Marriott: Data on 500 Million Guests Stolen in 4-Year Breach

Krebs on Security

Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years. Data Breaches Marriott Data breach Starwood breach

Data 245

USPS Site Exposed Data on 60 Million Users

Krebs on Security

Many of the API’s features accepted “wildcard” search parameters, meaning they could be made to return all records for a given data set without the need to search for specific terms.

Data 271

Jared, Kay Jewelers Parent Fixes Data Leak

Krebs on Security

” Concerned that his own information was similarly exposed, Sheehy contacted Jared parent company Signet Jewelers and asked them to fix the data exposure. But Lancaster said Signet neglected to remedy the data exposure for all past orders until contacted by KrebsOnSecurity.

Data 185

'Data & Leads' Site Disappears After Data Exposure Alert

Data Breach Today

Data Aggregator Exposed 44.3 million individuals' personal details found in unsecured instances of Elasticsearch, which appear to have been left online by Data & Leads, a Toronto-based data aggregation firm Million Individuals' Details via Unsecured Servers Another day, another "Have I Been Pwned" alert, this time involving 44.3

Data 148

GDPR: 8,000 Data Breach Reports Filed So Far in UK

Data Breach Today

s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the public

Is It Time for a Federal U.S. Data Protection Law?


The Case for a Federal Data Protection Law. Now, depending on your location and industry, you may have to navigate the requirements of GDPR , other countries’ data protection laws and U.S. Some may not want to limit access to data for that reason.

IT 80

Fresh GandCrab Decryptor Frees Data for Free

Data Breach Today

Crypto-Locking Ransomware Cracked Thanks to Gang's Shoddy Code Quality Good news for anyone whose data has been crypto-locked by attackers wielding GandCrab, the year's most aggressive strain of ransomware: You may be able to get your data back, thanks to a free decryptor

12 States File Data Breach Lawsuit Against EHR Vendor

Data Breach Today

In Wake of Massive Data Breach, Attorneys General Allege Violations of HIPAA, State Laws In a groundbreaking effort, the attorneys general of a dozen states have jointly filed a federal lawsuit against a cloud-based electronic health records vendor that reported a 2015 data breach affecting 3.9

Responsibility of Data Architecture in Data Governance

Perficient Data & Analytics

The data architecture capability will supply the components and standards necessary to implement other capabilities coherently and enable them to work together. An enterprise data model provides a common, well-understood classification of data.

Magecart Cybercrime Groups Harvest Payment Card Data

Data Breach Today

Card-Scraping Code Has Infiltrated Over 100,000 E-Commerce Sites Over the past year, there's been a surge in so-called Magecart attacks, which involve payment card data being stolen from e-commerce sites via injected attack code.

Groups 185

Serbia Enacts New Data Protection Law

Hunton Privacy

On November 9, 2018, Serbia’s National Assembly enacted a new data protection law. The Personal Data Protection Law, which becomes effective on August 21, 2019, is modeled after the EU General Data Protection Regulation (“GDPR”). Consent – the Personal Data Protection Law introduces new forms of valid consent for data processing (including oral and electronic) and clarifies that the consent must be unambiguous and informed.

Data-Centric Security and Big Data

Thales Data Security

As Cybersecurity continues to be heavily focused on solving the problem of attacks against software vulnerabilities and system access, one potential silver bullet in the data breach equation remains out of the limelight. The Big Data Conundrum. Data security

British Airways Finds Hackers Stole More Payment Card Data

Data Breach Today

Investigators Now Count 565,000 Data Breach Victims British Airways has discovered that hackers compromised payment card data and personal details for 185,000 more customers than it had originally suspected and that its systems were first breached not in August, but April.

Magecart Cybercrime Groups Mass Harvest Payment Card Data

Data Breach Today

Card-Scraping Code Has Infiltrated Over 100,000 E-Commerce Sites Over the past year, there's been a surge in so-called Magecart attacks, involving payment card data being stolen from e-commerce sites via injected attack code.

Groups 233

Misconfigured Server Exposes Patient Data

Data Breach Today

Security Researcher Discovers Apparent Breach at Medical Practice A medical practice's misconfigured database server that allegedly exposed information about thousands of patients plus staff serves as another reminder about the importance of safeguarding sensitive data from exposure on the internet

Data 197

PageUp Breach: 'No Specific Evidence' of Data Exfiltration

Data Breach Today

But Forensic Investigation Shows Attackers Had Exfiltration Tools in Place Australian human resources software developer PageUp says it has found "no specific evidence" that attackers removed data, following the company warning in May that it had been breached.

Tools 180

HSBC Bank Alerts US Customers to Data Breach

Data Breach Today

customers that their personal data was compromised in a breach, although it says it's detected no signs of fraud following the "unauthorized entry." Unauthorized Entry' to Some Accounts Exposes Account Details and Statements HSBC bank is warning some of its U.S.

Protecting Big Data, while Preserving Analytical Agility

Thales Data Security

The age of Big Data is upon us. And, as more data is available for analytical purposes, more sensitive and private information is at risk. Protecting the confidentiality and integrity and of warehoused data and ensuring that access is controlled is vital to keeping that data secure.

Fiserv Flaw Exposed Customer Data at Hundreds of Banks

Krebs on Security

“I shouldn’t be able to see this data,” Hermansen said. Data Breaches The Coming Storm Aite Group Allen Weinberg fiserv Glenbrook Partners Julie Conroy Kristian Erik Hermansen secureinternetbank.comFiserv, Inc.,

Data 201

The role of the data curator: Make data scientists more productive

Information Management Resources

Data Scientist Data Analyst Chief Data OfficerIn 2018 we will increasingly see this job created in order to bridge the worlds of business and IT for the better use of analytics.

