Tag: Privacy Security Breaches

TransUnion denies it was hacked, links leaked data to 3rd party

Credit reporting firm TransUnion has denied claims of a security breach after a threat actor known as USDoD leaked data allegedly stolen from the company’s network. The Chicago-based company’s over 10,000 employees provide their services to millions of consumers and more than 65,000 businesses from 30 countries. “Immediately upon discovering these assertions, we partnered with outside cybersecurity and forensic experts…

War crimes tribunal ICC says it has been hacked

The International Criminal Court (ICC) said on Tuesday its computer system had been hacked, a breach at one of the world’s most high-profile international institutions and one that handles highly sensitive information about war crimes. The ICC said it had detected unusual activity on its computer network at the end of last week, prompting a response that was still ongoing….

University of Sydney data breach impacts recent applicants

  The University of Sydney (USYD) announced that a breach at a third-party service provider exposed personal information of recently applied and enrolled international applicants. The public university started operations in 1850 and has nearly 70,000 students and about 8,500 academic and administrative personnel. It is considered one of Australia’s most important educational institutes. In the data breach announcement, the…

Scraped data of 2.6 million Duolingo users released on hacking forum

The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information. Duolingo is one of the largest language learning sites in the world, with over 74 million monthly users worldwide. In January 2023, someone was selling the scraped data of 2.6 million DuoLingo users on…

Colorado Department of Higher Education warns of massive data breach

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in June. In a ‘Notice of Data Incident’ published on the CDHE website, the Department says they suffered a ransomware attack on June 19th, 2023. “On June 19, 2023, CDHE became aware it was the victim of…

BNK Banking Corporation fined for breach of data reporting requirements

The Australian Prudential Regulation Authority has slapped BNK Banking Corporation with a $247,500 fine for failing to meet its data reporting requirements to the APRA.  In a statement, the prudential regulator said BNK was 32 days late in filing statistical reports for the month ending Feb. 23 under the Economic and Financial Statistics program. This failure to report data by…

Microsoft denies data breach, theft of 30 million customer accounts

Microsoft has denied the claims of the so-called hacktivists “Anonymous Sudan” that they breached the company’s servers and stole credentials for 30 million customer accounts. Anonymous Sudan is known for debilitating distributed denial-of-service (DDoS) attacks against Western entities in recent months. The group has confirmed their affiliation with pro-Russian hacktivists like Killnet. Last month, Microsoft admitted that Anonymous Sudan was responsible…

Stop using Google Analytics, warns Sweden’s privacy watchdog, as it issues over $1M in fines

Sweden’s data protection watchdog has issued a couple of fines in relation to exports of European users’ data via Google Analytics which it found breach the bloc’s privacy rulebook owing to risks posed by US government surveillance. It has also warned other companies against use of Google’s tool. The fines — just over $1.1 million for Swedish telco Tele2 and…

Louisiana is pushing Digital ID. And the Personal Data of all drivers License Holders have just been breached

The State of Louisiana has experienced an extensive data breach, with six million public records being exposed. The breach was a part of a global attack on the third-party file transfer application, MOVEit. The breach is likely to raise further concerns as the state recently introduced a new law that is increasing the uptake of digital ID – a law that forces adult websites to check the…

US confirms federal agencies hit by MOVEit breach, as hackers list more victims

  The U.S. government has confirmed that multiple federal agencies have fallen victim to cyberattacks exploiting a security vulnerability in a popular file transfer tool. In a statement shared with TechCrunch, CISA confirmed that “several” U.S. government agencies have experienced intrusions related to the exploitation of a vulnerability in MOVEit Transfer, an enterprise file transfer tool developed by Progress Software….

U.S. government agencies hit in global hacking spree: MOVEit vulnerability

The U.S. government has been hit in a global hacking campaign that exploited a vulnerability in widely used software, the nation’s cyber watchdog agency said on Thursday. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said several federal bodies had experienced intrusions following the discovery of a weakness in the file transfer software MOVEit, Eric Goldstein, the agency’s executive assistant…

PwC faces its Enron moment: Confidentiality breaches, possible conspiracy to defraud

When then-prime minister Malcolm Turnbull called for heads to roll after the 2016 census was pulled offline – amid fears IBM’s data servers hosting the survey had been infiltrated – the American enterprise technology giant made an important decision. IBM ran most of the big mainframe systems that had powered core government functions for several decades, earning it billions of…

Chinese hackers breach US critical infrastructure in stealthy attacks -NSA, FBI, NSA, CISA

Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, since at least mid-2021. Their victims span a wide range of critical sectors, including government, maritime, communications, manufacturing, information technology, utilities, transportation, construction, and education. “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing…

US pharmacy giant PharMerica says hackers accessed personal data of almost 6 million patients

  One of the largest pharmacy service providers in the United States has confirmed that hackers accessed the personal data of almost six million patients. PharMerica operates over 2,500 facilities across the U.S. and offers more than 3,100 pharmacy and healthcare programs. In a data breach notification filed with Maine’s attorney general, PharMerica said it learned of suspicious activity on…

Ransomware gang steals data of 5.8 million PharMerica patients

Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers.

PharMerica is a pharmacy services provider in 50 U.S. states, operating 180 local and 70,000 backup pharmacies, and serving 3,100 medical facilities nationwide.

According to a data breach notification submitted to the Office of the Maine Attorney General, hackers breached PharMerica’s system on March 12th, 2023, stealing the full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people.

The firm discovered the intrusion on March 14th, 2023, and its investigation determined on March 21st that client data had been stolen. However, notices of a data breach were sent to impacted individuals only last Friday, May 12th, 2023.

Hackers steal emails, private messages from hookup websites

Hackers have stolen email addresses, direct messages, and other personal data from users of two dating websites, according to a data breach expert.

Earlier this week, someone alerted Troy Hunt, the founder and maintainer of the data breach alerting website Have I Been Pwned, that hackers had breached two dating websites, CityJerks and TruckerSucker. Hunt told TechCrunch that he analyzed the stolen data and found usernames, email addresses, passwords, profile pictures, sexual orientation, users’ date of birth, their city and state, their IP addresses, and biographies. The stolen passwords are scrambled with a weak algorithm that could potentially be broken and allow hackers to see the actual passwords.”