Microsoft recently reported that suspected Chinese nation-state actors have exploited a flaw in Exchange that has given them access to data and/or email accounts. According to estimates 30,000 or so customers and 18,000 servers were affected. This flaw impacts a broad range of customers, from small businesses to local and state governments and some military…
Spotify has returned for another appearance with a credential stuffing disaster eerily similar. This time, data of approximately 100k users appeared in an Elasticsearch instance spotted by researchers. This is distinctly different data than the load that researchers discovered in November 2020. Here’s the full story
The UK Research and Innovation (UKRI) agency is now researching a ransomware incident that encrypted data and impacted its proprietary services. The impacted services include a service offering information to subscribers and the platform for peer review of various parts of the agency. The agency has not yet disclosed if data was stolen or any…
Nissan North America recently suffered a data breach that resulted in source code for its mobile apps and internal tools turning up online. The data leak is reportedly the result of a misconfigured Git server. The source code, as reported by a security researcher, pertains to Nissan NA Mobile apps, some parts of the Nissan…
The Reserve Bank of New Zealand (RBNZ) announced that it has experienced a data breach as a result of an unauthorized access incident at a third-party file-sharing service used by the bank to share and store some sensitive information. The nature and extent of information that has been potentially accessed is still being determined. Here’s…
T-Mobile has found itself embroiled in a “malicious hacking incident” that has resulted in data exposure for an estimated 200,000 clients. The company said in a statement that Customer proprietary network information (CPNI) was accessed and may have included phone numbers, the number of lines on the account and call-related information. Here’s the full story
South Country Health Alliance, a county-owned health plan based in Owatonna, MN, experienced a data breach after a successful phishing attack let cybercriminals access the protected health data and personal information of more than 60K members. The incident has been under investigation since the attack was first confirmed in September 2020, and the filing made…
Human error is the culprit in a data breach at a British tax relief advisory service. The error left the personally identifiable information of 100,000 clients exposed after it misconfigured its WordPress CMS, leaving a directory listing of PDF documents available for public view, with no password protection. Here’s the full story
A ransomware incident led to shutdowns and slowdowns across Netgain’s data hosting environment. The company was forced to completely shut down all systems on 12/4 for containment and remediation. Service has been restored to customers but they may still experience performance issues. Here’s the full story