Why Contingency Planning for Vendor Data Disputes Is Critical

Data Breach Today

Cloud 182

Facebook Clarifies Extent of Data Breach

Data Breach Today

30 Million Affected; 14 Million Had Extensive Information Exposed Facebook now says that 20 million fewer accounts were breached than it originally believed, but the attackers accessed extensive sensitive personal information on nearly half of those affected

30k+ Pentagon Employees Compromised in Data Breach

Adam Levin

The credit card data and travel records of roughly 30,000 employees of the U.S. Defense Department have been compromised in a data breach. The post 30k+ Pentagon Employees Compromised in Data Breach appeared first on Adam Levin.

Cathay Pacific Says 9.4 Million Affected by Data Breach

Data Breach Today

That raises questions about whether the airline violated data breach disclosure regulations Airline's Five-Month Delay Before Public Disclosure Raises Concern Hong Kong-based airline Cathay Pacific says the personal details of 9.4

Pentagon Travel Provider Data Breach Counts 30,000 Victims

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel.

Nordstrom Blames Breach of Employee Data on Contractor

Data Breach Today

Breach Exposed Social Security Numbers, Birthdates, Salaries, Bank Account Data The department store chain Nordstrom says it doesn't believe that employees' personal and financial data, which was exposed in an October data breach due to a contractor's error, has been misused. The retailer says the breach exposed no customer data

Retail 157

How the General Data Protection Regulation (GDPR) Helps Improve RIM Policies and Processes


A good incentive to update and strengthen your organization’s records and information management (RIM) policies is the looming threat of fines upwards of 20 million euros, courtesy of the European Union’s General Data Protection Regulation (GDPR) , which became effective on May 25, 2018.


Your Personal Data is Already Stolen

Schneier on Security

Reality #2: Any data point you share with a company will in all likelihood eventually be hacked, lost, leaked, stolen or sold ­ usually through no fault of your own.

Access 113

The GDPR: Everything you need to know about data controllers and data processors

IT Governance

Data controllers and data processors are an integral part of the GDPR. The terms ‘data controller’ and ‘data processor’ have been around for years, but it’s only since the EU GDPR (General Data Protection Regulation) took effect that they’ve been scrutinised.

GDPR 102

Allure Security: Protecting Data

Data Breach Today

CEO Mark Jaffe on How to Protect What the Adversaries Really Want Mark Jaffe is less concerned about how adversaries breach networks, but more concerned about how to secure their actual target - critical data. His startup company, Allure Security, intends to help secure that data

T-Mobile Database Breach Exposes 2 Million Customers' Data

Data Breach Today

Attacker Wants to Sell Stolen Data, Security Researcher Warns T-Mobile has suffered a breach that may have exposed personal data for 2.3 million of its 77 million customers, and one security researcher says the hacker appears to be keen to sell the stolen data

Data 213

Health Data Breach Tally: Analyzing the Latest Trends

Data Breach Today

Sorting Out What Kinds of Incidents Are Most Common This Year What kinds of health data breaches have been most common so far in 2018? An analysis of the official HHS breach tally reveals the latest trends, and security experts offer an analysis

Breach of Obamacare Site Spilled Sensitive Data

Data Breach Today

Data 184

Update: Breach Exposed Extensive Data

Data Breach Today

Data 145

The Battle for Data Integrity

Data Breach Today

Microsoft's Diana Kelley on How to Ensure Your Data's Reliability Stolen data is one thing - the consequences are obvious. But what if data is not stolen or leaked, but rather altered?

How To 130

FreshMenu Hid Data Breach Affecting 110,000 Users

Data Breach Today

CEO Took Two Years to Acknowledge Incident FreshMenu, a food delivery provider based in India, has come under social media attack for keeping under wraps a data breach two years ago that exposed the personal information of over 110,000 users

Compliance concerns shouldn't drive data security strategies

Information Management Resources

Data security Cyber security Data managementCompliance concerns certainly have their place in today’s enterprise, however, they should not be viewed as interchangeable with security best practices.

Uber fined nearly $1.2 Million by Dutch and UK Data Protection Authorities over data breach

Security Affairs

British and Dutch data protection regulators fined the ride-sharing company Uber with $1,170,892 for the 2016 data breach. British and Dutch data protection regulators have fined Uber with $1,170,892 for the 2016 security breach that exposed personal data of 57 million of its users.

327 million Marriott guests affected in Starwood Data Breach

Security Affairs

Starwood Data Breach – Hackers accessed the guest reservation system of the Marriot owned Starwood since 2014 and copied and encrypted the information. ” reads the data breach notification published by Marriot. ” continues the data breach notification.

The global expansion of master data management

Information Management Resources

MDM Data governance Data miningOrganizations can integrate various information types into a single MDM platform by leveraging emerging options for schema and taxonomies, producing virtually limitless competitive advantage.

Data 203

GDPR Effect: Data Protection Complaints Spike

Data Breach Today

Individuals Report Organizations for Allegedly Failing to Secure Personal Data Three months after the EU's General Data Protection Regulation went into full effect, the U.K.'s

GDPR 144

Pentagon Defense Department travel records data breach

Security Affairs

Pentagon – Defense Department travel records suffered a data breach that compromised the personal information and credit card data of U.S. The data breach could have happened some months ago and could have affected as many as 30,000 workers.

Librarian Sues Equifax Over 2017 Data Breach, Wins $600

Krebs on Security

In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people , many Americans no doubt felt resigned and powerless to control their information.