Sam Varghese reports: Customers of Dutch clothing company OppoSuits have been warned to monitor their credit card accounts after the firm reported that malware planted on its website could have stolen the details of customers who made purchases from its Australian, Canadian, EU and UK websites. In a statement on Monday (Tuesday Australian time), the…
Twelve US states join for the first time to file multistate data breach lawsuit
Catalin Cimpanu has a good write-up about the multistate lawsuit against Medical Informatics that I noted earlier this week: Attorneys general from twelve US states have joined together to file the first-ever joint cross-state HIPAA lawsuit against a healthcare provider that got hacked in the summer of 2015. The lawsuit, filed in an Indiana court…
Credit card stealing malware on Canada’s 1-800-FLOWERS website went undetected for four years
Zack Whittaker reports: It’s going to take more than a bunch of posies to make up for this one. The Canadian branch of 1-800-FLOWERS revealed in a filing with the California attorney general’s office that malware on its website had siphoned off customers’ credit cards over a four-year period. Four years. Let that sink in….
Channel Ship Services hacked by TheDarkOverlord; has maritime security been compromised?
When TheDarkOverlord hacked Channel Ship Services, they not only acquired personal data that could be misused for fraud, but they claim they also acquired information that can jeopardize maritime security. According to Jersey-based Channel Ship Services’ website, CSS Limited provides highly qualified permanent and contract specialist personnel to the global offshore industry. Those personnel have recently…
Cyber-espionage group uses Chrome extension to infect victims
Catalin Cimpanu reports: In what appears to be a first on the cyber-espionage scene, a nation-state-backed hacking group has used a Google Chrome extension to infect victims and steal passwords and cookies from their browsers. This is the first time an APT (Advanced Persistent Threat –an industry term for nation-state hacking groups) has been seen…
UK: Former headteacher prosecuted for unlawfully obtaining school children’s personal information
A former headteacher has been fined in court for unlawfully obtaining school children’s personal data from previous schools where he worked. Darren Harrison of Twickenham, obtained the information from two primary schools were he had worked, and uploaded it to his then current school’s server. As he had no lawful reason to process the personal…