- In one of the biggest data breaches ever, a hacker gained access to more than 100 million Capital One customers’ accounts and credit card applications earlier this year.
- Paige Thompson is accused of breaking into a Capital One server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers.
- A criminal complaint says Thompson tried to share the information with others online.
- The 33-year-old, who lives in Seattle, had previously worked as a tech company software engineer for Amazon (AMZN) Web Services, the cloud hosting company that Capital One used.
- One person who saw the information on GitHub notified Capital One of the “leaked data” belonging to the company. Capital One notified the FBI, and an agent searched Thompson’s residence on Monday.
- The breach affected around 100 million people in the United States and about 6 million people in Canada, according to Capital One.
- However, “no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised,” the company noted.
- Capital One’s stock was down 5% in premarket trading Tuesday.
*Source: CNN, July 30, 2019
- International beauty retailer Sephora has admitted to a breach of its online users’ data, affecting customers in Singapore as well as in other countries including Malaysia, Indonesia, Thailand, Philippines, New Zealand, and Australia.
- On Monday (July 29) the popular makeup retailer, which has 12 stores in Singapore, issued a notice to its online customers to say that the data breach was discovered over the past two weeks.
- In the e-mail, Sephora’s managing director of Southeast Asia Alia Gogi said: “Some personal information may have been exposed to unauthorized third parties, including first and last name, date of birth, gender, e-mail address, and encrypted password, as well as data related to beauty preferences.”
- “The security incident was limited to a database serving our Southeast Asia, Hong Kong SAR, and Australia/New Zealand customers who used our online services,” the company said.
- It has also conducted a review of its security systems and is offering a free personal data monitoring service to its customers, through a third-party provider.
- In the e-mail, the company also recommended that its customers change the passwords of their accounts.
*Source: straitstimes, July 29, 2019
- Some Sprint customers received an unpleasant surprise in the mail last week as the company sent out notification of a data breach to an undisclosed amount of network users.
- Hackers gained access to customer’s online logins and had the ability to see all of the data visible in those accounts.
- Sprint characterized the breach as not causing “a substantial risk of fraud or identity theft”, but that’s a questionable claim.
- The attack compromised the first and last name, phone number, device type, home address, PIN, billing number, device ID and subscriber ID account number among other information.
- Craig Young, a computer security researcher for Tripwire‘s vulnerability and exposure research team (VERT), noted that the attackers may even be able to skip the social engineering part of the attack depending on what data they were able to gain access to.
- These breaches threaten to throw yet another wrench into the gears of the proposed T-Mobile and Sprint merger, a process that has dragged on for half a decade and faced both strong political opposition and internal squabbles.
*Source: cpomagazine, July 25, 2019
- The exposed ElasticSearch database contained approximately 134 million documents and amounted to roughly 40GB of data belonging to Honda, one of the largest automobile manufacturers in the world.
- The data could have provided attackers with an easy map for locating the security “soft spots” of the company, said security researcher Justin Paine, who discovered the leaky database.
- The data contained within this database was related to the internal network and computers of Honda Motor Company,” he said in a Wednesday post about the incident.
- This included information such as machine hostname, MAC address, internal IP, operating system version, which patches had been applied and the status of Honda’s endpoint security software.”
- One dataset also details the CEO’s full email, account name, and employee ID, last login date, as well as device data such as MAC address, patching history, OS version, endpoint security status, IP and device type.
- Using this data, attackers could simply locate C-suite employees (such as the CEO or CFO) – and easily keep tabs on them to identify ways to launch targeted attacks, said Paine.
- An unsecured database belonging to Honda Motor Company was found leaking crucial information about its global systems, including which devices aren’t up-to-date or protected by security solutions.
*Source: Threatpost, July 31, 2019
- The data included customer names, birth dates, contact details and government-issued identification numbers such as a driver’s license or passport. Customers will be contacted either on the phone, by email or postal mail.
- NAB says that the data services companies, which have not been identified, say that data provided to them is deleted within two hours. No account log-in details or passwords were affected.
- “We take the privacy and the protection of customer information extremely seriously and I sincerely apologize to affected customers,” says NAB’s Chief Data Officer Glenda Crisp in the notice.
- NAB says it has notified the Office of the Australian Information Commissioner, which is the national data regulator.
*Source: databreachtoday, July 29, 2019
- Authorities and companies in South Korea should be scrambling by now to track down a major card breach after the details of more than one million payment cards have been put up for sale online over the past two months.
- Details for 890,000 and 230,000 payment cards were put up for sale on a hacking forum in July and June, respectively, cyber-security researchers from Gemini Advisory have told ZDNet.
- The source of these payment card details has not yet been identified, researchers said. Based on the fact that the card records only contained CP (Card Present) details, this automatically rules out web-based skimmers (Magecart scripts) installed on online stores.
- Possible sources of where crooks may have obtained the card records include (1) malware installed on Point-of-Sale (PoS) systems at stores or restaurants; (2) a breach at a bank, payment provider, or PoS company; or (3) card skimmer devices installed on ATMs or PoS terminals.
- For now, the mystery of where these South Korean card details came from remains unsolved. However, this won’t remain a mystery for longer.
*Source: databreachtoday, July 29, 2019