fbpx

Download free GDPR compliance checklist!

Tag Archives for " data breach "

26 million LiveJournal credentials leaked online, sold on the dark web

LiveJournal credentials were obtained in a 2014 hack, but leaked online earlier this month.

According to Have I Been Pwned (HIBP), the data contained the usernames, emails, and plaintext passwords of 26,372,781 LiveJournal users. LiveJournal users can visit the HIBP portal and check if their credentials have been included in the data trove stolen by hackers back in 2014. Even if the LiveJournal database is old, has circulated in private, and has been abused for years, this doesn’t mean users should slack on their personal security.

Source: 26 million LiveJournal credentials leaked online, sold on the dark web | ZDNet

Equifax agrees to spend over $30 million to settle claims over 2017 data breach

Equifax has agreed to a proposed class action settlement with financial institutions over its 2017 data breach that affected roughly 147 million people in the U.S.

The company will pay up to $5.5 million for class members and commit to spending at least $25 million on data security measures over a two-year period under the proposed deal, according to the unopposed motion for preliminary approval of the settlement.

Source: IN BRIEF: Equifax agrees to settle financial institutions’ claims over 2017 data breach – Reuters

EasyJet faces £18 billion class-action lawsuit over data breach

UK budget airline easyJet is facing an £18 billion class-action lawsuit filed on behalf of customers impacted by a recently-disclosed data breach.

The lawsuit has been filed in the High Court of London on behalf of customers. According to the firm, easyJet’s data breach took place in January 2020, and while the ICO was apparently notified at this time, customers were not informed until four months later. The lawsuit aims to secure up to £2,000 per impacted customer.

Source: EasyJet faces £18 billion class-action lawsuit over data breach | ZDNet

Hacker Selling 80,000 Users’ Data Stolen From Cryptocurrency Wallets

A hacker who was behind the cyber attack on Ethereum.org is now selling data tied to key cryptocurrency wallets like Keepkey, Trezor, Ledger and online investment platform Bnktothefuture. The hacker has three large databases with information pertaining to at least 80,000 customers. This includes the customer’s email address, name, phone number, residential address and other data.

“The hacker doesn’t seem to have any passwords, but is offering detailed information that was stolen from an alleged Shopify breach like email addresses, home addresses, and phone numbers,” reports Bitcoin News.

Source: Hacker Selling 80,000 Users’ Data Stolen From Cryptocurrency Wallets

Over 190 Law Firms Affected by Advanced Data Leak That Exposed Over 10,000 Legal Documents

A leading UK software company exposed personal information and legal documents belonging to over 190 law firms through a data leak from an unsecured online database.

The information exposed by the data breach included details belonging to the staff of the law firms. The information uncovered in the data leak could be deemed sensitive or special and included details such as hashed passwords, legal documents, passport numbers, mother’s maiden name, and eye colors. The law firms affected had both their “primary” and “form” data leaked.

Source: Over 190 Law Firms Affected by Advanced Data Leak That Exposed Over 10,000 Legal Documents – CPO Magazine

Hacker leaks 40 million user records from popular Wishbone app

A hacker has put up for sale the details of 40 million users registered on Wishbone, a popular mobile app that lets users compare two items in a simple voting poll. Later Wishbone user database has leaked in full, being offered as a free download on one of the hacking forums it was being sold on.

A well-known hacker known as ShinyHunters has taken credit for hacking the company. According to the seller’s claims and a sample of the data published online, the Wishbone data includes user information such as usernames, emails, phone numbers, city/state/country, but also hashed passwords.

Source: Hacker leaks 40 million user records from popular Wishbone app | ZDNet

REvil Ransomware found buyer for Trump data, now targeting Madonna

REvil ransomware group claims to have buyers ready for documents containing damaging information about US‌ President Donald Trump and is preparing to auction data on international celebrity Madonna.

The hackers breached the network of Grubman Shire Meiselas & Sacks (GSMLaw), a law firm representing a huge number of A-list celebrities, stealing everything they considered of value before encrypting the data.

Source: REvil Ransomware found buyer for Trump data, now targeting Madonna

First GDPR fine issued in Ireland

Eilis McDonald & John Magee Tusla, Ireland’s child and family agency, has become the first organisation fined under the GDPR in Ireland. The Irish Data Protection Commission (DPC) filed papers in the Circuit Court on Friday to confirm the €75,000 fine against the Agency.

Tusla collects and processes highly sensitive, often special category data concerning children, vulnerable women and families across Ireland. The DPC reported three separate statutory inquiries into Tusla in respect of a number of breaches which had been reported to it since May 2018. The breaches included various instances of inappropriate system access, accidental and inappropriate disclosure of personal data by email and unauthorised disclosure of data.

Source: IRELAND: First GDPR fine issued in Ireland

EasyJet announces cybersecurity incident affecting 9 million clients

EasyJet announced that it had been “the target of a cybersecurity attack from a highly sophisticated source”.

EasyJet stated that its investigation found that the email addressess and travel details of approximately 9 million customers, as well as the credit card details of 2,208 customers, were accessed. Customers whose travel details were accessed are being advised of protective steps to minimise any risk of potential phishing and unsolicited communications.

Source: Notice of cyber security incident

Austrian ministry could face GDPR penalty after publishing personal data online

Austrians’ personal data has been publicly accessible on the Ministry of Economy’s website since 2009. One could simply go to the website, enter a name in the search field and find a person’s address and date of birth, as well as the date of tax returns.

The liberal party NEOS and NGO epicenter.works call it the “biggest data protection scandal of the Second Republic.” NEOS is considering legal action and a GDPR expert thinks it could be successful.

Source: Austrian ministry could face GDPR penalty after publishing personal data online – EURACTIV.com

1 2 3 40
>