Archives: Data Breach

Subscribe to Data Breach RSS Feed

DocuSign Breach Leads to Email Malware Campaign Requesting Wire Transfers

Electronic signature technology company DocuSign has admitted that it suffered a breach of one of its computer systems resulting in stolen data including customer and user email addresses. The breach has allowed the hackers to target DocuSign customers and users to send phishing emails requesting wire transfers. This is particularly concerning since so many companies … Continue Reading

Brooks Brothers Reports Payment Card Data Breach

A lawyer’s nightmare: retailer Brooks Brothers announced late last week that it has become the newest retailer to suffer a payment card data breach. According to Brooks Brothers, which is calling it a “data incident”, payment card information from certain locations of Brooks Brothers and Brooks Brothers outlets in the United States and Puerto Rico … Continue Reading

DarkOverlord Allegedly Hits Netflix and Releases “Orange Is The New Black” Episodes

We have previously reported about the activities of The DarkOverlord [view related post] It is now being reported that a hacker and/or hacking group known as The DarkOverlord announced on Twitter over the weekend that it has absconded with 10 episodes of Netflix’s “Orange Is The New Black” series and has released several upcoming episodes … Continue Reading

Hacker Hits HipChat—Reset Passwords

An unknown intruder was able to access team communication platform HipChat last weekend, allowing access to the account information of users, including email addresses, hashed passwords and names. There is also a chance that actual room metadata, which includes the room name and room topic, may have been compromised. The cyber-attacker was able to access … Continue Reading

Home Depot Agrees to Settle Data Breach Shareholders’ Suit

In a surprise move late last week, Home Depot has agreed to settle a shareholders derivative suit filed against current and former members of the Board of Directors and the Chief Executive Officer and Chief Information Officer (CIO) following a massive data breach that occurred in 2014. The shareholders allege that former and current board … Continue Reading

Eight Thousand Clients Affected by Data Breach at Two Massachusetts Accounting Firms

Two Massachusetts accounting firms separately recently notified the Office of the Massachusetts Attorney General and the Office of Consumer Affairs and Business Regulation of data breach incidents at their firms, resulting in the unauthorized access of their respective clients’ names, addresses and Social Security numbers. The first accounting firm, King McNamara Moriarty LLP (KMM) discovered … Continue Reading

InterContinental Hotels Group Reports Credit Card Breach

InterContinental Hotels Group (IHG) has reported a data breach of its payment card processing system. The breach involves malware that infected certain locations between September 29, 2016, and December 29, 2016. The malware lifted customers’ names, credit card numbers, expiration date and the security codes of credit cards used at certain locations during that time … Continue Reading

March Sees an Uptick in Health Data Breaches

The monthly breach report issued by Protenus last week outlining data breaches that occurred in the month of March concludes that there was an “uptick in the number of health data breach incidents.” According to the report, there were 39 incidents last month that involved health information, compromising 1.5 million patient records. A whopping 44 … Continue Reading

GameStop Investigating Data Breach of Credit Card Information

Brian Krebs broke the story that GameStop was investigating a possible data breach affecting customers’ credit card information. This week, GameStop confirmed that it is investigating the possible compromise of credit card information from September 2016 through February 2017. The information that may have been compromised includes customers’ names, card numbers, expiration dates, and the … Continue Reading

Job Seekers Beware! Data Hacked for up to 1.4 Million Illinois Residents Receiving Unemployment Benefits

The Illinois Department of Employment Security has revealed that somewhere between 1.2 million and 1.4 million Illinois residents who have received unemployment benefits from the State of Illinois have had their names, dates of birth and Social Security numbers compromised through a hacking of its vendor’s database. The residents are those seeking jobs and using … Continue Reading

McDonald’s Canada’s Job Site Hacked

McDonald’s Canada has shut down its careers webpage following a breach that occurred in mid-March. A hacker gained access to the jobs section of its website and compromised the personal information, including names, addresses, telephone numbers, employment histories and other job application information of approximately 95,000 individuals. McDonald’s Canada has notified the privacy commissioners in … Continue Reading

Wendy’s Successful in Trimming Data Breach Class Action Suit But No Dismissal

We have previously discussed the class action case filed against Wendy’s as a result of a data breach [view related post]. The case was initially dismissed based upon lack of standing, but the plaintiffs were given the opportunity to amend the Complaint. After the filing of the Amended Complaint, Wendy’s filed a Motion to Dismiss. … Continue Reading

Neiman Marcus Settles Data Breach Class Action Case for up to $1.6 Million

We have followed the Neiman Marcus case from the moment the data breach was announced [view related posts here, here, and here]. After winding through the judicial system, Neiman Marcus has agreed to settle, and the plaintiffs have requested that the Judge approve the proposed settlement, reached after mediation proceedings. The settlement includes a payment … Continue Reading

Air Force Security Clearance Files Compromised on Unsecured Backup Drive

Security researchers have discovered that an unsecured backup drive has compromised thousands of U.S. Air Force documents, including personnel files and sensitive forms filled out by senior and high-ranking officials. These files were openly accessible because they were located on a backup drive connected to the internet wasn’t password protected. The compromised files include the … Continue Reading

Cardiology Group Hard Drive Stolen

Denton Heart Group, located throughout Dallas, has notified 21,665 patients that their protected health information has been compromised as a result of the theft of a hard drive from a locked closet. The hard drive that was in the closet contained the group’s backup data from the practice’s electronic health system—which included apparently of all … Continue Reading

Home Depot Settles with Financial Institutions

A federal judge has preliminarily approved a proposed settlement of $25 million between Home Depot and financial institutions that issued payment cards that were affected by the Home Depot data breach in 2014. This proposed settlement amount is in addition to the $140 million settlement with other payment card issuers such as American Express and … Continue Reading

West Virginia University Medicine University Healthcare Patients Victims of Identity Theft

West Virginia University Medicine University Healthcare (WVUM) has confirmed that it is sending notification letters to over 7,400 of its patients seen at Berkeley Medical Center as a result of an unauthorized access to their information. It further confirmed that 113 of its patients have become the victims of identity theft as a result of … Continue Reading

Verifone Investigating Breach of its Internal Corporate Network

Verifone, the largest maker of credit card point of sale terminals in the U.S., which assists various industries, including retailers, with credit and debit card swipe and process services, has affirmed that it is investigating a breach of its internal corporate network. According to Verifone’s CIO, it is “investigating an IT control matter in the … Continue Reading

Data Breach Involving CloudPets “Smart” Toys Raises Internet-of-Things Security Concerns

On February 27, 2017, news reports disclosed a major security breach involving Spiral Toys, the seller of the CloudPets brand of internet-connected stuffed animals. The Bluetooth-connected CloudPets toys allow users to exchange voice messages between the toys and applications on smartphones or tablets. An investigation by cybersecurity researcher Troy Hunt revealed that customer data for … Continue Reading

Vanderbilt University Medical Center PHI Breached by Patient Transporters

Vanderbilt University Medical Center (VUMC) has announced that it will be sending breach notification letters to over 3,000 patients as a result of unauthorized access to PHI by two patient transporters. According to the announcement, VUMC audited its medical records (as it is required to do by  HIPAA), and found that two individuals who worked … Continue Reading

American Senior Communities Suffers W-2 Scam

W-2 phishing schemes continue to be a problem for companies in every industry. Last week, American Senior Communities based in Indiana announced that one of its employees was scammed through a phishing email and thereafter sent over 17,000 employees’ W-2 forms to the fraudulent emailer. Unfortunately, the scam was not discovered until a month after … Continue Reading
LexBlog