Marriott on Friday said up to 500 million Starwood properties guests' information may have been exposed in a massive data breach that began in 2014. The hotel giant joins a list of other corporations whose systems to protect their customers' personal information failed. Here is how the breach stacks up against other corporate data debacles. 1.Yahoo Verizon in 2017 said all three billion Yahoo users' data was breached in a 2013 hack, after it initially reported that just one billion accounts had been compromised. Verizon acquired Yahoo in a $4.5 billion deal that closed in June 2017 -- and said the security breach was discovered during the integration of the two firms. An investigation revealed that users' passwords in clear text, payment card data and bank information were not stolen. 2. Marriott Personal data belonging to roughly 500 million Starwood properties guests was compromised in the second-largest cyberattack on a company in history. Marriott said Friday it … [Read more...] about How Marriott’s data breach ranks among the biggest corporate data fails
Verizon data breach investigations report
Jordan Robertson and Michael Riley Bloomberg Published 1:29 PM EDT Oct 9, 2018 A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company. The security expert, Yossi Appleboum, provided documents, analysis and other evidence of the discovery following the publication of an investigative report in Bloomberg Businessweek that detailed how China’s intelligence services had ordered subcontractors to plant malicious chips in Supermicro server motherboards over a two-year period ending in 2015. Appleboum previously worked in the technology unit of the Israeli Army Intelligence Corps and is now co-chief executive officer of Sepio Systems in Gaithersburg, Maryland. His firm specializes in hardware security and was hired to scan several large data … [Read more...] about Hacked Supermicro hardware found in US telecom
Taylor Telford, The Washington Post Published 10:44 am PDT, Wednesday, August 22, 2018 File picture illustration of the word 'password' pictured through a magnifying glass on a computer screen, taken in Berlin May 21, 2013. Security experts warn there is little Internet users can do to protect themselves from the recently uncovered "Heartbleed" bug that exposes data to hackers, at least not until vulnerable websites upgrade their software. Researchers have observed April 8, 2014, sophisticated hacking groups conducting automated scans of the Internet in search of Web servers running a widely used Web encryption program known as OpenSSL that makes them vulnerable to the theft of data, including passwords, confidential communications and credit card numbers. OpenSSL is used on about two-thirds of all Web servers, but the issue has gone undetected for about two years. REUTERS/Pawel Kopczynski/Files (GERMANY - Tags: CRIME LAW SCIENCE TECHNOLOGY) less File picture … [Read more...] about 1,464 Western Australian government officials used ‘Password123’ as their password. But don’t smirk.
Dive Brief: A federal judge upheld a $4.3 million fine against the University of Texas MD Anderson Cancer Center following an investigation into three data breaches — one stolen laptop and two lost flash drives, all unencrypted — that compromised the health information of more than 33,500 people. The HHS Office of Civil Rights found MD Anderson hadn't updated its encryption policies since 2016, and encryption policies for patient data hadn't been adopted until 2011. MD Anderson called the fine "unreasonable" and, in a statement to Healthcare Dive, asserted there is "no evidence any patient information was viewed or any harm to patients was caused." The academic system will appeal the ruling. In his decision, HHS administrative law judge Steven Kessel wrote that MD Anderson's conduct was "shocking given the high risk to its patients resulting from the unauthorized disclosure of ePHI" (electronic protected health information). Dive Insight: Over half of the … [Read more...] about MD Anderson slapped with $4.3M HIPAA fine
A hacker slipped into the servers of prison technology giant Securus Technologies and exposed thousands of potentially confidential records from law enforcement agencies across the United States, including in Minnesota, according to a technology website. The compromised data included more than 2,800 user names, e-mail addresses, phone numbers, passwords and security questions — dating from 2011 to the present — of Securus law enforcement users. They were included in a spreadsheet that was shared by the hacker with Vice Motherboard. It was not immediately possible to independently verify the leak. “Most of the users in the spreadsheet are from U.S. government bodies, including sheriff departments, local counties, and city law enforcement. Impacted cities include Minneapolis, Phoenix, Indianapolis, and many others,” the website reported. Motherboard did not name the local affected agency in its May 16 report. According to its website, Securus works with … [Read more...] about Report: Tech company hack affected Minnesota law enforcement