Emily Scott reports: The City of Philadelphia has released an update on an investigation into a data breach that left some employee email accounts accessible to unauthorized individuals. The incident, initially identified in March 2020, was the result of an employee’s email account that was exposed due to a phishing attack. The breach impacted people receiving services…
Klarna battles data breach with reports of leaked user info
Isabel Woodford reports: Consumers have raised the alarm about a data breach — including users’ names — at Klarna, Europe’s largest private fintech. The company, which is reportedly in the throes of closing a deal valuing it at $40bn, came under fire on Thursday after users complained they were being accidentally logged in as other people, given…
Japanese government agencies suffer data breaches after Fujitsu hack
So it may not be just 76,000 email addresses… Ax Sharma reports: Offices of multiple Japanese agencies were breached via Fujitsu’s “ProjectWEB” information sharing tool. Fujitsu states that attackers gained unauthorized access to projects that used ProjectWEB, and stole some customer data. It is not yet clear if this breach occurred because of a vulnerability exploit, or a…
The FBI will feed hashes of hacked passwords directly into Have I Been Pwned
Catalin Cimpanu reports: Australian security researcher Troy Hunt announced today that he granted the US Federal Bureau of Investigation a direct line to upload new content into Have I Been Pwned, a website that indexes data from security breaches. The HIBP creator said that when the FBI discovers password collections during their investigations, they will upload…
Canada Post informs 44 large business customers of data breach affecting 950K customers
Jackie Dunham reports: Canada Post has informed 44 of its large business customers that information relating to more than 950,000 customers was compromised after one of its suppliers fell victim to a malware attack late last week. On Wednesday, the postal agency announced that Commport Communications, an electronic data interchange solution supplier, had notified them…
Colonial Pipeline Accused of Negligence in Proposed Class Action
Jake Holland reports: Colonial Pipeline Co. and its owners acted negligently by employing lax cybersecurity standards that left the company vulnerable to a massive ransomware attack, a proposed Georgia federal court class action alleges. The company breached its duty to employ industry security standards, and that failure translated into system outages that harmed consumers by raising…