Marco De Felice reports: In these hours, the ransomware group Nefilim has published on the dark web a first part of data stolen from the American “ultra low cost” company Spirit Airlines. The first block contains over 40GB of data with over 33,000 files. Financial data, personal information of customers who purchased tickets to fly with…
Category: Business Sector
Data of 580,000 Singapore Airlines customers leaked in SITA security breach
Toh Ting Wei reports: About 580,000 Singapore Airlines (SIA) customers have been affected by a data leak at an external firm. SIA said in a statement yesterday that members of its KrisFlyer and PPS Club reward programmes have had their membership numbers, tier status and, in some cases, membership names compromised. […] SIA said the…
The Accellion breach also impacted Qualys; threat actors start dumping files
As I noted yesterday on Twitter, Qualys was added to threat actor CLOP’s leak site, raising the question as to whether the firm had been an Accellion client. They had. Qualys issued a statement later yesterday. It said, in part: Qualys has confirmed that there is no impact on the Qualys production environments, codebase or…
Payroll giant PrismHR outage likely caused by ransomware attack
Lawrence Abrams reports: Leading payroll company PrismHR is suffering a massive outage after suffering a cyberattack this weekend that looks like a ransomware attack from conversations with customers. PrismHR is an online payroll, benefits, and human resources platform used by Professional employer organizations (PEO). PEOs use this platform to provide payroll, HR, and benefits services…
Serasa asked for bank passwords and will reveal itself
Leonard Manson reports: The São Paulo Consumer Protection and Defense Program (Procon-SP) notified Serasa on Monday (1st) to provide clarifications on the collection, and possible use, of the internet banking passwords required by the credit bureau to carry out searches on the site. The request for a bank password, made in the “customer area”, was…
Rookie coding mistake prior to Gab hack came from site’s CTO
Sometimes you read a story and think, “Oh. This is just too perfect.” This is one of those times. Dan Goodin reports: Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of…