U.S. Bank notified some customers on Friday that their personal information was accidentally shared by a third-party vendor, according to letters posted to the California Attorney General's website. On Sept. 27, a third-party collections recovery group accidentally shared the names, addresses, Social Security numbers, birthdays, closed account numbers and outstanding balances of about 11,000 customers, a U.S. Bank spokesperson told Banking Dive. READ MORE...
The U.S. Federal Trade Commission (FTC) has sued education technology company Chegg after exposing the sensitive information of tens of millions of customers and employees in four data breaches suffered since 2017. The agency's proposed order would require Chegg to shore up data security, implement multifactor authentication (MFA) to help users secure their accounts, limit collected and stored customer data, and allow customers to access and delete their data. READ MORE...
Readers will recall that cloud communications firm Twilio disclosed on August 7 2022 that hackers had accessed user data following a sophisticated social engineering attack that saw employees targeted with SMS-phishing ("smishing") text messages. Attackers sent current Twilio staff and former employees SMS text messages that purported to come from the company's IT department, telling them that their passwords had expired. READ MORE...
Bed Bath & Beyond revealed last week in an SEC filing that it recently suffered a data breach after an employee fell victim to a phishing attack. Only few details have been shared by the retailer as the investigation is ongoing. The company explained that it became aware of unauthorized access to some data after an employee was targeted in a 'phishing scam' in October. READ MORE...
Label printing giant Multi-Color Corporation (MCC) has started informing employees that their personal information might have been compromised in a recent cyberattack. A global supplier of premium label solutions, MCC operates roughly 100 label producing operations and has approximately 10,000 employees. MCC provides label solutions to organizations in the automotive, beverage, chemicals, food, healthcare, technical, and other industries. READ MORE...
Patients of Dutch mental health clinics are being warned that their personal records have fallen into the hands of hackers following a security breach at an online portal that "guaranteed" their privacy. Netherlands-based technology company Nedap disclosed on 25 October a hacking incident of its Carenzorgt.nl portal, used by thousands of healthcare institutions throughout the country to share digital health records and personal data. READ MORE...
Searching for 'GIMP' on Google as recently as last week would show visitors an ad for 'GIMP[.]org,' the official website of the well known graphics editor, GNU Image Manipulation Program. This ad would appear to be legitimate as it'd state 'GIMP[.]org' as the destination domain. But clicking on it drove visitors to a lookalike phishing website that provided them with a 700 MB executable disguised as GIMP which, in reality, was malware. READ MORE...
A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon, a popular "malware-as-a-service" offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion. READ MORE...
An Experian product that allows organizations to verify customers' identity could be exploited to expose partial Social Security numbers, a researcher found through testing several organizations that use the product. The researcher, who asked to be identified only by the online handle Lucky225, first detailed the security issue in a September Medium post after finding it when trying to register for the Pacific Gas and Electric Company. READ MORE...
IT management software provider ConnectWise on Friday announced updates that patch a critical vulnerability which, according to cybersecurity professionals, exposes thousands of servers to attacks. The flaw, described as "improper neutralization of special elements in output used by a downstream component", affects the ConnectWise Recover backup and disaster recovery product (v2.9.7 and earlier), and the R1Soft server backup manager (v6.16.3 and earlier). READ MORE...