HSBC Finance confirms data breach of mortgaged customers


In a breach notification letter sent to the New Hampshire Attorney General, HSBC Finance Corporation has revealed that sensitive mortgage information of customers of a number of its subsidiaries has been potentially compromised.

The company says that personal information of 685 New Hampshire residents, about mortgage accounts, such as customers’ names, Social Security numbers, account numbers and possibly telephone numbers, were “inadvertently made accessible via the Internet.”

HSBC said that the notice was sent by HSBC Finance Corporation on behalf of its subsidiaries regarding a breach that it learned about on March 27th.

Its subsidiaries include Beneficial Financial I Inc., Beneficial Consumer Discount Company, Beneficial Homeowner Service Corporation, Beneficial Maine, Inc., Beneficial Massachusetts, Inc., Beneficial New Hampshire, Inc., Household Finance Corporation II, Household Finance Corporation of Alabama, Household Financial Center, Inc., and Household Realty Corporation.

HSBC said that it takes the issue seriously, and deeply regrets it happening. “We are conducting a thorough review of the potentially affected records and have implemented additional security measures designed to prevent a recurrence of such an incident,” it said. “We have ensured that the information is no longer accessible publicly. The company has notified law enforcement and the credit reporting agencies of the incident, and no delay in advising you has been caused by law enforcement notification.”


HSBC said it has ensured that the information is no longer publicly available. It began notifying affected customers on April 9 by letter and it's offered customers a free one-year subscription to Identity Guard, a credit monitoring and identity theft protection service.

Slack hacked, over 100k users data compromised


Slack, a team communication tool, has suffered suffered a security breach on its central user database, potentially leaving user's login credentials in the hands of hackers.

Slack was launched in 2013 and its android application has been downloaded by more than 100,000 users so far(according to Google Play store).

The company confirmed the breach in a company blog post. The unauthorized access took place for about 4 days in February.

The database accessed by the intruders included usernames, email IDs, and  passwords(hashed). It also contained optional data added by users such as phone numbers, Skype IDs.

On the bright side, Slack didn't store the passwords in a plain-text format. The passwords have been hashed with a bcrypt and a randomly generated salt.  It does not mean this will thwart hackers from accessing your account, it will just slow down the process and give you a time to take action. And, NO Financial or payment data compromised in this attack.

In the wake of security breach, the company strengths its security for the authentication.  One of them is "2 step authentication" - a verification code in addition to your normal password whenever you sign in to Slack. Let's hope the company also fixes any other vulnerabilities in their website.

Kreditech Suspects Insider In Data Breach

Kreditech, a Germany-based  micro-loan startup is investigating a data breach of personal and financial records of thousands of its online applicants, according to Brian Krebs report.

A Web site accessible via Tor, a software that transfers  Internet traffic  to a global network of relays, included links to countless documents, drivers licenses, national Ids, scanned passports, and credit agreements taken from Kreditech’s servers.

A group of  hackers 'A4' professes to have posted the screen shots of the hundreds of gigabytes documents of Kreditech.

Kreditech head of communications Anna Friedrich said, “There is no access to any customer data. This incident stemmed from a form on our website that was stored data in a caching system that deleted data every few days. What happened was that a subset of application data was affected. We are collaborating with the police, but unfortunately there is no more further information that I have to share.”

Further adding Friedrich said that Kreditech believes the data was leaked by an insider, can be former or current employee.

Kreditech, has raised $63 million from investors since 2012. The company grant credit to applicants using traditional data scoring and social media, and provide loans  in Spain, the Czech Republic, Poland, Mexico, Australia, Russia,  Peru, the Dominican Republic and Kazakhstan.

Twitch advises users to change passwords after potential hack

Gaming video broadcaster Twitch recently announced that the site could have potentially been hacked and all users should set new passwords for their accounts on the website.

The company has given out an official statement on the matter saying that hackers could have gained access to personal account information of its users. The website has not given out any information as to how hackers accessed the user information.

