Pentagon Travel Provider Data Breach Counts 30,000 Victims

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S.

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Krebs on Security

Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. as members of the PLA’s 54 th Research Institute, a component of the Chinese military. in 2019 , according to data from S&P Global Market Intelligence. The U.S.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

List of data breaches and cyber attacks in July 2020 ­– 77 million records breached

IT Governance

After mammoth amounts of personal data were leaked in May and June, we’ve seen a reversion to the mean this month. You can find our full list of publicly disclosed data breaches from July in this blog. Bitcoin scam leaks personal data of users from across the globe (248,926).

Pentagon Data Breach Exposed 30,000 Travel Records

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed an estimated 30,000 civilian and military personnel records. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S.

Pentagon Defense Department travel records data breach

Security Affairs

Pentagon – Defense Department travel records suffered a data breach that compromised the personal information and credit card data of U.S. military and civilian personnel. The Pentagon revealed that the Defense Department travel records suffered a data breach that compromised the personal information and credit card data of U.S. military and civilian personnel. The security breach was notified to the leaders on October 4.

Healthcare giant Magellan Health discloses data breach after ransomware attack

Security Affairs

is an American for-profit managed health care company, its customers include health plans and other managed care organizations, employers, labor unions, various military and governmental agencies and third-party administrators. ” reads the data breach notice issued by the company. The investigation revealed that attackers also exfiltrated a subset of data from a single corporate server, included some personal information.

Apply Military Strategy to Cybersecurity at Black Hat Trainings Virginia

Dark Reading

This special October event in Alexandria, Virginia offers unique, practical courses in everything from data breach response to military strategy for cybersecurity

List of data breaches and cyber attacks in March 2020 – 832 million records breached

IT Governance

With organisations across the globe turned upside down by the COVID-19 pandemic, there has never been a worse time to suffer a data breach or cyber attack. However, it bears reminding that most breaches take 100 days or more to be discovered, so we could be seeing the effects of the coronavirus for months after our everyday lives get back to normal. Australia’s Defence Force Recruiting systems were taken offline after security breach (unknown). Data breaches.

List of data breaches and cyber attacks in August 2020 – 36.6 million records breached

IT Governance

There were a massive 99 data breaches and cyber attacks in August, making it the third-biggest monthly total of the year by number of security incidents. Data breaches. The post List of data breaches and cyber attacks in August 2020 – 36.6

Anthem, Apple and the Pentagon: A Data-Breach Cornucopia

Threatpost

Breach Critical Infrastructure Government Hacks Privacy Vulnerabilities 000 victims 30 Anthem apple Apple ID credit card breach data breach Department of Defense goa report military personnel payment fraud Pentagon record fine travel office weapons vulnerabilitiesA record fine and two new compromises kick off the autumn compromise season.

Autoclerk travel reservations platform data leak also impacts US Government and military

Security Affairs

vpnMentor’s discovered a breach in a database belonging to Autoclerk, a reservations management system owned by Best Western Hotels and Resorts Group. Security experts at vpnMentor’s discovered a breach in a database belonging to Autoclerk, a reservations management system owned by Best Western Hotels and Resorts Group. The data leak exposed sensitive personal information of thousands of users worldwide and hotel guests, along with a hotel and travel reservations.

Equifax Breach: Four Members of Chinese Military Charged with Hacking

Threatpost

Feds have charged four members of the Chinese People’s Liberation Army (PLA) in connection with the infamous 2017 Equifax breach. Breach Government apache struts flaw breach china hacks Chinese people's liberation army Chinese PLA data breach Equifax Equifax breach hack Hackers personal data

Vermont’s Amendments to Data Breach Law and New Student Privacy Law Effective July 1, 2020

Hunton Privacy

On July 1, 2020, amendments to Vermont’s data breach notification law, signed into law earlier this year, will take effect along with Vermont’s new student privacy law. Security Breach Notice Act. Expand the definition of a breach to include login credentials, meaning “a consumer’s user name or e-mail address, in combination with a password or an answer to a security question, that together permit access to an online account.” Student Data Privacy.

GUEST ESSAY: Pentagon’s security flaws highlighted in GAO audit — and recent data breach

The Last Watchdog

And yet two recent disclosures highlight just how brittle the military’s cyber defenses remain in critical areas. The result: personal information and credit card data of at least 30,000 U.S. military and civilian personnel were compromised. Being the obvious target that it is, the U.S. Department of Defense presumably has expended vast resources this century on defending its digital assets from perennial cyber attacks. Related: Why carpet bombing email campaigns endure.

Data Breach Exposes Records of 114 Million U.S. Citizens, Companies

The Security Ledger

citizens and companies was discovered sitting online unprotected due to misconfigured search, a data leak that is estimated to affect about 83 million people. The post Data Breach Exposes Records of 114 Million U.S. Related Stories Veeam mishandles Own Data, exposes 440M Customer E-mails Military documents about MQ-9 Reaper drone leaked on dark web Report: Small, Stealthy Groups Behind Worst Cybercrimes.

