data security

Major data breach hits Oracle’s MICROS point of sale platform

Oracle has suffered a major data breach affecting its MICROS POS payments systems.  The hack involved malicious code found on MICROS customer service systems.  The malware allowed hackers to access customer login information.   Early indications are that the attack originated in Russia. Oracle believes that individual transaction data was not compromised, but it is [...]

By |2017-11-18T15:32:37-05:00August 10th, 2016|data breach, data security, MICROS, Oracle|0 Comments

Possible massive Yahoo data breach includes userids, passwords and birthdates

Yahoo is investigating the claims of a hacker that 200 million+ Yahoo account credentials and personally identifiable information have been backed and are for sale on the dark web.  The hacker, who claims to also be associated with recent LinkedIn and MySpace data breaches, stated that the data is "most likely" from 2012. The hacker, [...]

By |2017-11-18T15:32:37-05:00August 3rd, 2016|data breach, data security, Yahoo|0 Comments

Small inexpensive device can hack mag card readers

Computerworld published an article describing a tiny device that can wirelessly hack point of sale and other magnetic-stripe based systems by sending malicious keyboard commands using a design vulnerability in those systems.  Apparently a hotel room lock could be hacked within 18-30 minutes using the device. The device was inspired by "MagSpoof" which is a device that can [...]

By |2017-11-18T15:32:37-05:00August 3rd, 2016|data security, EMV|0 Comments

Reports: Counterfeit card fraud down as card-not-present and identify fraud spike

It is a long-established fact that fraudsters follow the path of least resistance.  Recent statistics back this up. CardNotPresent points out that according to the Card Fraud Control Benchmark Study from Auriemma Consulting Group, counterfeit card fraud dropped by 18% in the first quarter, largely due to the continuing rollout of EMV which requires multifactor authentication.  The [...]

Resold/Repurposed computers and hard drives can be a rich source of confidential data for fraudsters

Data security firm Blancco Technology Group recently conducted an experiment whereby they purchased 200 used data drives, then conducted a forensic analysis to determine whether they contained confidential/personally identifiable information. The result?  67% contained personal information and 11% contained sensitive business data including emails, spreadsheets, social security numbers, strategic and planning information, and inventories.  36% showed [...]

By |2017-11-18T15:32:39-05:00June 29th, 2016|data breach, data security|0 Comments

MySpace data hack could be largest yet

MySpace announced this week that it was the target of a data hack, potentially involving 360 million accounts and over 400 million passwords.  (Editorial comment: who knew that MySpace was still that relevant?) Most of the hacked credentials were created before 2013, giving some hope that the passwords are stale because they have been changed [...]

By |2017-11-18T15:32:39-05:00June 1st, 2016|data breach, data security|0 Comments

Karma?: Hacker forum hacked

Nulled, a web community used by hackers to discuss their activities and market stolen data, has been hacked itself.   The website indicates it is "temporarily down for unscheduled maintenance". Apparently the hacked information includes data on more than 400,000 users, purchase records of stolen information, and thousands of posts providing details about potentially illegal [...]

By |2017-11-18T15:32:40-05:00May 17th, 2016|data breach, data security|0 Comments

Anatomy of a data breach: how common productivity tools exposed sensitive government data

The popular productivity tool Slack allows teams to collaborate, communicate and share information.  According to Slack's website, "everyone has a transparent view of all that's going on".  But when Slack is integrated with file management tools like Google Drive, sensitive data can be exposed. That's exactly what happened in a recent incident within the U.S. General Services Administration [...]

By |2017-11-18T15:32:40-05:00May 16th, 2016|data breach, data security, Google|0 Comments

Millions (or is that billions?) of login credentials hacked, setting the stage for increased identity theft, data breaches and system intrusions.

Initially reported by Hold Security's Alex Holden and expanded by Reuters, a Russian hacker claims to be in possession of over 1 billion account credentials including Google, Hotmail and Yahoo accounts.  If true, this would likely be the largest user credentials breach in history.  Google, Yahoo and the other providers are investigating but have not yet commented on [...]

By |2017-11-18T15:32:41-05:00May 5th, 2016|data breach, data security|0 Comments

April has been a tough month for data breaches. New report finds 85% of successful exploits are related to ten preventable vulnerabilities.

April is shaping up to be a big month for data breach revelations.  High profile incidents include the BeautifulPeople dating site (1.1 million users compromised), Lifeboat gaming site (7 million accounts),  essential oils seller doTerra (3 million customers) and Spotify (extent unknown), to name a few. The consequences are getting higher:  states including Tennessee and Nebraska are [...]

By |2017-11-18T15:32:41-05:00April 27th, 2016|data breach, data security|0 Comments