Feb 01 2021

List of data breaches and cyber attacks in January 2021

Category: Data BreachDISC @ 11:02 am
No alt text provided for this image

878 million records breached

 By Luke Irwin  

Thankfully, January was relatively quiet on the data breach front, following a chaotic end to 2020 in which we surpassed a thousand security incidents and 20 billion breached records.

So far this year, we’ve recorded 82 incidents and 878,168,975 breached records. That’s not great – particularly when you factor in that January is generally a quiet month across most sectors – but it’s progress.

You can find the full list of incidents that we recorded below, with those affecting UK incidents listed in bold.

Source: https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-january-2021?

Jan 24 2021

Hacker leaks data of 2.28M users of dating site MeetMindful

Category: Data Breach,HackingDISC @ 12:13 pm
Hacker leaks data of 2.28M users of dating site MeetMindful

Dec 01 2020

List of data breaches and cyber attacks in November 2020 – 587 million records breached

Category: Data Breach,Security BreachDISC @ 11:06 am

We recorded 103 data breaches and cyber attacks in November, which accounted for 586,771,602 leaked records.

ITG recorded 103 cyber security incidents in November, which accounted for 586,771,602 leaked records.

The majority of those came from a credential-stuffing attack targeting Spotify and a data leak at the messaging app GO SMS Pro, which you can learn more about below.

Here is ITG complete list of November’s cyber attacks and data breaches.

Source: List of data breaches and cyber attacks in November 2020 – 587 million records breached – IT Governance UK Blog



Biggest Data Breaches of October 2020
httpv://www.youtube.com/watch?v=aB0PB5B266w


Self-assessment to help you achieve your cybersecurity or information security goals. ITG is offering 15% off selected toolkits and self-assessment tools until December 4 to help you achieve your cybersecurity or information security goals. Use promo code THANKFUL at checkout to receive the offer




Oct 15 2020

Confirmed: Barnes & Noble hacked, systems taken offline for days, miscreants may have swiped personal info

Category: Data Breach,Security BreachDISC @ 8:44 am

Nook, line and sinker: Servers restored from backups, punters unable to download purchased e-books

Source: Confirmed: Barnes & Noble hacked, systems taken offline for days, miscreants may have swiped personal info




Oct 01 2020

List of data breaches and cyber attacks in September 2020 – 267 million records breached 

Category: Cyber Attack,Data BreachDISC @ 10:09 am

Take a look at the top data breaches and cyber attacks in September, as well as our full list of 102 incidents.

Source: List of data breaches and cyber attacks in September 2020 – 267 million records breached – IT Governance UK Blog


    Data Breaches: Crisis and Opportunity




Sep 25 2020

Data for 600K customers of U.S. fitness chains Town Sports leaked online

Category: Data BreachDISC @ 11:16 am

The database containing personal information of over 600,000 clients of the US fitness chain Town Sports was exposed on the Internet.

The archive contained records for almost 600,000 members or staff, exposed info includes names, addresses, phone numbers, email addresses, last four digits of credit cards, credit card expiration dates, and a member’s billing history.

“Fitness chain Town Sports International has exposed 600,000 records of members and employees on the web without a password or any other authentication required to access it, Comparitech researchers report.” reads the report published by Comparitech, “Comparitech security researcher Bob Diachenko received a tip from cybersecurity expert Sami Toivonen about the exposure on September 21, 2020.”

Source: Data for 600K customers of U.S. fitness chains Town Sports leaked online




Aug 04 2020

Reading the 2020 Cost of a Data Breach Report ….

Category: Data BreachDISC @ 11:03 am

2020 Cost of a Data Breach Report: the global total cost of a data breach averaged $3.86 million in 2020, down about 1.5% from the 2019 study.

Source: Reading the 2020 Cost of a Data Breach Report ….

 

 
Top Takeaways from the Verizon Data Breach Investigations Report
httpv://www.youtube.com/watch?v=m-PO_mfEcio



Explore Data Security Controls

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles




Jul 29 2020

Hacker leaks 386 million user records from 18 companies for free

Category: Data Breach,HackingDISC @ 11:15 pm

A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches.

Source: Hacker leaks 386 million user records from 18 companies for free




Jul 23 2020

Instacart Customers’ Personal Info Is Being Sold Online

Category: Data Breach,pci dssDISC @ 11:15 am

Names, credit card data, addresses, and information on transactions as recent as yesterday are being sold online.

As of Wednesday, sellers in two dark web stores were offering information from what appeared to be 278,531 accounts, although some of those may be duplicates or not genuine. As of April, Instacart had “millions of customers across the US and Canada,” according to a company spokesperson.

