Zappos data breach settlement: users get 10% store discount, lawyers get $1.6m


  • Seven-year-old class-action lawsuit nears its end; Zappos data breach settlement: users get only a meagre 10% discount while their lawyers are set to receive $1.6M.
  • More than 24 million customers’ personal data was compromised in the 2012 Zappos data breach; while they receive a 10% store discount as compensation, their lawyers received 1.6 million. The settlement marks yet another case where data breach victims walk away with nothing following devastating data breaches – such as Yahoo settlement and Equifax settlement.

*Source: ZDnet, October 18, 2019


Indiana hospital system notifying patients after data breach


  • Methodist Hospitals, Indiana, is warning more than 68,000 patients that their personal information, including Social Security numbers and health records, may have been exposed during a data breach.
  • In addition to social security numbers and patient health records, the hackers may have accessed names, addresses, dates of birth, driver’s license and credit card information. The hospital system is advising people who may been affected by the data breach to monitor their credit reports and medical billing data for any suspicious activity.

*Source: ModernHealthCare, October 17, 2019

Equifax used ‘admin’ as username and password for sensitive data: lawsuit


  • Equifax used the word “admin” as both password and username for a portal that contained sensitive information, according to a class-action lawsuit filed in Georgia.
  • The ongoing lawsuit, filed after the breach, went viral on Twitter Friday. The lawsuit also notes that Equifax admitted using unencrypted servers to store sensitive personal information and had it as a public facing website. When Equifax, one of the three largest consumer credit reporting agencies, did encrypt data, the lawsuit alleges, “it left the keys to unlock the encryption on the same public facing servers, making it easy to remove the encryption from the data.”

*Source: Yahoo, October 15, 2019

CenturyLink Customer Data Exposed


  • Customer information was left open on a CenturyLink MongoDB server for 10 months, leaving some 2.8 million records exposed on the Internet.
  • Researchers from Comparitech and security researcher Bob Diacehnko found the misconfigured MongoDB database on Sept 15. Customer names, addresses, email addresses, and phone numbers were exposed. “The data involved appears to primarily contact information and we do not have reason to believe that any financial or other sensitive information was compromised”, CenturyLink said in a statement to comparitech.

*Source: Dark Reading, October 18, 2019

U.S. Government, Military Personnel Data Leaked By Autoclerk


  • A leaky database owned by reservations management system Autoclerk has exposed the personal data and travel information for thousands of users – including U.S. government and military personnel.
  • The reservation management system Autoclerk had a faulty Elasticsearch database which exposed online over 100,000 booking reservations for travelers. The database was hosted by the Amazon web serves in the USA, containing over 179GB of data. The exposed information included unencrypted login credentials, full names, date of birth, home addresses, phone numbers, dates and costs of travel, and masked credit-card details.

*Source: Threatpost, October 21, 2019

10% of Small Businesses Breached Shut Down in 2019


  • As a result of cybercrime, 10% of small businesses hit in 2019 were forced to shut down, 69% were forced offline for a limited time, 37% experienced financial loss, and 25% filed for bankruptcy.
  • To compile the report, commissioned by the National Cyber Security Alliance and conducted by Zogby Analytics, analysts polled 1,006 small business decision-makers on cybersecurity topics, They learnt i) 88% consider themselves a “somewhat likely” target for attacks, including 46% who believe they are a “very likely target”. ii) Nearly 30% have experienced an official security within the past year.

*Source: DarkReading, October 23 2019