Tag: data breach

Snowflake Breach Exposes 165 Customers’ Data in Ongoing Extortion Campaign
News

Snowflake Breach Exposes 165 Customers’ Data in Ongoing Extortion Campaign

According to reports, up to 165 Snowflake clients may have had their information exposed as part of a continuous campaign to aid in data theft and extortion. This suggests the operation may have wider ramifications than first believed. The as-yet-unclassified activity cluster is being tracked by Google-owned Mandiant, which is supporting the cloud data warehousing platform in its incident response activities. It is identified as a financially driven threat actor and goes by the name UNC5537. According to the threat intelligence organization, UNC5537 is utilizing stolen customer credentials to methodically compromise Snowflake client instances, post victim data for sale on cybercrime sites, and attempt to extort many of the victims. UNC5537 often extorts people for financial benef...
Experts Find Flaw in Replicate AI Service Exposing Customers’ Models and Data
News

Experts Find Flaw in Replicate AI Service Exposing Customers’ Models and Data

Researchers studying cybersecurity have uncovered a serious security vulnerability in Replicate, a company that offers artificial intelligence (AI) as a service. This vulnerability could have given threat actors access to private AI models and private data. Cloud security company Wiz stated in a report released this week that taking advantage of this vulnerability would have permitted unauthorized access to all of Replicate's platform customers' AI prompts and results. The problem arises from the fact that AI models are commonly packed in forms that permit arbitrary code execution. This means that a malicious model could be used by an attacker to carry out cross-tenant assaults. Machine learning models are containerized and packaged by Replicate using an open-source technology ca...
LA County Health Services: Patients’ data exposed in phishing attack
News

LA County Health Services: Patients’ data exposed in phishing attack

Following a recent phishing attack that affected over two dozen employees, the Los Angeles County Department of Health Services revealed a data breach involving patient personal and health information. The second largest public health care system in the nation, behind NYC Health + Hospitals, is this integrated health system, which runs the public hospitals and clinics in L.A. County, the most populous county in the nation. According to information published in notifications of a data breach issued to an unspecified number of people who might be impacted, a February hack resulted in the theft of credentials from 23 employees. In this instance, the DHS staff members believed they were accessing a genuine email from a reliable sender when they clicked read more LA County Health Serv...
French unemployment agency data breach impacts 43 million people
News

French unemployment agency data breach impacts 43 million people

France Travail, the old Pôle Emploi, has issued a warning that hackers may have gained access to its networks and are using them to leak or take advantage of the personal information of up to 43 million people. The French government's France Travail is in charge of registering jobless people, giving them financial aid, and helping them locate employment. The organization said yesterday that between February 6 and March 5, hackers conducted a cyberattack that resulted in the theft of personal information from job searchers who had registered with them in the previous 20 years. Additionally disclosed was information from people who have a job candidate profile read more French unemployment agency data breach impacts 43 million people. Get up to date on the latest cybersecurity news...
Bank of America warns customers of data breach after vendor hack
Business

Bank of America warns customers of data breach after vendor hack

Following a hacking incident involving one of its service suppliers last year, Bank of America is alerting its clientele to a data breach that may expose their data. According to information shared with the Attorney General of Texas, the impacted individuals' names, addresses, social security numbers, dates of birth, and financial information, including account and credit card numbers, are among the customer's personally identifiable information (PII) exposed in the security breach. While Infosys McCamish Systems (IMS), the vendor whose systems were accessed, disclosed in a recent filing with the Attorney General of Maine that 57,028 customers' data was exposed in the event, Bank of America has not yet disclosed the number read more Bank of America warns customers of data breach aft...
Data breach at French healthcare services firm puts millions at risk
News

Data breach at French healthcare services firm puts millions at risk

The data of policyholders and medical professionals in France was compromised by a cyberattack on the French healthcare services company Viamedis. As of this writing, the company's website is still unavailable, but a notice about the data breach has been shared on LinkedIn. The social security number, date of birth, marital status, health insurance company name, and guarantees that are payable to third parties are among the information made public by the attack. The organization has made it clear that no one's bank account information, postal address, phone number, or email address was stored on the compromised systems read more Data breach at French healthcare services firm puts millions at risk. Get up to date on the latest cybersecurity news and enhance your knowledge of cy...
FTC orders Blackbaud to boost security after massive data breach
News

FTC orders Blackbaud to boost security after massive data breach

Blackbaud has reached a settlement with the Federal Trade Commission following allegations of careless data retention policies and inadequate security, which resulted in a ransomware attack in May 2020 and a data breach impacting millions of individuals. Listed on the NASDAQ, Blackbaud is a multinational corporation headquartered in the United States that offers cloud-based donor data management software to nonprofits, including charities, schools, and medical facilities. According to the complaint, the business "failed to monitor attempts by hackers to breach its networks, segment data to prevent hackers from easily accessing its networks and databases, ensure data that is no longer needed is deleted, adequately implement multifactor authentication read more FTC orders Blackbaud to...
Framework discloses data breach after accountant gets phished
News

Framework discloses data breach after accountant gets phished

Framework Computer announced the discovery of a data breach that exposed the private data of an unspecified number of its clients following a phishing assault on Keating Consulting Group, the company's accounting service provider. The California-based company that makes modular and upgradeable laptops claims that on January 11, a threat actor posing as Framework's CEO tricked an accountant at Keating Consulting into disclosing a spreadsheet that contained personally identifiable information (PII) of clients "associated with outstanding balances for Framework purchases." In emails notifying affected parties of the data breach, the company states, "On January 9th, at 4:27am PST, the attacker sent an email to the accountant read more Framework discloses data breach after accountant get...
MongoDB Suffers Security Breach Exposing Customer Data
News

MongoDB Suffers Security Breach Exposing Customer Data

On Saturday, MongoDB announced that it is now looking into a security incident that resulted in the disclosure of customer account metadata and contact details due to illegal access to "certain" business systems. The American database software provider claimed that on December 13, 2023, it saw unusual behavior for the first time and that night, it launched its incident response operations. While noting that "this unauthorized access has been going on for some period of time before discovery," it said that it is "aware of any exposure to the data that customers store in MongoDB Atlas." It omitted information regarding the precise duration read more MongoDB Suffers Security Breach Exposing Customer Data. Get up to date on the latest cybersecurity news and enhance your&nbs...
Dollar Tree hit by third-party data breach impacting 2 million people
News

Dollar Tree hit by third-party data breach impacting 2 million people

A third-party data breach that affected 1,977,486 individuals was linked to the discount store chain Dollar Tree following the hack of service provider Zeroed-In Technologies. Discount retailer Dollar Tree runs the Dollar Tree and Family Dollar brands in 23,000 locations across the US and Canada. A security incident occurred between August 7 and August 8, 2023, according to a data breach notification that Dollar Tree's service provider, Zeroed-In, shared with the Maine Attorney General. Threat actors were able to obtain data comprising Dollar Tree and Family Dollar employees' personal information during this cyberattack. Although the inquiry was able to establish that these systems had been accessed, it was unable to verify which precise read more Dollar Tree hit by third-party data...