List of data breaches and cyber attack in March 2019 – 2.1 billion records leaked

IT Governance

There’s a new compiler at the helm of our monthly list of data breaches, following the departure of IT Governance stalwart Lewis Morgan, who leaves me with some mighty big shoes to fill. Fortunately – or, rather, unfortunately ­– the new regime has a familiar ring to it, with another mammoth list of data breaches. All-in-one widget ShareThis discloses data theft (617 million). Chinese hackers target universities in pursuit of maritime military secrets (unknown).

Chinese Military personnel charged with hacking into credit reporting agency Equifax

Security Affairs

The United States Department of Justice charged 4 Chinese military hackers with hacking into credit reporting agency Equifax. The United States Department of Justice officially charged 4 members of the China’s PLA’s 54th Research Institute, a division of the Chinese military, with hacking into credit reporting agency Equifax. The four members of the Chinese military unit are Wu Zhiyong (???), Exposed data included names, birth dates, and social security numbers.

Military documents about MQ-9 Reaper drone leaked on dark web

The Security Ledger

Hackers have put up for sale on the dark web sensitive military documents, some associated with the U.S. military’s MQ-9 Reaper drone aircraft, one of its most lethal and technologically advanced drones, security research firm Recorded Future recently discovered. » Related Stories Fitness apps: Good for your health, not so much for military security Evasive new botnet can take over enterprise devices to steal data, spread ransomware U.S.

Washington Amends Data Breach Notification Law

Hunton Privacy

As reported by Bloomberg Law , on May 7, 2019, Washington State Governor Jay Inslee signed a bill ( HB 1071 ) amending Washington’s data breach notification law. biometric data generated by automatic measurements of an individual’s biological characteristics such as a fingerprint, voiceprint, eye retinas, irises or other unique biological patterns or characteristics that is used to identify a specific individual. Security Breach U.S.

Washington State Comprehensive Privacy Bill Loses Steam, Data Breach Law Amendment Heads to Governor’s Desk

Data Matters

On April 22, 2019, the Washington state legislature passed HB1071 (“the Bill”) to strengthen the state’s existing data breach notification law. Reminders on Usernames and Passwords : If consumer usernames or passwords are breached, the notice to affected residents must instruct the affected consumer to change his or her password and security question or answer, or to take other appropriate steps to protect the online account. CCPA Cybersecurity Data Breaches Legislation U.S.

Cabinet Office at risk of further data breaches, review concludes

The Guardian Data Protection

Series of recommendations are made following leak of New Year honours list details A government department admonished for publishing honours list details in error is at “significant risk” of making further and bigger personal data breaches, a review has found. The Cabinet Office apologised after the home addresses of celebrities and military figures named in the 2020 New Year honours list were inadvertently posted online.

Nine States Pass New And Expanded Data Breach Notification Laws

Data Protection Report

While laws like the California Consumer Privacy Act (CCPA) are getting all the attention, many states are actively amending their breach notification laws. Illinois, Maine, Maryland, Massachusetts, New Jersey, New York, Oregon, Texas, and Washington have all amended their breach notification laws to either expand their definitions of personal information, or to include new reporting requirements. The Attorney General will also be permitted to publish information concerning breaches.

DOD DISA US agency discloses a security breach

Security Affairs

The Defense Information Systems Agency (DISA) US agency in charge of secure IT and communication for the White House has disclosed a data breach. The Defense Information Systems Agency (DISA), the DoD agency that is in charge of the security of IT and telecommunications for the White House and military troops has suffered a cyber attack. Got another #PII #breach letter from DoD. military and civilian personnel.

Here’s Why Credit Card Fraud is Still a Thing

Krebs on Security

Whoever compromised the shop siphoned data on millions of card accounts that were acquired over four years through various illicit means from legitimate, hacked businesses around the globe — but mostly from U.S.

Sales 215

Washington State Legislators Approve Amendments to Data Breach Law

Hunton Privacy

The Bill was requested by Attorney General Ferguson and would strengthen Washington’s data breach law. The request to amend the current law followed Attorney General Ferguson’s third annual Data Breach Report , which found that data breaches affected nearly 3.4 The Bill’s key amendments include: Expanding breach notification requirements to more types of consumer information. Introducing a specific rule for breach of usernames and passwords.

Analysis: Indictments in Equifax Hack

Data Breach Today

The latest edition of the ISMG Security Report analyzes the indictments of four Chinese military officers in connection with the 2017 Equifax data breach. Also featured: Advice on implementing NIST's new privacy framework; lessons learned in a breach disclosure

Researchers found alleged sensitive documents of NATO and Turkey

Security Affairs

Researchers from the US-based firm Cyble recently came across a post shared by an unknown threat actor that goes online with the moniker Spectre123, where he has allegedly leaked the sensitive documents of NATO and Havelsan (Turkish Military/defence manufacturer).

