The 2017 W-2 Phishing Victims List continues to grow, and I’m not posting most of them as individual reports, but one news story involving Monarch Beverage Company in Indianapolis deserves special mention because as CBS reports: While investigating this incident, the company discovered the same thing happened in April 2016. A scammer posing as the…
Category: Business Sector
Good guy Logic Supply resolves breach in days, unlike some companies
John Leyden reports: US-based industrial computer supplier Logic Supply has reset user passwords following a suspected security breach. Unauthorised access through the firm’s website on 6 February may have exposed customer/company names, usernames and passwords, and order information. Payment card details were not exposed, Logic Supply reassured customers in a breach notification email (extract below) forwarded to El…
IL: Alton Steel employees report tax refund fraud following W-2 phishing incident (Updated)
Update: This incident actually was a phishing incident, and The Telegraph‘s story now reflects that, so I’m adding this one to the 2017 victims list. Originally, their story sounded like a straight-up hack. Their story now reads: The Alton steel company’s data system was victim to a “phishing expedition,” according to Alton Steel CEO Jim…
Sports Direct hacked last year, but still hasn’t told its staff of data breach?
Alexander J. Martin reports: Sports Direct has left its 30,000-strong workforce in the dark over a data breach in the autumn when a hacker accessed internal systems containing staffers’ personal information. The Register can reveal the UK’s largest sports retail business was the subject of a digital break-in during September, when an attacker exploited public vulnerabilities…
Laptop-light GoCardless says customers’ personal data may have been lifted
John Leyden reports: London-based payment processing firm GoCardless is warning customers that their personal information might have been exposed following the theft of 19 laptops from its offices last month. The “password protected” (not encrypted) laptops contained a file with customer personal data including email address, passport number, date of birth, and name. Leak of…
Pro-Trump group hacked, website taken down in Cabinet fight
Tom LoBianco reports: A prolific Republican super PAC pushing President Donald Trump’s Cabinet took down its website temporarily Monday after hackers got in and retitled sections “Make America S****y Again” and scrawled “Black Lives Matter” across the video section. The 45 Committee — a PAC started by mega-donors Todd Ricketts and Sheldon Adelson — released…