Tag: data breach

Thousands of Canadian Gov’t Accounts Hacked, Lessons Learned from this Attack

Thousands of Canadian Gov’t Accounts Hacked, Lessons Learned from this Attack

Information Security
Thousands of Canadian Gov’t Accounts Hacked, Lessons Learned from this Attack The Government of Canada recently confirmed that thousands of Canadian Government accounts had been hacked. In a statement issued last August 15th, the Treasury Board of Canadasaid that the attackers zeroed-in the government's GCKey system – a single sign-on (SSO) system used by 30 Canadian federal departments for the public to access different government services, including employment, citizenship, social services such as access to Covid-19 relief programs. GCKey is also used as an alternative access route to login to the Canadian Revenue Agency (CRA) systems. Credential Stuffing Attack In the August 15th statement released by the Treasury Board of Canada, out of 12 million GCKey accounts, 9,041 accounts were compromised via the cyberattack called "credential stuffing". In a credential…
Read More
Ransomware Attacks Are Now Being Reported as Data Breaches

Ransomware Attacks Are Now Being Reported as Data Breaches

Information Security
Ransomware Attacks Are Now Being Reported as Data Breaches Ransomware victims are now starting to report ransomware attacks as data breaches. Health care company Magellan Health is one of the companies that recently acknowledged that ransomware attack constitutes data breach. In May of this year, Magellan Health filed a breach notification with the office of the Attorney General of California stating that it fell victim to a ransomware attack and attackers exfiltrated a subset of data from a single Magellan corporate server. Magellan Health's notification to its customers and employees states that the notification was done "out of an abundance of caution." In April of this year, Cognizant, one of the Fortune 500 companies, admitted that its internal systems fell victim to Maze ransomware which caused service disruptions. Cognizant said,…
Read More
Marriott Discloses 2nd Data Breach in Less than 2 Years

Marriott Discloses 2nd Data Breach in Less than 2 Years

Information Security
Marriott Discloses 2nd Data Breach in Less than 2 Years Marriott International, Inc., the world's largest hotel chain, recently disclosed a second data breach in a span of less than two years. Marriott, which owns over 7,300 hotels and licenses vacation ownership resorts in 134 countries and territories, in a statement, said that it became aware of this new data breach at the end of February 2020. The company believes that this latest data breach started way back in mid-January 2020. Marriott said this latest data breach affected 5.2 million guests and the following information may have been breached: Contact details (e.g., name, mailing address, email address, and phone number); Loyalty account information (e.g., account number and points balance, but not passwords); Additional personal details (e.g., company, gender, and birthday…
Read More
Lessons from the Cloud Misconfiguration Exposing 250 Million of Microsoft Customer Records

Lessons from the Cloud Misconfiguration Exposing 250 Million of Microsoft Customer Records

Information Security
Lessons from the Cloud Misconfiguration Exposing 250 Million of Microsoft Customer Records Microsoft recently admitted that its internal customer support database was inadvertently exposed to the public as a result of a misconfiguration of the security rules of Azure – the company’s own cloud service. According to Microsoft, a change or the misconfiguration of the security rules of Azure, which led to the public exposure of the company’s internal customer support database, was made on December 5, 2019. Microsoft said this misconfiguration was corrected on December 31, 2019. The company said that the vast majority of the exposed records were cleared of personal information as the company redacts personal information using automated tools. The company, however, said that some of the exposed records weren’t redacted, such as an email address…
Read More
American Express and Yahoo Report Data Breaches Resulting in Insider Threats

American Express and Yahoo Report Data Breaches Resulting in Insider Threats

Information Security, News
American Express and Yahoo Report Data Breaches Resulting in Insider Threats Two separate data breaches on two large U.S. enterprises, American Express and Yahoo, have recently been disclosed. The data breaches were carried out, not by external actors but by employees, highlighting the risk of insider threats. Starting last September 30th, American Express has issued a "Notice of Data Breach" to an undisclosed number of customers. The company said that personal information, including full name, physical and/or billing address, date of birth, Social Security number, and current and previously issued American Express Card account number were compromised in the data breach. In the Notice of Data Breach, American Express said the compromised personal information "may have been wrongfully accessed by one of our employees". The motive of the data breach,…
Read More
Hard-Earned Lessons about Cloud Computing in the Capital One Data Breach

