Jennifer Schlesinger and Andrea Day report: It would be hard to walk into to a major business and walk away with all its sensitive information. But sometimes that’s not the case when it comes to online networks. Q6 Cyber, a cybersecurity firm that specializes in monitoring the dark web, showed CNBC a forum post in Russian where…
Category: Commentaries and Analyses
For $80 Million, Yahoo! Settles Shareholder Class Action Claiming Stock Price Losses from Data Breaches
Derek Borchardt and Craig A. Newman write: In the first notable resolution of a data breach-related securities fraud case, a federal court has preliminarily approved Yahoo!’s $80 million settlement based on multiple hacking incidents. As we reported, Yahoo! suffered two cyber-attacks in 2013 and 2014, which compromised the personal information of billions of users. Yahoo!,…
The 111 Million Record Pemiblanc Credential Stuffing List
Troy Hunt reports: ……. I’ve just loaded 111 million email addresses found in a credential stuffing list called “Pemiblanc” into HIBP. I had multiple different supporters of HIBP direct me to this collection of data which resided on a web server in France and looked like this: That site has now been taken down…
DOJ backtracks on linking OPM hack to loan fraud case
From the not-surprised dept.: I had suggested previously that claims that data used in identity theft came from the OPM hack were not very convincing. Now the government has walked back any claim that the data did come from the OPM hack. Mark Rockwell reports: The Justice Department said it jumped the gun with a…
Macy’s and Bloomingdale’s notify customers of attack
Thanks to Catalin Cimpanu of Bleeping Computer. Catalin called my attention to a notification from Macy’s about a breach affecting Macys.com and Bloomingdales.com customers. I had actually tweeted about that breach notification last week but I seem to have forgotten to post anything here. What I had tweeted was: I don’t often see this kind…
Security Firm Sued for Failing to Detect Malware That Caused a 2009 Breach
Catalin Cimpanu reports: Two insurance companies are suing a cyber-security firm to recover insurance fees paid to a customer after the security firm failed to detect malware on the client’s network for months, an issue that led to one of the biggest security breaches of the 2000s. Read more on Bleeping Computer about how Lexington Insurance…