Tag Archives: Data breach

Indiana Argues Companies are Deceptive if They Suffer a Data Breach

The Indiana Attorney General recently lodged a claim under the Indiana Deceptive Consumer Sales Act (Indiana Deception Act) that might allow data breach victims to file class action lawsuits against companies and recover $500 or more per person in damages and attorney’s fees.

If successful, this could open the floodgates of litigation against companies who suffer data breaches exposing personally identifying information.

The Indiana Deception Act

The Indiana Deception Act protects consumers from companies who commit deceptive and unconscionable sales acts. Under the Indiana Deception Act, a company “may not commit an unfair, abusive, or deceptive act, omission, or practice in connection with a consumer transaction.” For the first time, the Indiana Attorney General recently argued that this Act should apply to data breaches. Continue reading Indiana Argues Companies are Deceptive if They Suffer a Data Breach

Australian Parliament Hacked!

Australian Parliament Hacked!

Australia’s parliament had to reset and change its computer network passwords after an unknown hacker tried to infiltrate and bypass its systems, according to a Reuter’s report.

As stated in the report, both Tony Smith, the speaker of the lower House of Representatives, and Scott Ryan, president of the upper house Senate, said there’s no evidence that any data had been accessed or stolen.

No Stolen Data

“We have no evidence that this is an attempt to influence the outcome of parliamentary processes or to disrupt or influence electoral or political processes,” Smith and Ryan responded in a joint statement.

“Accurate attribution of a cyber incident takes time and investigations are being undertaken in conjunction with the relevant security agencies.” Continue reading Australian Parliament Hacked!

Popular Online Game ‘Town of Salem’ Suffers Data Breach Exposing 7.6 Million Players

A data breach at BlankMediaGames (BMG) has affected more than 7.6 million players of Town of Salem, a browser-based online role-playing game.

The Discovery

The incident was disclosed on December 28 to cybersecurity company DeHashed, which received an anonymous email containing evidence of server and database access.

DeHashed says affected data includes usernames, emails, passwords, IP addresses, game and forum activity, and payment information. Some users who paid for features also had billing data compromised.

The Breach

The attackers used a Local File Execution/Remote File Execution (LFI/RFI) attack that injects malicious code into a web server running PHP, DeHashed said.

The attackers then gained unauthorized access to the complete gamer database which contained 7,633,234 unique email addresses (most were Gmail, Hotmail, and Yahoo.com email accounts).

BMG’s Response

A BlankMediaGames developer named Achilles responded on the Town of Salem forums that no credit-card numbers were stolen. Further, Achilles wrote, all passwords were hashed and not stored in plain text.

“The only important data compromised would be your Username/hashed password, IP and email,” Achilles wrote. “Everything else is just game related data.”

Moving Forward

Data is becoming a much larger issue for game developers; just last month, Bethesda Game Studios came under fire for a bug that leaked player information from support tickets.

If you’ve played Town of Salem, you should change your password immediately.

 

Marriott Announces One of Largest Data Breaches in History

Marriott recently announced that hackers stole information on as many as 500 million guests over a four-year span, obtaining credit card and passport numbers and other personal data. This breach is one of the largest breaches in history.

What We Know

When the Marriott-Starwood merger was first announced in 2015, Starwood had 21 million people in its loyalty program. The company manages more than 6,700 properties across the globe, most in North America.

The affected hotel brands were operated by Starwood prior to the merger in 2016. They include W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Le Méridien and Four Points. Starwood-branded timeshare properties were also affected. None of the Marriott-branded chains were affected. Continue reading Marriott Announces One of Largest Data Breaches in History

Survey Shows Data Breaches Lead to Poor Customer Retention

Data breaches are a common occurrence, with organizations large and small falling victim to online attackers. The impact of a data breach is not just the economic loss of data; a breach also leads to the loss of customer loyalty as well.

Ping Identity recently released the results of its 2018 Consumer Survey: Attitudes and Behavior in a Post-Breach Era, unveiling consumer sentiments and behaviors toward security and brands impacted by data breaches.

