Sergiu Gatlan reports: US bank Capital One notified additional customers that their Social Security numbers were exposed in a data breach announced in July 2019. The day the breach was disclosed, the Department of Justice arrested and indicted the suspected hacker, former Amazon Web Services (AWS) employee Paige Thompson, who posted about stealing data on GitHub after infiltrating Capital One’s AWS…
Category: U.S.
Robinhood Warns Customers of Tax-Season Phishing Scams
Elizabeth Montalbano reports: Attackers are impersonating the stock-trading broker using fake websites to steal credentials as well as sending emails with malicious tax files. Attackers have targeted customers of stock-trading broker Robinhood with a phishing campaign aimed to steal their credentials and spread malware using fake tax documents, the company has warned. Read more on…
Phone numbers for 533 million Facebook users leaked on hacking forum
Catalin Cimpanu reports: A threat actor has published the phone numbers and account details for an estimated 533 million Facebook users —about a fifth of the entire social network’s user pool— on a publicly accessible cybercrime forum. According to samples reviewed by The Record today, the leaked data includes information that users posted on their profiles. Information…
J&B Importers falls victim to a ransomware attack
Bicycle Retailer reports: JBI was the victim of a ransomware attack Thursday, shutting down the global wholesale distributor’s website. A representative at JBI told BRAIN none of its customers’ business information was affected because that information is stored off-site. Read more on Bicycle Retailer. h/t, @Chum1ng0
MO: Affton School District discloses ransomware attack; current and former employees impacted
On February 25, Affton School District notified its community about a ransomware attack. As part of their notification, they wrote: We do not believe any sensitive information has been accessed and no personal data, financial information, or grades have been found to be compromised. As a routine layer of protection, this information is stored on…
Good Luck Explaining to HHS Why Your PHI is in GitHub’s Vault for the Next 1,000 Years
You may see a number of hospitals and covered entities issuing statements this week about a data security incident involving Med-Data (Med-Data, Incorporated). So far, Memorial Hermann, U. of Chicago, Aspirus, and OSF Healthcare have posted notices. Others should be or may be posting soon. Here’s DataBreaches.net’s exclusive report on the incident. Another Day, Another…