It has been reported that Boots has suspended payments using loyalty points in shops and online after attempts to break into customers’ accounts using stolen passwords. Customers will not be able to use Boots Advantage Card points to pay for products while the issue is dealt with. Boots said none of its own systems were compromised, but attackers had tried to access accounts using reused passwords from other sites. A spokeswoman for Boots said the issue affected less than 1% of the company’s 14.4 million active Advantage Cards – fewer than 150,000 people. But it could not give an exact number as the company was still dealing with the problem.
ISBuzz Team
It has been reported that clothing giant J.Crew has said an unknown number of customers had their online accounts accessed “by an unauthorised party” almost a year ago, but is only now disclosing the incident. The company said in a filing on Tuesday with the California attorney general that the hacker gained access to the customer accounts in or around April 2019. According to the letter, the hacker obtained information found in the customer’s online account — including card types, the last four digits of card payment numbers, expiration dates, and associated billing addresses. Online accounts also store the customer’s order numbers, shipping confirmation…
Ryuk ransomware hits Fortune 500 company EMCOR, a US-based Fortune 500 company specialized in engineering and industrial construction services, disclosed last month a ransomware incident that took down some of its IT systems. The incident from 15th Feb 2020 was identified as Ryuk ransomware. Details of the attack and the aftermath are not yet public, but the message announcing the ransomware infection is still present on the company’s website almost three weeks after the attack. EMCOR said that not all of its systems were impacted and that only “certain IT systems” were affected, which it promptly shut down to contain the…
Carnival Cruise line has reported a potential breach of its network after they found suspicious activity. The company reported the incident to the California Attorney General.
T-Mobile recently announced a security breach affecting its employees and customers. According to the company’s data breach notification published on the company’s website, the breach occurred due to an attack” against its email vendor. The hacker(s) were able to access some T-Mobile employee email accounts, which contained T-Mobile account information belonging to various customers and employees, such as: Names Addresses Phone numbers Account numbers Rate plans and features Billing information
Gaming giant Zynga is facing a class-action lawsuit filed by two individuals over a massive data breach last September that impacted 218 million users of the Words with Friends mobile app. The complaint was filed in the U.S. District Court for California and seeks class status and at least $5 million in damages.
It has been reported that through the use of an automated testing toolkit, a team of South Korean academics has discovered 30 vulnerabilities in the file upload mechanisms used by 23 open-source web applications, forums, store builders, and content management systems. When present in real-world web apps, these types of vulnerabilities allow hackers to exploit file upload forms and plant malicious files on a victim’s servers. These files could be used to execute code on a website, weaken existing security settings, or function as backdoors, allowing hackers full control over a server.
A report from Vectra reveals that 74 percent of all privileged access anomalous behavior detections came from an unknown host. According to the report, many companies are still not able to detect if privileged accounts were compromised. These types of behaviors reported were similar to those found in the Capital One breach.
ICO has announced that it is fining Cathay Pacific £500,000 – it’s the maximum fine under the 1998 Data Protection Act, as the breach took place pre-GDPR – for multiple data protection failings that left millions of customer records exposed. In its statement, the ICO said that: “Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and approximately 9.4 million more worldwide” and that “A catalogue of errors were found during the ICO’s investigation”. https://twitter.com/L2_Evangelist/status/1235250173405728770
Yesterday, it was reported that Tesco was experiencing security issues, and had issued new Clubcards to 600,000 account holders. The supermarket giant said it believed a database of stolen usernames and passwords from other platforms had been tried out on its websites and may have worked in some cases. No financial data was accessed, and its systems have not been hacked, it added. It said this was a precautionary measure and apologized for the inconvenience. https://twitter.com/JonathanStock86/status/1234511693604118531