Data loss

Marriott warns of hack. 500 million Starwood hotel guests’ personal data could be exposed

There’s bad news if you’re one of the 500 million hotel guests whose data was included on the Starwood guest reservation database.


2 min read

Dell suffers security breach, reset customer passwords (but didn’t tell customers why until now)

Dell has revealed that earlier this month it discovered that hackers had breached its security and were attempting to access customer details – including names, email addresses, and hashed passwords.


1 min read

More details on One Planet York app vulnerability don’t paint council in a good light

New information has come to light which makes it more difficult to defend York city council’s actions and communications in response to being told about a vulnerability in its One Planet York app.


1 min read

Did UK city council over-react to a vulnerability report in its recycling app or not?

Some in the computer security community feel that the council over-reacted by reporting the incident to the police.

I’m not so sure.


2 min read

Amazon warns customers it leaked their names and email addresses

What aren’t you telling us Amazon, and why?


1 min read

High Tail Hall data breach exposes over 400,000 furry fans

An online fantasy role-playing game where participants can dress up as buxom furry animals has had its user database leaked onto the internet.


1 min read

bitdefender.com

Two friends jailed for TalkTalk hack plot

Judge describes men connected to TalkTalk hack as “individuals of extraordinary talent.” Sigh…

Read more in my article on the Hot for Security blog.


0 sec read

Vision Direct hack reveals customer credit card details

Criminals planted credit-card skimming code on Vision Direct online store.


1 min read

Radisson Hotel Group reveals breach of rewards site

If you’ve stayed in one of the over 1400 hotels in 70 countries that make up the Radisson Hotel Group, you could be in for a rude awakening.


1 min read

Eurostar resets customers’ passwords after accounts breached

If you’re one of the millions of people who travels under the English Channel each year, then there’s a good chance you may have to change your password for the Eurostar website.


1 min read

Smashing Security #102: Ethical dilemmas, Girl Scouts, and porn-loving US officials

Who deserves to die in a driverless car crash? Who has been sniffing around the Girl Scouts’ email account? And just how long would it take for a geologist to visit 9,000 adult web pages?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist and “Friends” fan Dan Raywood.


1 min read

Post-breach, Cathay Pacific hit by group action by UK law firm

Fresh from launching a £500 million group action against British Airways after a serious security breach, a UK law firm has wasted no time responding to the announcement last week of a hack at Cathay Pacific which saw the personal data of 9.4 million Cathay Pacific passengers breached.


1 min read

British Airways hack is worse than originally thought

A deeper investigation has revealed that hackers were stealing information for much longer than initially thought, and an additional 185,000 British Airways customer payment cards were compromised.


1 min read

tripwire.com

Hackers steal personal data of up to 9.4 million Cathay Pacific passengers

Most people in the world would describe it as a company “admitting they’ve been hacked.”

But if you’re the breached company and want to apply the maximum amount of PR spin, you might instead issue a release saying you’re “announcing a data security event affecting customer data.”

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #101: Rule 34, Twitter scams, and Facebook fails

A Facebook friend request leads to arrest, Twitter scams ride again via promoted ads, and adult websites expose their members. Oh, and Graham finds out what Rule 34 is.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.


1 min read

bitdefender.com

Supermarket told it must compensate 100,000 workers after payroll data deliberately leaked by rogue employee

Morrisons didn’t know it, but in 2014 it had a huge problem.

The UK’s fourth largest supermarket chain, with over 500 stores, had a disgruntled member of staff who had access to sensitive data, such as the payroll information of 100,000 current and former employees.

Read more in my article on the Bitdefender Business Insights blog.


0 sec read