Amtrak recently disclosed a breach affecting its Guest Rewards accounts, where attackers used previously compromised credentials to access sensitive user data from May 15-18. Although Amtrak’s systems were not hacked directly, the unauthorized access exposed personal information including names, contact details, partial payment information, and travel history. The attackers even …
Major insurance provider Globe Life is reeling from a data breach after a security flaw in one of their web portals exposed customer information. The exact nature and scope of the breach are still under investigation. The company became aware of the problem after a state regulator raised concerns about …
Los Angeles County Department of Public Health (DPH) disclosed a data breach impacting over 200,000 individuals. The incident was caused by a phishing attack that compromised the login credentials of 53 employees. The stolen data includes personal, medical, and financial information. DPH has implemented security enhancements, such as disabling affected …
Nearly 400,000 individuals had sensitive information stolen during a 2023 cyberattack on Panorama Eyecare, a company supporting eye clinics. The breach exposed names, Social Security numbers, financial details, and medical data. The incident highlights the risks associated with third-party service providers in healthcare. Panorama Eyecare said it first discovered the …
A recent cyberattack targeted Disney’s internal servers, resulting in the theft of 2.5 GB of sensitive data. The breach included current information about Disney’s operations, including Disney+, corporate strategies, and advertising plans. Threat actors exploited previously exposed credentials to gain unauthorized access to Disney’s systems. This highlights the importance of …
The New York Times suffered a significant data breach, with 273GB of internal source code and data leaked on 4chan. An exposed GitHub token allowed unauthorized access to the company’s repositories, leading to the theft. The threat actor shared a text file containing a complete list of the 6,223 folders …
The Fog ransomware group is utilizing stolen VPN credentials and system vulnerabilities to access and encrypt data in virtual environments. Predominantly attacking the US education sector, Fog exploits the common cybersecurity weaknesses during summer vacations. Organizations should continue to educate employees and enforce practices related to secure credential management practices.
A significant data breach involving a Florida-based firm specializing in background checks and personal information handling was reported today. Criminal group known as USDoD is allegedly selling a database containing 2.9 billion records, which includes sensitive information about US, Canadian, and British citizens. The database reportedly contains full names, addresses, …
Ticketmaster, a subsidiary of Live Nation, has suffered a significant cyber-attack.The breach potentially affects 560 million customers, compromising names, addresses, phone numbers, and partial payment details. The incident raises concerns about the security of third-party cloud databases; it highlights the growing trend of ransom demands in cyber-attacks; and has wider …
The Department of Health and Human Services (HHS) has reversed its previous stance, now allowing Change Healthcare to file breach notifications on behalf of entities affected by the February ransomware attack. Initially, HHS required each impacted organization to individually report breaches, causing frustration among the thousands of affected healthcare providers. …
