On January 25, Michaels Stores issued a statement that began: Michaels Stores, Inc. (the “Company” or “Michaels”) recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting that the Company may have experienced a data security attack. The Company is working closely with federal law enforcement and is conducting an…
Category: Breach Incidents
Law firm notifies employees after vendor’s server accessed
So here’s another case where a vendor’s database was accessed by someone who was able to acquire a client’s login credentials: The international law firm of McKenna Long & Aldridge notified the Maryland Attorney General’s Office on February 26 that 441 current and former employees’ W-2 information and other information were involved: As a result…
Computer theft at Greenleaf Book Group
A janitor is suspected of being responsible for the theft of five desktop computers and laptops from the Austin, Texas office of Greenleaf Book Group (GBG). The theft was discovered on January 18. At least one of the computers held current and past customer and vendor information including names, email addresses, credit card information, and in…
Payroll processor hack affects at least two clients’ employees
The breach at payroll processor BenefitMall (formerly Compupay) that affected Kenerson Associates also affected the Tribeca Film Institute, according to this notification to the Maryland Attorney General’s Office and to affected employees. If anyone sees other notifications from other affected clients, please let me know and I’ll add them here.
UK: Morrisons supermarket suffers major payroll data breach (Updated)
John E. Dunn reports: British supermarket Morrisons has reportedly suffered a major data breach which saw the pay-roll data of an unknown number of its 100,000 staff stolen and published on a website. In an email sent to staff and later seen by TV media, the attack was said to have involved the theft of…
EC-Council notifies members of recent breach
John Leyden of The Register reports that the EC-Council sent out a notification to its members about the February breach noted previously on this blog. Here’s the full text of their message: On Saturday, February 22nd, 2014, the ICANN-accredited domain registrar of EC-Council was compromised and as a result, EC-Council suffered a DNS Poisoning attack,…