From China with Love: New York Firm sold millions in PRC Surveillance Gear to US Government, Military

The Security Ledger

Military, the Department of Energy and other government agencies that it claimed were "Made in the U.S.A". Independent Security Researchers Feel the Chill Up North Podcast Episode 141: Massive Data Breaches Just Keep Happening. A complaint unsealed by the Department of Justice on Thursday alleges a New York firm engineered a years-long scheme to deceive the U.S. government: selling Chinese manufactured cameras and other gear to the U.S.

Maze Ransomware operators hacked the Xerox Corporation

Security Affairs

Maze ransomware operators have breached the systems of the Xerox Corporation and stolen files before encrypting them. It consists of multiple screenshots showing the compromised server(s) files and data encrypted by the ransomware.” “One of the snapshot consists of a warning message stating Xerox to contact the operators within 3 days, otherwise, the information about the breach would be posted on Maze public news website.

Colorado Amends Data Breach Notification Law and Enacts Data Security Requirements

Hunton Privacy

Recently, Colorado’s governor signed into law House Bill 18-1128 “concerning strengthening protections for consumer data privacy” (the “Bill”), which takes effect September 1, 2018. Attorney General Notification: If an entity must notify Colorado residents of a data breach, and reasonably believes that the breach has affected 500 or more residents, it must also provide notice to the Colorado Attorney General.

List of data breaches and cyber attacks in September 2019 – 531 million records leaked

IT Governance

Thanks to a whopping data breach from an unknown server exposing 419 million data records, our monthly total comes to 531,596,111 breached records. This brings the total amount of breached records for the year so far to 10,331,579,614. September may have had fewer incidents than August at only 75, but overall there was a massive 363% increase on records breached. xkcd forum taken offline after personal data leak (562,000). Data breaches.

Secret Service Investigates Breach at U.S. Govt IT Contractor

Krebs on Security

Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. government IT contractor that does business with more than 20 federal agencies, including several branches of the military. The CPB later said the breach was the result of a federal contractor copying data on its corporate network, which was subsequently compromised.

IT 184

Security Affairs newsletter Round 286

Security Affairs

million users due to critical vulnerability Nefilim ransomware gang published Luxottica data on its leak site NSA details top 25 flaws exploited by China-linked hackers Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks U.S.

List of data breaches and cyber attacks in May 2020 – 8.8 billion records breached

IT Governance

We have just seen 8,801,171,594 breached data records in one month. Indeed, it bears reminding relatively small breaches can often be the most damaging – such as an email gaffe this month in which the identities of 250 abuse survivors in Northern Ireland were exposed. Take a look at every data breach and cyber attack that we recorded in May in this blog. Outsourcing group Interserve is recovering after hackers steal employee data (100,000). Data breaches.

Japan suspects HGV missile data leak in Mitsubishi security breach

Security Affairs

it suspects a possible leak of data including details of a prototype missile. In January, the company disclosed a security breach that might have exposed personal and confidential corporate data, at the time, it claimed that attackers did not obtain sensitive information about defense contracts. Mitsubishi revealed that personal data on some 8,000 people also might have been leaked.

Maze ransomware gang leaked Canon USA’s stolen files

Security Affairs

According to the media outlet, the incident resulted in the loss of data for users of their free 10GB storage feature. At the time the company only confirmed an internal investigation on a problem related to “10GB of data storage.”.

0v1ru$ hackers breach FSB contractor SyTech and expose Russian intel projects

Security Affairs

SyTech , a contractor for the Federal Security Service of the Russian Federation (FSB) has been hacked, attackers stole data about interna l projects. Attackers have hacked SyTech, a contractor for the Federal Security Service of the Russian Federation (FSB), and exfiltrated data about interna l projects. “According to the data received, the majority of non-public projects of Sytech were commissioned by military unit No. SecurityAffairs – SyTech, data breach).

Did Maze ransomware operators steal 10 GB of data from Canon?

Security Affairs

According to the media outlet, the alleged incident resulted in the loss of data for users of their free 10GB storage feature. At the time the company only confirmed an internal investigation on a problem related to “10GB of data storage.”

ID Numbers for 120 Million Brazilians taxpayers exposed online

Security Affairs

It is not clear how long data remained exposed online or who accessed them. The folder included data archives ranging in size from 27 megabytes to 82 gigabytes. Experts at InfoArmor discovered that one of the archive contained data related to Cadastro de Pessoas Físicas (CPFs), personal information, military info, telephone, loans, and addresses. . A question remains without response, why this kind of data was exposed a third-party server.

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Security Affairs

Researchers at IBM X-Force Incident Response Intelligence Services (IRIS) discovered an unsecured server belonging to Iran-linked APT35 group (aka ITG18, Charming Kitten , Phosphorous, and NewsBeef ) containing data for many domains managed by the threat actor. “Now, due to operational errors—a basic misconfiguration—by suspected ITG18 associates, a server with more than 40 gigabytes of data on their operations has been analyzed by X-Force IRIS analysts.”