Saritha Rai has more on the BigBasket breach reported this past week: Cyberattackers have stolen the personal details of million users of top Indian internet grocer Bigbasket, the latest e-commerce data breach to emerge as home-bound consumers flock online. Bigbasket co-founder and chief executive officer Hari Menon confirmed the attack, which was first reported by…
Category: Hack
Luxottica has a lot more explaining to do
Update: My source was correct. On November 12, HHS added Luxottica’s report to their public breach tool. Luxottica reported, as a business associate, that 829,454 patients were impacted by the August breach. In September, we learned that the eyewear giant Luxottica had suffered a massive ransomware attack that resulted in its suspending operations in both…
UK: ‘Thousands’ of people could have had personal details in cyber attack on Sandicliffe car dealership
For what… about 14 years now… I have pointed out how many non-medical entities hold sensitive medical information on consumers that may get caught up in breaches. Today’s example is out of the U.K., where Phoebe Ram reports: The bank account details and medical histories of ‘possibly thousands’ of people were stolen during a cyber…
Lawrence General Hospital notifying patients of breach
Lawrence General Hospital in Massachusetts is notifying patients of a breach that occurred in September. In their disclosure, LGH notes that on September 19, they discovered a “data security incident that disrupted the operations of our IT systems.” Their investigation determined that an unauthorized party “may have accessed its IT systems between September 9, 2020…
Hackers are exploiting unpatched VoIP flaws to compromise business accounts
Danny Palmer reports: A hacking campaign has compromised VoIP (Voice over Internet Protocol) phone systems at over 1,000 companies around the world over the past year in a campaign designed to make profit from selling compromised accounts. While the main purpose appears to be dialling premium rate numbers owned by attackers or selling phone numbers…
Deloitte’s ‘Test your Hacker IQ’ site fails itself after exposing database user name, password in config file
Thomas Claburn reports: Updated A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking. The site, found at the insecure non-HTTPS URL http://deloittehackeriq.com/, makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site’s mySQL database….