Another #breach of customer privacy because of poor customer data #security. Why is an energy company storing this information? There will be no accountability for this sort of nonsense from corporates until we start sending execs to gaol “Sumo said that the following customer information was compromised by the breach: names, addresses, dates of birth, phone numbers, credit scores, as well as either passport, Medicare, or driver’s licence details.” https://www.cyberdaily.au/security/10565-exclusive-australian-energy-internet-provider-sumo-confirms-customer-data-breach
"A cyberattack on the Ascension health system across the U.S. diverted ambulances, caused patients to miss medical visits and blocked online access to their records"
'If we didn't take them, they'd die'. A dam breach in Russia's south forced thousands to flee their flooded homes. Volunteers describe trying to save the animals left behind.
U-Haul has sent breach notifications to customers after attackers were able to access an internal system for dealers and employees. The breach exposed personal info of customers, including name, date of birth and driver's license, but not payment details. Approximately 67k customer were affected in US and Canada. Affected customers are advised to be vigilant of phishing attempts, and to get identity theft protection.
#FCC gets tough: #Telcos must now tell you when your personal info is stolen
The FCC now "requires carriers to notify customers of #breaches of covered data without unreasonable delay … and in no case more than 30 days following reasonable determination of a #breach."
Yep, cell carriers didn't have to do this before https://www.theregister.com/2024/02/12/fcc_gets_tough_on_telcos/
Just In: Hackers leak an alleged partial Facebook Marketplace database, claiming to have stolen it from a contractor responsible for managing Facebook's cloud services.
If a site's data is breached, after changing the password, is it necessary to redo the 2FA in the app by removing and redoing? (Does not apply to SMS or email 2FA, obviously). Emails, IP, passwords and 2FA info hacked according to #haveibeenpwned
"The incident also exposed 2FA secrets and backup codes along with password reset tokens."
📢 The #Nobelium hackers behind the #SolarWinds breach are back and have successfully breached the emails of top individuals and employees at Microsoft.
Microsoft has revealed some of their corporate email accounts had been breached. The attack is believed to be state-sponsored. The attackers were able to breach Microsoft using a password spray attack on a non-production test tenant account. They then pivoted to the corporate email accounts of Microsoft's leadership and employees in cybersecurity and legal teams. Security experts believe this is a case of poorly secured configuration.
This is huge!! Attacker breached a non-production test tenant account, gaining access to a small portion of #Microsoft corporate emails, including those of leadership, cybersecurity, and legal, and exfiltrated some emails and attachments. #breach#infosec
Vans, North Face owner says ransomware breach affects 35 million people
VF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme, said that more than 35 million customers had their personal information stolen in a December ransomware attack.
The American global apparel and footwear giant said that the affected customers' social security numbers, bank account information, or payment card information was not impacted since it doesn't store such data on its systems.
"Based on VF's preliminary analysis from its ongoing investigation, VF currently estimates that the threat actor stole personal data of approximately 35.5 million individual consumers," VF Corp said in an 8-K form filed with the U.S. Securities and Exchange Commission (SEC) on Thursday.
"VF has not detected any evidence to date that any consumer passwords were acquired by the threat actor."