Bloomberg has an interesting follow-up on a headline-grabbing report from this week: Millions of pieces of personal data, including fingerprints, may have been leaked from a cloud-based service that stores biometric data for companies and organizations worldwide, security researchers said. Computer scientists working with software firm VpnMentor said they discovered a vulnerability in South Korean…
Category: Business Sector
Hy-Vee Announces Payment Card Breach
August 14 – Hy-Vee takes the security of payment card data very seriously. We want to make customers aware of an investigation we are conducting into a security incident involving our payment processing systems that is focused on transactions at some Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants, as well as to provide information…
Major breach found in biometrics system used by banks, UK police and defence firms
Josh Taylor reports: The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks. Suprema is the security company responsible for…
700k Choice Hotels customer records leaked
Paul Bischoff reports: Hackers claim to have stolen 700,000 guest records belonging to Choice Hotels, one of the largest hotel chains in the world. Comparitech collaborated with security researcher Bob Diachenko to uncover the unsecured database, which was left exposed and accessible to anyone with an internet connection. Diachenko immediately notified the company of the…
British Airways E-Ticketing Flaw Exposes Passenger Flight, Personal Data
Lindsey O’Donnell reports: A vulnerability in British Airways’ e-ticketing system could enable a bad actor to view passengers’ personal data or change their booking information. A security bug discovered in British Airways’ e-ticketing system has the potential to expose passengers’ data, including their flight booking details and personal information. Read more on Threatpost.
FBI: Nashville company Asurion paid $300K ransom after private data was stolen; former employee named as suspect
Brian Kelman reports: A Nashville corporation paid at least $300,000 in ransom to a extortionist who claimed he stole private info of thousands of employees and more than a million customers, according to new court records from an ongoing FBI investigation. Asurion, a global phone insurance and tech support company headquartered in the city, confirmed the breach but said it believes the suspect…