Sean Lyngaas reports: An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data and the government’s step-by-step response. It illuminates a sequence of events that lawmakers have struggled to pin down in public hearings with Obama administration officials. The timeline makes clear that the heist…
Category: Malware
JP: Pension data leak points to deeply flawed security culture
The Asahi Shimbun has an editorial about the Japan Pension Service leak reported previously on this blog. The editorial begins: Two reports have been released about the leak of personal data concerning 1.25 million or so people from the Japan Pension Service’s computer system due to a security breach caused by e-mails containing computer viruses….
Update: Fred’s Inc. says no evidence that payment card data was exfiltrated in breach
More details have emerged about the breach acknowledged by Fred’s Inc. after Brian Krebs contacted them. Ted Evanoff reports that two servers were compromised by malware. Although the company would not disclose how many customers were affected, their public relations firm issued a statement that said, in part: The investigation determined that an unauthorized person gained…
Lee’s Deli: breach of payment card system at two locations
As submitted to the California Attorney General’s Office, this notice from Sterling M Enterprises (dba Lee’s Deli): We recently learned that unauthorized individuals installed malicious software on computer systems used to process credit card transactions at our Lee’s Deli locations at 75 Battery Street in San Francisco, CA and 4200 Bohannon Drive in Menlo Park,…
Russian hackers use Twitter to mask sneaky data theft: FireEye
Jeremy Kirk reports: A group of suspected Russian hackers are using Twitter in a clever way to mask their data-stealing malware, according to computer security firm FireEye. Hackers have long used social networking services for relaying commands to their malware. But FireEye says this group — which it calls APT 29 — has taken it…
Children’s National Medical Center faces suit for hack of up to 18,000 patients’ data
There’s a follow-up to a breach disclosed in March by the Children’s National Medical Center. Tina Reed reports: Children’s National Health System is facing a potential class-action lawsuit following the hack of the personal data of up to 18,000 patients last year. Fardoes Khan, a longtime patient at Children’s, filed the suit after receiving a…