The nature of the malware involved has not been disclosed and it remains unclear whether the payment card information, which Delta say was entered by the customers themselves, got intercepted in transit or was improperly stored.
Source: gizmodo.com
This week, Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor department stores—all owned by The Hudson’s Bay Company—acknowledged a data breach impacting more than five million credit and debit card numbers. The culprits? The same group that’s spent the last few years pulling off data heists from Omni Hotels & Resorts, Trump Hotels, Jason’s Deli, Whole Foods, Chipotle: A mysterious group known as Fin7.
Gemini Advisory said that it appears that all Lord & Taylor and 83 US-based Saks Fifth Avenue locations have been compromised, and the majority of stolen credit cards were obtained from New York and New Jersey locations. Gemini Advisory estimated the window of compromise to be May 2017 to present.
Source: threatpost.com
When Under Armour announced that its nutrition app MyFitnessPal had suffered a data breach impacting the information of roughly 150 million users, things actually didn’t seem so bad. Of course, it’s never good when personal data ends up online, much less that of so many people, but it seemed like Under Armour had at least taken reasonable precautions. But it turns out Under Armour only sort of got things right.
The nutrition and exercise tracking app, MyFitnessPal, has suffered a data breach, exposing 150 million users. Owned by Under Armour, the app alerted users of the breach on March 29th, but the company first learned of the breach a month ago. According to the company, the data exposed by the breach includes usernames, email addresses, and encrypted passwords.
But it is unclear is any biometric data was compromised by the security breach. Under Armour added that no payment data was exposed because it is collected and processed separately.
Grindr, a gay-dating app, suffers from a security issue that can expose the information of its more than 3 million daily users, including the location data of people who have opted out of sharing such information, according to cybersecurity experts.
Source: nbcnews.com
According to the Baltimore Sun, the breach was confirmed by Mayor Catherine Pugh’s office, the FBI (which is helping with the investigation), Baltimore Police Commissioner Darryl De Sousa, and CIO Frank Johnson from the Mayor’s Office of Information Technology.
Source: sophos.com
Almost 20 percent of Americans froze their credit file with one or more of the big three credit bureaus in the wake of last year’s data breach at Equifax, costing consumers an estimated $1.4 billion, according to a new study. The findings come as lawmakers in Congress are debating legislation that would make credit freezes free in every state.
The travel booking site said about 880,000 payment cards were affected. According to the statement, the company found evidence in March that an attacker had access to the company’s legacy systems between October and December last year. It was during that time the hacker accessed customer data from the previous two years — between January 2016 and December 2017 — which included names, dates of birth, postal and email addresses, gender, and payment card information.
A whistleblower has revealed to the Observer how Cambridge Analytica – a company owned by the hedge fund billionaire Robert Mercer, and headed at the time by Trump’s key adviser Steve Bannon – used personal information taken without authorisation in early 2014 to build a system that could profile individual US voters, in order to target them with personalised political advertisements.
The stolen Uber data included the names and driver’s license information of around 600,000 drivers—including at least 13,500 from Pennsylvania—as well as data belonging to 25 million users in the US. It impacted over 57 million people in total. ‘Uber violated Pennsylvania law by failing to put our residents on timely notice of this massive data breach,’ Josh Shapiro, the states’s attorney general, said in a statement.
Just when you thought the Equifax clustermuck couldn’t get any muckier, the credit broker found another 2.4 million Americans affected by its 2017 breach.
Source: sophos.com