Russian Hacking Group Targets The German Government’s Internal Communications Network

An infamous Russian hacking group known as Fancy Bear, or APT28, is by and large broadly considered responsible on account of a security breach in Germany's defence and interior ministries' private networks as affirmed by a government spokesman.

It is said to be behind the reprehensible breaches in the 2016 US election likewise including various cyber-attacks on the West. The group is accounted for to have targeted on the government's internal communications network with malware.

As per the reports by the DPA news agency the hack was first acknowledged in December and there may have been a probability of it lasting up to a year.

"We can confirm that the Federal Office for Information Security (BSI) and intelligence services are investigating a cyber-security incident concerning the federal government's information technology and networks," a German interior ministry spokesman said on Wednesday.

The group apparently hacked into a government computer system particularly intended to operate separately from other open systems i.e. public networks to guarantee additional security known as the "Informationsverbund Berlin-Bonn" (IVBB) network. The framework is utilized by the German Chancellery, parliament, federal ministries and a few security institutions.

Fancy Bear, also called Pawn Storm, is believed to run a global hacking campaign that is ", as far-reaching as it is ambitious" as indicated by a report by computer security firm Trend Micro.
Palo Alto Systems, a cyber-security firm, on Wednesday released a report saying that Fancy Bear now gives off an impression of being utilizing malevolent emails to target North American and European foreign affairs officials, incorporating a European embassy in Moscow.

"Pawn Storm” was even reprimanded for a similar attack on the lower house of the German parliament in 2015 and is likewise thought to have targeted on the Christian Democratic Union party of Chancellor Angela Merkel.

Authorities in the nation issued rehashed notices about the capability of "outside manipulation" in a last year's German election.

The hacking bunch has been linked to the Russian state by various security experts investigating its international hacks and is additionally known by certain different names including CozyDuke, Sofacy, Sednit and Tsar Group.

Hacker breaks into Telangana’s TSPost website, exposes flaw

Indian government sites are often criticized for their lack of cyber security and safety of people’s information. Pointing out a flaw in Telangana government’s NREGA portal, French hacker and independent security researcher Robert Baptiste hacked into the state government’s website.

He reportedly contacted the site owners regarding the issue and after receiving no response for some time, published his results on social media.

The website ( was vulnerable to one of the most basic web hacking technique, an SQL injection. It has now gone offline in the wake of this news.

“A basic SQL injection allows an attacker to access the database of the website,” Robert said. “To be clear, all the data on this website can be a dump. Telangana government officials say they are working to fix it. For this website, they have to hire decent web developers to protect it from attacks.”

TSPost, Telangana’s government benefit disbursement portal, contained the account details and Aadhaar numbers of over 56 lakh NREGA beneficiaries and 40 lakh beneficiaries of social security pensions.

Using the SQL injection, Robert was able to access not just the Aadhaar and account details from the website but also the API keys of UIDAI’s Aadhaar database, the access of which can enable anyone capable enough to make a fake Aadhaar app that could be uploaded to Google Playstore for malicious use.

This is one of the many cases pointing out how vulnerable the Aadhaar system is to hacking and security breaches.

Unknown Hackers demand Ransom in Bitcoin

Recently the news came out of a ransomware attack in Old Delhi after three of the hacked victims came forward to uncover more about the attack. The victims i.e. the traders were demanded ransom in Bitcoin from the unknown hackers.

Although it is believed that the hackers are supposedly from either Nigeria or Pakistan, they were responsible for encrypting files on the computers of the businessmen which comprised of key records. The hackers at that point, as indicated by the police coerced the victims, gave them the links to purchase bitcoins through which they needed to make payments for the release of critical documents.

 “Some traders paid in Bitcoins and got their data back. Some deposited the money from abroad. When my data was hacked, I spoke to fellow traders and learnt that there were other such cases. I wrote to the hackers and they agreed to decrypt the files for $1,750 (around Rs 1.11 lakh),” Mohan Goyal, one of the victims was quoted saying in the report.

According to reports, the hacked traders found the message that said there was a 'security issue' in the system displayed on their computers. The traders were then given case numbers and email addresses for correspondence. They were then at first offered decryption of five of their documents and files for free by the hackers, who later demanded the payment of ransom for the rest of the records.

While one of the IP address utilized by hackers was purportedly traced back to a system in Germany, but the fingers remain pointed towards hackers from Nigeria and Pakistan.

Experts say that for making it difficult to trace the money, getting the money in bitcoin works for the hackers. The Delhi crime branch which registered the FIR has already sent the hard disks of the complainants for further forensic tests. As of not long ago, three complaints already have been registered by the police and it is believed that the number of victims could be much higher.