Not taking any chances, Twitch has expires the passwords of all its user accounts and also accounts linked from Youtube and Twitter. The company has gone a step further and also asked users to change their similar passwords on other websites.

Twitch is also contacting users personally via email, who they think might have been directly impacted because of the potential breach. In the email (obtained from Twitter user Chris Seymour) Twitch has further stated the information of the affected users at risk.

The email read, 'We are writing to let you know that there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password, the last IP address you logged in from, limited credit card information (card type, truncated card number and expiration date), and any of the following if you provided it to us: first and last name, phone number, address, and date of birth.'

Twitch has declined to comment publicly what personal information of its users might be at risk.

Cyberattack on Premera puts 11 million users at risk

Cyberattack on Premera has potentially exposed sensitive financial and medical records of roughly 11 million of its users.

The sophisticated cyberattack has affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and its affiliate brands Vivacity and Connexion Insurance Solutions, Inc. and members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska. Even individuals who conduct business with Premera have been affected.

Premera, a leading health insurance company stores information like member or applicant’s name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information.

The attack on its IT systems was discovered on January 29, 2015, but the initial attack had occurred long back on May 5, 2014. The company kept the information under wraps in order to safeguard its users against aggravated attack from the hackers. 

Premera is working closely with Mandiant, one of the world’s leading firms in cybersecurity to investigate the case and to remove the infection caused by the attack on the systems. The Federal Bureau of Investigation who has been notified are also investigating the case.

The attack has left the attackers with a goldmine of information. Initial investigations have revealed that no data has been removed from the system or been put to inappropriate use till now. 

Premera President and CEO, Jeff Roe has issued a statement saying that the company is committed towards protection of the information of its users and as a part of the commitment, Premera will be providing two years of free credit monitoring and identity theft protection services through Experion to the affected individuals, starting March 17, 2015.

They will be contacting people only by letter and no emails or phone calls would be made asking for information. The company has warned individuals against unsolicited phone calls seeking information.

In addition Premera has also established a dedicated call center for enquiries on the matter. For users of Premera , who feel they have been affected but have not received a letter form the company by April 20, 2015 are urged to call the company at 1-800-768-5817.

Data breach of Advantage Dental


An intruder had accessed internal membership information of more than 151,000 patients of an Advantage Dental, a Redmond-based provider that serves low-income patients at more than 30 clinics in Oregon, in late February, announced on Monday.

According to the Advantage Dental, there is unauthorized access to patients’ names, social security numbers, home addresses, phone numbers, and dates of birth, but treatment details, payment or other financial data were not accessed.

A malware obtained a username and password of Advantage employee’s computer that allows access to the membership database, which is separate from the database that contains financial and treatment information.

An intruder accessed the information continuously for three days from 23 Feb to 26 Feb. Internal IT specialists of Advantage Dental terminated the illegal access immediately upon discovery. Computers equipped with anti-virus software fails to detect new variations of a virus.

No patients have complained about the data being used for criminal activity. Advantage has made necessary security changes in all its clinics, and headquarters in Redmond to avoid further data breach.

Credit Card breach at Zoup puts NEXTEP in a soup


Eating out at Zoup? Be careful while using the credit card.
Thousands may be affected by a credit card breach that originated at the popular point-of-sale vendor NEXTEP systems which serves Zoup, and many other restaurants, corporate cafeterias, casinos, airports.

The incident came to light after  sources in the financial institutions  noted that all the cards which have recently showed fraudulent activity have been used at any of the 75  Zoup outlets across northern half of the United States and Canada. Zoup, one of Nextep’s biggest customers uses Nextep’s services at all outlets.

On being contacted by KrebsonSecurity, Zoup CEO Eric Ersher referred the calls to Nextep who admitted the breach. Nextep President Tommy Woycik  however added that he believed not all customers were impacted by the breach.

The pattern of breach is similar to the ones at other fast food chains —  Dairy Queen and Jimmy Johns, reported last year. In all such cases, malware is injected at the point of sale systems, which is designed to steal data encoded onto the magnetic strip at the back of credit and debit cards. The stolen data is then used to create counterfeit cards, which are then typically used to make purchases at big-box retailers. Such stolen cards are of considerable value at the underground cybercrime stores, and each card is sold for anywhere between $20 and  $100.

