Kim Jae-heun reports: Online thieves managed to steal customer data, including phone numbers, in a cyberattack on some data centers managed by Chanel Korea. It’s unknown whether clients affected by the data leak will take legal action against the French luxury brand’s Korean firm.In a rare move, Chanel Korea issued a public apology after disclosing…
Actively exploited bug bypasses authentication on millions of routers
Sergiu Gatlan reports: Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability (rated 9.9/10) in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication….
Vision for Hope notification of data security incident
Hope started as a school in Illinois for children with disabilities, but it expanded its mission over the years. This is a notification they posted on August 3: Vision for Hope (“Hope”) recently discovered an incident that may have involved the personal information or protected health information of some of its patients or other individuals….
Long Island Jewish Forest Hills Notifies Patients Who Were Potentially Impacted by a Former Employee’s Unauthorized Access of Electronic Medical Records
QUEENS, N.Y.–(BUSINESS WIRE)–Long Island Jewish Forest Hills Hospital (“LIJFH”) today announced that it has notified patients who were potentially impacted by a former employee’s unauthorized access of electronic medical records. LIJFH has taken steps to address this matter and is offering credit monitoring to any patient who may have been affected. As background, on January…
UK: NHS Highland apologizes after data security breach
Tom Ramage reports: Letters inviting patients at NHS Highland for their second dose of Covid vaccine were produced by NHS Highland Public Health carrying information relating to other patients. A spokesperson has explained: “These letters each contain the name and address of the patient along with the date, a time slot and a location they…
Data leak affects about 3,000 NYC students and 100 employees, officials confirm
Pooja Salhotra reports: Personal information, including academic records and biographical data, of about 3,000 New York City public school students and 100 education department staff members was inadvertently shared more widely than intended, education department officials confirmed on Thursday. At least one student within the public school system managed to access a Google Drive that…