Two large leaks involving personal information discovered by researchers. First up, Zack Whittaker reports: WeWork India has fixed a security lapse that exposed the personal information and selfies of tens of thousands of people who visited WeWork India’s coworking spaces. Security researcher Sandeep Hodkasia found visitor data spilling from the check-in app on WeWork India’s website, used…
NPM supply-chain attack impacts hundreds of websites and apps
Sergiu Gatlan reports: An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As researchers at supply chain security firm ReversingLabs discovered, the threat actors behind this campaign (known as IconBurst) used typosquatting to infect developers looking for very popular…
Claire’s data breach $350K class action settlement
Top Class Actions reports that there is a settlement in litigation stemming from a data breach involving customer information in a 2020 breach that affected some customers of Claire’s accessories stores. For approximately two months in 2020, malware compromised payments made on the retailer’s website. The case is Julia Rossi, et al v. Claire’s Stores,…
$63 Million OPM Data Breach Settlement Proposed
From the official settlement website at https://www.opmdatabreach.com/: OPM Data Breach Settlement In re: U.S. Office of Personnel Management Data Security Breach Litigation, No. 15-1394 (ABJ) (D.D.C.). If You Were Subject to the Data Breaches of the U.S. Office of Personnel Management and Its Contractor (Peraton Risk Decision Inc.), and You Experienced an Out-of-Pocket Loss After…
Ca: College of the Desert victimized once again by ransomware; most online services currently down
Jonathan Horwitz reports: The College of the Desert has fallen victim to a second successful malware attack against its online network in as many years. Currently, most of the college’s online services are offline, its website is not available and at least some employees are lacking access to their email accounts, COD public information officer Nicholas Robles confirmed…
Hungarian authority fines data controller EUR 7,500 data breach and rules free online services not suitable for high-risk processing
Dóra Petrányi, Katalin Horváth, Márton Domokos, and Daniella Huszár of CMS Cameron McKenna Nabarro Olswang LLP write: In the latest decision of the National Authority for Data Protection and Freedom of Information (NAIH), a data controller for a political party, responsible for a data breach where six Excel files were made publicly available through a…