From the Office of Attorney General Maura Healey, an announcement of a settlement in the wake of insider breaches: BOSTON — UMass Memorial Medical Group Inc. and UMass Memorial Medical Center Inc. will pay a total of $230,000 to resolve claims that two separate data breaches exposed the personal and health information of more than…
Credit reference agency Equifax fined for security breach
From the Information Commissioner’s Office: The Information Commissioner’s Office (ICO) issued Equifax Ltd with a £500,000 fine for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017. The incident, which happened between 13 May and 30 July 2017 in the US, affected 146 million customers globally….
US military given more authority to launch preventative cyberattacks
From the what-could-possibly-go-wrong dept., Jose Pagliery and Ryan Browne report: The US military is taking a more aggressive stance against foreign government hackers who are targeting the US and is being granted more authority to launch preventative cyberstrikes, according to a summary of the Department of Defense’s new Cyber Strategy. The Pentagon is referring to…
Update: Suspect Arrested for Huazhu Hotel’s Over USD50,000 User Data Theft
Xu Wei report: A hacker who disclosed nearly 500 million pieces of Chinese Huazhu Hotels Group’s user data, including bank accounts and identity cards, has been detained. The transaction that the suspect who tried to sell the data on the dark net has failed, the Shanghai-based hotel firm said on its website on Sept. 17. The person…
Click2Gov Update: ICYMI Here’s The Latest
RBS is doing a great job of tracking the Click2Gov breaches. In their most recent update, they report: It’s been three months since our original post was published and as feared, breaches of the Click2Gov system continue to be reported. Here is what we’ve learned: Attackers are exploiting an unpatched vulnerability in Oracle’s WebLogic. Early…
Hackers stole customer credit cards in Newegg data breach
Zack Whittaker reports: Newegg is clearing up its website after a month-long data breach. Hackers injected 15 lines of card skimming code on the online retailer’s payments page which remained for more than a month between August 14 and September 18, Yonathan Klijnsma, a threat researcher at RiskIQ, told TechCrunch. The code siphoned off credit card…