Hard-Earned Lessons about Cloud Computing in the Capital One Data Breach

Information Security, News
Hard-Earned Lessons about Cloud Computing in the Capital OneData Breach One of the largest-ever thefts of financial data, the data theft at Capital One, has come to light early this week. This latest data breach has given the business community many hard-earned lessons about cloud computing. Last July 29th, Capital One Financial Corporationdisclosed that on July 19, 2019, it determined that information relating to individuals who had applied for the company’s credit card and credit card products was illegally accessed. Capital One said the data theft event affected approximately 100 million individuals in the U.S. and approximately 6 million in Canada. The company said the largest category of information that was illegally accessed was information that the company collected from 2005 through early 2019, specifically personal information that the company routinely collects at the time…
Read More
Human Error Drives Cyber Insurance Claims, Data Shows

Human Error Drives Cyber Insurance Claims, Data Shows

Information Security, News
Human Error Drives Cyber Insurance Claims, Data Shows   Insurance company CFC Underwriting, which conducts business in over 80 countries, reported that human error plays a part in the vast majority of cyber insurance claims.   CFC Underwritingreported that in 2018 the company responded to over 1,000 cyber insurance claims comprised of data breaches, theft of funds, ransomware and extortion, malware and more. In Canada alone, CFC Underwriting said that 32% of cyber insurance claims were about ransomware and extortion, 24% about non-malicious data breach, 20% about malicious data breach, 9% about theft of funds, 9% about malware and 6% referring to other cyber incidents.   "Whether a business suffers a data breach, a ransomware attack, or accidentally sends money to a fraudulent bank account, human error plays a part…
Read More

Tag: data breach

Thousands of Canadian Gov’t Accounts Hacked, Lessons Learned from this Attack

Thousands of Canadian Gov’t Accounts Hacked, Lessons Learned from this Attack

Information Security
Thousands of Canadian Gov’t Accounts Hacked, Lessons Learned from this Attack The Government of Canada recently confirmed that thousands of Canadian Government accounts had been hacked. In a statement issued last August 15th, the Treasury Board of Canadasaid that the attackers zeroed-in the government's GCKey system – a single sign-on (SSO) system used by 30 Canadian federal departments for the public to access different government services, including employment, citizenship, social services such as access to Covid-19 relief programs. GCKey is also used as an alternative access route to login to the Canadian Revenue Agency (CRA) systems. Credential Stuffing Attack In the August 15th statement released by the Treasury Board of Canada, out of 12 million GCKey accounts, 9,041 accounts were compromised via the cyberattack called "credential stuffing". In a credential…
Read More
Ransomware Attacks Are Now Being Reported as Data Breaches

Ransomware Attacks Are Now Being Reported as Data Breaches

Information Security
Ransomware Attacks Are Now Being Reported as Data Breaches Ransomware victims are now starting to report ransomware attacks as data breaches. Health care company Magellan Health is one of the companies that recently acknowledged that ransomware attack constitutes data breach. In May of this year, Magellan Health filed a breach notification with the office of the Attorney General of California stating that it fell victim to a ransomware attack and attackers exfiltrated a subset of data from a single Magellan corporate server. Magellan Health's notification to its customers and employees states that the notification was done "out of an abundance of caution." In April of this year, Cognizant, one of the Fortune 500 companies, admitted that its internal systems fell victim to Maze ransomware which caused service disruptions. Cognizant said,…
Read More
Marriott Discloses 2nd Data Breach in Less than 2 Years

