Latest breach publications
The UK Information Commissioner’s Office responsible for enforcing compliance with data regulations has deferred £280 million in fines handed out to British Airways and Marriott Hotels for data breaches.
British Airways was landed with a record £183 million in July 2019 over a 2018 data breach that saw 380,000 customer payment cards compromised. While Marriott is facing £99 million fine, also issued in July 2019, over a data leak caused by Chinese hackers that affected around 339 million customers.
Popular virtual private network service NordVPN confirmed one of its rented data centre servers suffered a breach in March 2018.
In an announcement posted on the company’s website Monday, the VPN provider revealed an attacker accessed the server at a Finland data centre by exploiting the data centre provider’s remote management system, which the company was unaware existed.
NordVPN, which deals with highly sensitive and private activity logs, was quick to reassure its 12 million customers:
“The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either,” the company wrote.
An unencrypted Elasticsearch database containing millions of fingerprints, facial recognition information, unencrypted usernames and passwords, and personal information on employees has been discovered by researchers. The database belongs to Biostar 2, a biometric security platform recently integrated into AEOS, an access control system used by the UK Metropolitan Police.
Stockpile of Honda internal system data found on unsecured Elasticsearch database A security researcher has found an unsecured Elasticsearch database belonging to Honda Motor Company containing 134 million rows of internal network and employee computer data. Justin Paine, the researcher who discovered the database on 4 July on Shodan, said the 40GB database “appeared to… Read More
Large amount of personal data stolen in phishing attack Lancaster University has been struck by a ‘sophisticated and malicious phishing attack’ affecting the data of students and applicants, the University revealed. In a posting on its website, the University said it detected the breach on Friday and has reported the incident to law enforcement agencies,… Read More