It is not clear how the nextep breach occurred but if previous examples are studied, the cause might be traced to stolen credentials which were then used to remotely administer malware into the system.

Effects of breach at point of sale vendors are huge. Last year, breach at the POS vendor Signature Systems Inc affected Jimmy John sandwich shops and at least 100 other restaurants. Earlier this year, Advanced Restaurant Management Applications (ARMA) suffered from a similar breach that affected many of its client restaurants.

Historically, food institutions have been prone to these attacks.While attacks at chain restaurants can be well  detected owing to pattern originating from the  huge data collated, the magnitude of the breach also increases owing to the number of outlets it affects.

KrebsOnSecurity is currently tracking down the commonalities between the POS breaches across the country.

National Grocers investigate unauthorized access to customer payment information


The latest retailer to be hit with a data breach incident in the United States is National Grocers after sources in the financial industry confirmed to KrebsonSecurity that they had identified a pattern of fraud on debit and credit cards of customers who buy their groceries at the 93 various outlets, across 15 states, of the organic and natural grocery chain.

According to US investigative reporter, Brian Kerbs, the Point of Sale Systems (POS) were breached by the hackers at various outlets sometime in December, 2014. This was possible because of the company's weak security if its database
s.

The company said in its response that it was looking into 'a potential data security incident involving an unauthorized intrusion targeting limited customer payment card data.' The company has also not received any information of misuse of the data that has been put at risk, by and individual or financial institution. In wake of the event, the grocery chain has decide to speed up plans to install to Point of Sale systems that provide end-to-end encryption to add more layers of security to their network.


“These upgrades provide multiple layers of protection for cardholder data. The company is in the process of installing this new system at all 93 Natural Grocers stores in 15 states. The company takes data security very seriously and is committed to protecting its customers’ information. This is all the information the company is able to provide at this time, as the investigation into the incident is ongoing," the company's emailed statement concluded.

Many big retailers in the US such as Home Depot, Supervalu, Neiman Marcus and Target have been hit by hackers in recent times. The new POS systems conduct a transaction through the more secure Europay, MasterCard and Visa (EMV) standard, which is the latest technique being used to safeguard against card fraud at POS systems.

In October 2014, Obama signed an executive order for a speedier adoption of the EMV standards across USA. The federal government has been tasked with the charge of leading by example in securing customer transactions and sensitive data, throughout the whole of United States.

Cape May-Lewes Ferry Confirms Credit Card Data Breach


The Cape May – Lewes Ferry has confirmed its payment data systems were infiltrated by hackers who took payment card data on certain systems at the Cape May-Lewes Ferry’s terminals and vessels.

Delaware River and Bay Authority(DRBA) that operates the Cape May – Lewes Ferry learned of a possible data breach on July 30 - The same day Jimmy John's learned of the data breach.

The organization with the help of third-party cyber forensic experts has determined that its card processing systems relating to food, beverage , and retail sales only were compromised.

Credit and Debit card data of individuals who have made purchases from September 20, 2013 through August 7, 2014 at the Cape May – Lewes Ferry ’s terminals and vessels at risk.

The malware planted by the cyber criminals has been eliminated.  The card data accessed by the malware includes card numbers, cardholder's names and/or card expiration dates.

DRBA is offering free identity protection services, including credit monitoring to affected customers.

Jimmy Johns hit by Point of Sale(POS) Malware

Jimmy John's is the latest company hit with Point-Of-Sale(POS) information breach. 

The Illinois based sandwich shop said it learned of the hack on July 30 and immediately hired security experts to help with the investigation.

In July, Brian Krebs reported that multiple financial institutions were seeing fraud on cards that had all recently been used at Jimmy John's locations.  He also reported that the stores are using pos systems made by a third party vendor Signature Systems Inc.  At the time,  the breach was not confirmed.  After nearly two months, the company confirmed it.

