with the core…