Source: Instacart Customers’ Personal Info Is Being Sold Online



Personal info of 200K+ Instacart users being sold on the dark web; Instacart says it wasn’t breached
httpv://www.youtube.com/watch?v=IA2kSg7-ACM






PCI DSS – Data Security Standard

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles




Tags: PII, PII security

Jul 14 2020

A hacker is selling details of 142 million MGM hotel guests on the dark web

Category: Data Breach,Hacking,Security BreachDISC @ 11:06 am

EXCLUSIVE: The MGM Resorts 2019 data breach is much larger than initially reported.

Source: A hacker is selling details of 142 million MGM hotel guests on the dark web | ZDNet

According to the ad, the hacker is selling the details of 142,479,937 MGM hotel guests for a price just over $2,900. The hacker claims to have obtained the hotel’s data after they breached DataViper, a data leak monitoring service operated by Night Lion Security.

mgm-empire.png

MGM Exposes over 10,000,000 Profiles to Hackers – Feb 21, 2020
httpv://www.youtube.com/watch?v=vlPE-4Tjnrc



Protect Your Organization Against Massive Data Breaches and Their Consequences

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles




Tags: dark net, dark web

Jul 09 2020

15 billion credentials available in the cybercrime marketplaces

Category: Cybercrime,Data Breach,data securityDISC @ 11:32 am

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts.

Source: 15 billion credentials available in the cybercrime marketplaces







Exploring the Dark Web
httpv://www.youtube.com/watch?v=BN1NU0ivzj8



Explore the subject of Cyber Attack

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles




May 31 2020

How hoteliers can mitigate data breaches

Category: Data Breach,data securityDISC @ 6:45 pm

As hackers shift tactics, business owners can take steps to prevent attacks and minimize damage.

Source: How hoteliers can mitigate data breaches



The 5 Most Dangerous New Attack Techniques and How to Counter Them
httpv://www.youtube.com/watch?v=xz7IFVJf3Lk



Data Breaches: Crisis and Opportunity

Download a Security Risk Assessment Checklist paper!

Subscribe to DISC InfoSec blog by Email




May 25 2020

Hacker extorts online shops, sells databases if ransom not paid

Category: Data Breach,data security,Security BreachDISC @ 3:05 pm

More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the damage is likely much larger.

Source: Hacker extorts online shops, sells databases if ransom not paid

More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the amount of stolen data is much larger.

The attacker is hacking into insecure servers that are reachable over the public web, copies the databases, and leaves a note asking for a ransom in return of the stolen data.

Money made

Victims have 10 days to pay BTC 0.06 ($525 at current price) a wallet provided in the ransom note, else the hacker makes the database public or uses it as they please.

Hacked! What to do with an extortion email
httpv://www.youtube.com/watch?v=CQS-fSsIQbo

Bitcoin Email Blackmail Ransom Scam
httpv://www.youtube.com/watch?v=H40C7Hbpdqw




Download a CyberAware cheat sheet




Tags: hacker blackmail, hacker extortion

May 21 2020

Santander, one of the biggest European banks, was leaking sensitive data on their website

Category: Data BreachDISC @ 11:51 pm

Santander Consumer Bank, the Belgian branch of the bank, had a misconfiguration in its blog domain that was allowing its files to be indexed.

Source: Santander, one of the biggest European banks, was leaking sensitive data on their website

A Santander Consumer spokesperson said:

“The incident highlighted relates specifically to the Santander Consumer Bank Belgium blog only. The blog contains only public information and articles, and therefore no customer data or critical information from the blog  has been compromised. Our security team has already fixed the issue to ensure the blog is secure.”

What exactly is wrong with the Santander website?

When we visited the Santander blog on its Belgian domain, we noticed that the www endpoint of the blog subdomain had a misconfiguration that allowed all of its files to be indexed by search engines

Included in these indexed files was an important info.json file that seemed to contain its Cloudfront API keys.

Download a CyberAware Cheat Sheet

 




Jul 26 2019

How to write a GDPR data breach notification procedure – with template example

Category: Data Breach,GDPR,Information PrivacyDISC @ 2:05 pm

Discover how to write a GDPR data breach notification procedure to help you with your GDPR compliance. Including a free template example. Read now

Source: How to write a GDPR data breach notification procedure – with template example – IT Governance Blog

Personal data breach notification procedures under the GDPR

Organizations must create a procedure that applies in the event of a personal data breach under Article 33 – “Notification of a personal data breach to the supervisory authority” – and Article 34 of the GDPR – “Communication of a personal data breach to the data subject”.

Help with creating a data breach notification template

The picture above is an example of what a data breach notification might look like – available from the market-leading EU GDPR Documentation Toolkit – which sets out the scope of the procedure, responsibilities and the steps that will be taken by the organization to communicate the breach from:

  • Data processor to data controller;
  • Data controller to supervisory authority; and
  • Data controller to data subject.

 

GDPR Implementation Bundle

 


Enter your email address:

Delivered by FeedBurner




Tags: #GDPR #DataBreachNotification

« Previous Page