According to the company's statement, hackers stole log-in credentials from its POS vendor and used them to gain access to Jimmy John's POS systems.

The Signature Systems also confirmed the breach that attackers gained access to user name and password that they used to remotely access the POS systems.

The attackers then installed a malware which is designed to capture payment card data from cards that were swiped through terminals.

The information including card number, verification code, expiration date and card holder's name are at risk. The company says the information entered online such as email ids,passwords are not affected.

The incident affected approximately 216 Jimmy John's stores.

Monsanto hacked, 1300 individuals affected

Monsanto, a chemical and agricultural biotech corporation, has admitted that hackers managed to breach the server of its subsidiary Precision planting.

The breach occurred in late March, affecting less than 1,300 customers and employees.

The affected server contained sensitive information including customer names, addresses, tax ID numbers, Social Security numbers and financial information.

The server was also used for storing Human Resources Department data which includes employee names, addresses, social security numbers and driver's license numbers of small number of employees.

The company claims that it does not believe the breach was an attempt to steal customer information.

The affected individuals are being offered one year free membership of credit monitoring and identity theft insurance. 

Spotify suffers Data Breach, You should upgrade the android app

Music Streaming Service Spotify is the latest high-profile company to report a Data breach.  Spotify has announced on its blog that it had been hacked.

According to the blog post, the breach affected only one user.  The affect user has been notified about the incident.  The company says the breach did not involve any password, financial or payment information.

"Based on our findings, we are not aware of any increased risk to users as a result of this incident." Oskar Stål, Chief Technology Officer at Spotify said in the blog post.

As an additional security measure, the company also recommends android users to upgrade their spotify application.  iOS and Windows Phone users do not need to take any actions.

"We apologise for any inconvenience this causes, but hope you understand that this is a necessary precaution to safeguard the quality of our service and protect our users." the blog post reads.

Avast community forum hacked, user names and passwords stolen

Antivirus firm Avast said it took its community forum offline following a hacking attack compromised its database.

User names, email addresses,nick names and passwords were compromised in this attack.  The breach did not involve any financial data, license or any other data.

While the passwords are hashed(SMF forum software uses SHA-1 with a salt to store passwords) , it will not take much time for a hacker to crack the hashes. The longer the password, the harder it is to crack.

According to Avast blog post, the security breach affects less than 0.2% (about 400,000) of Avast's 200 million users.

People who uses the same password on other websites are advised to change those passwords immediately. 

Until now, their forum used an open source community software called "Simple Machines Forum(SMF)".  It appears the Avast is using an outdated version of SMF.


Avast said it is now "We are now rebuilding the forum and moving it to a different software platform" which will be secure one.

eBay hacked, Encrypted passwords and non-financial data stolen


If you have an account in eBay, it is time to change your password!

E-commerce company eBay Inc urges users to change their passwords following a security breach impacting a database containing encrypted passwords and non-financial data.

The database accessed by hackers includes customers' information such as names, encrypted passwords, email IDs, birth dates and phone number.

eBay said it had found no evidence that any financial or credit card information, which is said to be stored in separate database server in encrypted format. 

The company also said a small number of employee login credentials have been stolen in the breach, which allowed intruders to gain access to its corporate network.

The company said the breach happened between late February and early March.

eBay can sent out all the "Offer" mails to users immediately...but why it is taking long to send a security warning?! Once they know the attack has happened and details have been compromised, why wait?!

Bitly website hacked, accounts credentials compromised


Bitly(bit.ly), the Popular URL shortening service, has issued an urgent security warning about a security breach that exposed account's credentials.

The company says they found no evidence suggesting that any accounts have been accessed by the intruders.  However, as a precaution, the company has disconnected users' facebook and twitter accounts.

"We invalidated all credentials within Facebook and Twitter" the blog post reads.

Although the social media accounts appear to be connected with bitly account,  users won't be able to publish anything until they reconnect the accounts. 

Users are advised to take the following steps to reset their OAuth tokens and API Keys:

1) Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.

2) At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’

3) Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.

4) Go to the ‘Profile’ tab and reset your password.

5) Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’
Bitly says "they have already taken proactive measures to secure all paths that led to the compromise". 

Eircom recommends customers to change password after detecting Intrusion

Eircom, an Ireland Based Telecommunications company, has apologized to its users after it was forced to shut down its email service on Wednesday, after detecting an unauthorized access to the email system.

"we took immediate steps to lock down our email service and eliminate any threat to our 350,000 eircom.net email users" The company said.

The company said they found no evidence suggesting that the Inruders have gained access to any other systems or services including customer data.

They also recommend their customers to change their email accounts passwords and on a regular basis in the future.  If you have used the same password anywhere else, it is better to change their also.

After implementing a number of system modifications, access to eircom.net email had been fully restored.

The company said it is still trying to find out the cause of intrusion and had alerted relevant bodies including the Office of the Data Protection Commissioner.

AOL security breach affects a significant number of users


Over the past few days, a large number of AOL users reported of being victim to Email Spoofing attacks -- Recipients received emails purportedly from their friend's email ID containing links to spam web pages. 

Today, AOL said it had launched an investigation into the security breach that allowed hackers to access its users' data including email IDs and encrypted passwords.

The company said it is working with cyber forensics experts and federal authorities to investigate the security breach.

AOL have determined that the following information have been accessed by intruders : Email IDs, postal addresses, address book contact info, encrypted passwords and encrypted answers to security questions and certain employee info.

AOL said it has no information indicating that the encryption on passwords or answers to security questions was broken.  Also they believe this breach doesn't involve any financial data.

AOL suggest users to change their password as well as security questions.

Michaels confirms security breach affecting 2.6 Million cards

After over two months of investigation, Michaels stores has finally confirmed the payment card data breach affecting approximately 2.6 million cards.

The compromised data includes Payment card information such as numbers and expiration date for the payment cards.  However, there is no evidence that other data such as names, PINs,addresses have been accessed.

The data breach occurred between May 8, 2013 and January 27, 2014.  The company said only a small percentage of cards(7%) used at Michaels stores during this period were impacted by this breach.

The company is offering one year free credit card monitoring.  After receiving limited reports of fraud,  the company is also offering one year free identity protection and fraud assistance services.

The location of affected stores and dates of exposure are listed here.

Aaron Brothers, one of the subsidiaries of Michaels stores, was also attacked by criminals.  The breach which took place between june 26,2013 and Feb 27,2014 have affected approximately 400,000 cards.

"We have now identified and fully contained the incident, and the malware no longer presents a threat while shopping at Michaels or Aaron Brothers" The retailer said they have removed the malware in question. 

Details of Over 480,000 people stolen from The Harley Medical Group


Hackers breached the server of an UK Plastic & Cosmetic Surgery company The Harley Medical Group and compromised personal details of over 480,000 people.

The individuals who have submitted their data via an initial inquiry form on the company's website were affected by this breach.

The information accessed by attackers include the names, email IDs ,date of birth, addresses and phone numbers , according to Hot For Security.  No clinical or Financial information has been accessed by attackers.

The company said it believed the attack was an attempt to extort money from the company.

"We have informed the police and will continue to provide whatever assistance they may require to track down the perpetrator of this illegal act" Harley chairman Peter Boddy said in the letter.

LaCie Security Breach went unnoticed for a Year


If you used a credit or debit card to purchase electronic items at LaCie's website last year, you may want to eagle-eye your card statements.

LaCie, French Computer Hardware company specializing in external hard drives, announced that it fell victim to a security breach that put customers' personal information and financial information at risk.

The company says cybercriminals used malware to infiltrate their website.  After getting notification from FBI on March regarding the breach, LaCie hired cyber forensic investigation firm.

Customers who made transactions between March 27,2013 and March 10,2014 were affected by this data breach.

According to an incident notification, customers' usernames, passwords, names, addresses, email IDs, credit and debit card information are all at risk.

Customers' passwords have been reset. e-commerce portion of the site has temporarily been disabled while the company "transition to a provider that specializes in secure payment processing services".