After all these years of reporting on breaches, it’s still unusual to read that a company has folded as a result of a data breach, but we live in different times because of the added burden of the pandemic. Phil Muncaster reports: Ransomware victim Travelex has been forced into administration, with over 1000 jobs set…
Category: Of Note
Due to HHS intervention, an FTP leak in 2018 is finally reported to patients
It looks like HHS followed up on a leak first reported by DataBreaches.net in May, 2018. At the time, this site noted that two MedEvolve clients had exposed data. One of them was Beverly Held, M.D. A researcher had found .dat files exposed without any login required and estimated that there were approximately 12,000 SSNs…
SPARTOO: sanction of 250,000 euros and injunction under penalty to comply with the GDPR
From the CNIL, the French data protection authority: SPARTOO is specialized in the online shoe sales sector. For this activity, it has a website accessible in thirteen countries of the European Union. The CNIL inspected the company in May 2018, and noted shortcomings concerning the data of customers, prospects and employees. The President of the CNIL therefore…
Intel investigating breach after 20GB of internal documents leak online
Catalin Cimpanu reports: US chipmaker Intel is investigating a security breach after earlier today 20 GB of internal documents, with some marked “confidential” or “restricted secret,” were uploaded online on file-sharing site MEGA. The data was published by Till Kottmann, a Swiss software engineer, who said he received the files from an anonymous hacker who…
Capital One fined $80 million for 2019 hack of 100 million credit card applications
Devlin Barrett reports: Capital One has agreed to pay an $80 million fine to U.S. regulators over a major hacking incident last year in which authorities say about 100 million credit card applications were illegally accessed. The Virginia-based bank with a popular credit card business said it has taken steps to tighten security around its…
Hacker leaks passwords for 900+ enterprise VPN servers
Catalin Cimpanu reports: A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community. Read more…