Marriott Discloses 2nd Data Breach in Less than 2 Years

Information Security
Marriott Discloses 2nd Data Breach in Less than 2 Years Marriott International, Inc., the world's largest hotel chain, recently disclosed a second data breach in a span of less than two years. Marriott, which owns over 7,300 hotels and licenses vacation ownership resorts in 134 countries and territories, in a statement, said that it became aware of this new data breach at the end of February 2020. The company believes that this latest data breach started way back in mid-January 2020. Marriott said this latest data breach affected 5.2 million guests and the following information may have been breached: Contact details (e.g., name, mailing address, email address, and phone number); Loyalty account information (e.g., account number and points balance, but not passwords); Additional personal details (e.g., company, gender, and birthday…
Read More
Lessons from the Cloud Misconfiguration Exposing 250 Million of Microsoft Customer Records

Lessons from the Cloud Misconfiguration Exposing 250 Million of Microsoft Customer Records

Information Security
Lessons from the Cloud Misconfiguration Exposing 250 Million of Microsoft Customer Records Microsoft recently admitted that its internal customer support database was inadvertently exposed to the public as a result of a misconfiguration of the security rules of Azure – the company’s own cloud service. According to Microsoft, a change or the misconfiguration of the security rules of Azure, which led to the public exposure of the company’s internal customer support database, was made on December 5, 2019. Microsoft said this misconfiguration was corrected on December 31, 2019. The company said that the vast majority of the exposed records were cleared of personal information as the company redacts personal information using automated tools. The company, however, said that some of the exposed records weren’t redacted, such as an email address…
Read More
American Express and Yahoo Report Data Breaches Resulting in Insider Threats

American Express and Yahoo Report Data Breaches Resulting in Insider Threats

Information Security, News
American Express and Yahoo Report Data Breaches Resulting in Insider Threats Two separate data breaches on two large U.S. enterprises, American Express and Yahoo, have recently been disclosed. The data breaches were carried out, not by external actors but by employees, highlighting the risk of insider threats. Starting last September 30th, American Express has issued a "Notice of Data Breach" to an undisclosed number of customers. The company said that personal information, including full name, physical and/or billing address, date of birth, Social Security number, and current and previously issued American Express Card account number were compromised in the data breach. In the Notice of Data Breach, American Express said the compromised personal information "may have been wrongfully accessed by one of our employees". The motive of the data breach,…
Read More
Hard-Earned Lessons about Cloud Computing in the Capital One Data Breach

Hard-Earned Lessons about Cloud Computing in the Capital One Data Breach

Information Security, News
Hard-Earned Lessons about Cloud Computing in the Capital OneData Breach One of the largest-ever thefts of financial data, the data theft at Capital One, has come to light early this week. This latest data breach has given the business community many hard-earned lessons about cloud computing. Last July 29th, Capital One Financial Corporationdisclosed that on July 19, 2019, it determined that information relating to individuals who had applied for the company’s credit card and credit card products was illegally accessed. Capital One said the data theft event affected approximately 100 million individuals in the U.S. and approximately 6 million in Canada. The company said the largest category of information that was illegally accessed was information that the company collected from 2005 through early 2019, specifically personal information that the company routinely collects at the time…
Read More
Human Error Drives Cyber Insurance Claims, Data Shows

Human Error Drives Cyber Insurance Claims, Data Shows

Information Security, News
Human Error Drives Cyber Insurance Claims, Data Shows   Insurance company CFC Underwriting, which conducts business in over 80 countries, reported that human error plays a part in the vast majority of cyber insurance claims.   CFC Underwritingreported that in 2018 the company responded to over 1,000 cyber insurance claims comprised of data breaches, theft of funds, ransomware and extortion, malware and more. In Canada alone, CFC Underwriting said that 32% of cyber insurance claims were about ransomware and extortion, 24% about non-malicious data breach, 20% about malicious data breach, 9% about theft of funds, 9% about malware and 6% referring to other cyber incidents.   "Whether a business suffers a data breach, a ransomware attack, or accidentally sends money to a fraudulent bank account, human error plays a part…
Read More