Survey Results

The collected data highlights the importance of protecting customer data, with the survey finding that 78 percent of respondents would stop engaging with a brand online after a data breach. Continue reading Survey Shows Data Breaches Lead to Poor Customer Retention

Cathay Pacific Airline Breach Affects 9.4 Million Customers

Hong Kong-based Cathay Pacific airline recently announced that its computer systems were compromised. The data breach was detected in March and compromised the personal data of roughly 9.4 million passengers. The exact attack vector is unknown.

Airline’s Response

Cathay, who is currently investigating the incident, confirmed information such as phone numbers, dates of birth, passport numbers, and frequent flier numbers were exposed. Additionally, the airline added that 27 credit card numbers had also been acquired in the breach.

“We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” said the airline’s chief executive, Rupert Hogg. Continue reading Cathay Pacific Airline Breach Affects 9.4 Million Customers

Dissecting 2018’s Mid-Year Data Breach Statistics

After the first six months of 2018, 4.5 billion data records have already been compromised according to a recent report. Data breaches have affected businesses large and small, from Adidas (two million records compromised) to Facebook (up to two billion accounts affected) to municipal airports and accounting firms, and 2018 has already seen more than its fair share of massive global data breaches.

The Gemalto Report

Digital security specialist Gemalto revealed in a new report that 945 data breaches led to a staggering 4.5 billion data records being compromised worldwide in the first half of 2018.

Although the total number of breaches were down from the same period the year before, the number of records compromised were up over 130 percent as the severity of individual incidents increased. Continue reading Dissecting 2018’s Mid-Year Data Breach Statistics

California Becomes First State to Pass IoT Security Law

California continues to pass tighter laws in the cybersecurity world.

California Governor Jerry Brown recently signed into law bill No. 327 which requires connected device manufacturers to include “reasonable” security features for those devices sold in California. With passage of this new law, California becomes the first state in the nation to adopt such legislation.

What the Law Requires

Beginning on January 1, 2020, the law will require a manufacturer of a connected device to equip the device with reasonable security features that are “appropriate to the nature and function of the device” and appropriate to the type of information collected by the device. It also mandates that any maker of an Internet-connected, or “smart” device ensures the device has “reasonable” security features that “protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.” Continue reading California Becomes First State to Pass IoT Security Law

Uber Settles Data Breach Investigation for $148 Million

On September 26th, Uber agreed to pay a record $148 million to settle allegations that the company intentionally concealed a major data breach in 2016.

The settlement ends a multistate investigation that found the ride-hailing company paid hackers $100,000 to conceal the breach, which exposed the names, email addresses, and cellphone numbers of 57 million users.

Uber failed to notify the 57 million individuals of the data breach and only provided public notice of the breach a year after it happened in late 2016.

Uber’s Response

Uber said in a November 2017 statement from CEO Dara Khosrowshahi that the breach was carried out by two hackers outside the company. The hackers accessed user data on a third-party, cloud-based service the company uses to store information. The hackers, however, were not able to download users’ Social Security numbers, bank account information, credit card numbers, dates of birth, and trip history, according to the company. Continue reading Uber Settles Data Breach Investigation for $148 Million

Air Canada – The Latest Company Compromised by Data Breach

Air Canada, the largest airline of Canada by fleet size and passengers carried, has reported a massive data breach of its app, putting thousands of passenger passport details, among other personal information, at risk.

Air Canada’s Response

The airline issued a warning to mobile app users that their personal data may have been compromised in a cyberattack. This may placs those who entered their details at risk of identity theft. It is believed approximately 20,000 customers may have had their data stolen. All Air Canada app users have been asked to change their passwords.

Profile data, such as names, email addresses, passport numbers, genders and dates of birth, among others, can all be stored in the airline’s app – making this stored data a potential target in the attack. Continue reading Air Canada – The Latest Company Compromised by Data Breach