Larceny of $70 million from the largest crypto-mining marketplace

The notice announcing "service unavailable" as well as an official press release was displayed on the website of the Slovenian digital currency mining firm NiceHash, which it said endured a hack of its Bitcoin wallet on the seventh of December.

 In a video update that streamed live on Facebook, the CEO and co-founder Marko Kobal provided an update to a rather startling declaration that the organization, established in 2014, had been subjected to a hack and ensuing theft which additionally compromised its payment system also.

 The news was accompanied by the increasing reports of vacant wallets as well as an additionally expanded downtime period for the service's website; every one of the operations for the website in question has been halted for the following 24 hours.

As per Kobal, the attack began in the early hours of December 6 after a worker's PC had been compromised , he further added that their team is working with law enforcement and clarified that " we're still conducting a forensic analysis” to determine how it all happened and to discover the exact amount of bitcoin that was stolen.

Kobal went ahead to state that he couldn't give extra points of interest, however, he added that the attack seems, by all accounts, to be “an incredibly coordinated and highly sophisticated one.”

However the Wall Street Journal reported that, Andrej P. Škraba, the head of the marketing at NiceHash, affirmed to the outlet that roughly 4,700 bitcoins, worth up to $70 million disappeared from NiceHash's bitcoin wallet, Škraba also told the Journal that he too like Kobal trusted that "it was a professional attack", but would not give any more information on the matter, taking note of that the further improvements would be released at a later date.

NiceHash, which exhorted its clients to change their online passwords after it stopped operations on Wednesday, has given a couple of other insights about the attack on its payment system also.

"We ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service", it said on its website.

The Slovenian police said that were investigating the hack, but however, declined to further comment.

Hack on cPanel exposes customer details

cPanel was hacked this weekend which exposed details of its customers,including their names, contact details, and encrypted passwords.

Though hacking did not affect payment information which was kept on a separate system.

The firm warned its customers with older passwords to change them,though the possibility of its exposure is less.

   “Although current passwords are stored salted and encrypted, we are accelerating our move to stronger password encryption at the same time in order to minimize disruption. In order to safeguard the system, we will force all users with older password encryption to change their passwords,” said the company’s e-mail.

Though the breach is fairly minor but if attackers make use of exposed information, the customers may be badly impacted.

The company has been in control since 1997 and promises its customers to be most reliable company in web hosting industry. 

Hilton payment system attacked

One of the largest US based hotel chain Hilton revealed that hackers had infected some of their point-of-sale computer systems with malware crafted to steal credit card information.

They didn’t disclosed what data was taken, but cautioned everyone who used payment cards at Hilton Worldwide hotels between November 18 and December 5 of last year or April 21 and July 27 of this year to check for any irregular activity from their debit or credit cards.

In an online post Hilton said that the Malware that infected system had a potential to retrieve cardholders' names, account numbers, security codes and expiration dates.

They further wrote that they are investigating the breach with the help of third-party forensics experts, law enforcement and payment card companies.

Starwood hotels, which operate the Sheraton and Westin chains, announced four days before Hilton that hackers had attacked their payment system resulting in leaking of customer credit card data in some of their establishments.

"The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date," the group said in a statement.

Starwood and Hilton are not the only one whose payment system has been hacked but last month Trump hotels has face the similar incidence of cyber attack.

"We believe that there may have been unauthorised malware access to some of the computers that host our front desk terminals and payment card terminals in our restaurants, gift shops and other point-of-sale purchase locations at some hotels," Trump Hotel Collection said at a website devoted to details of the incident.

According to Trump hotels, the access could have taken place in between May 19 of last year and June 2 of this year.

Brian Krebs, cyber threat blogger at explained the cyber attack on payment systems as "just the latest in a long string of credit card breaches involving hotel brands, restaurants and retail establishments."

E-Trade notifies its 31,000 customers that their contact information may have been compromised

A report published in Washington Post confirmed that E-Trade, a U.S. based financial corporation which provides financial services, informed its 31,000 customers that hackers might have accessed their email and other addresses during a cyber-attack in late 2013.  

However, the company claimed via email that the hackers did not get any sensitive customer account information, including passwords, Social Security numbers, or financial information.

As per the email sent by the company, it got to know about the attack when officials of federal law enforcement alerted to the evidence that customer contact information may have been breached.

The company has announced that it will provide one year of free identity protection services, which includes credit monitoring to those whose information had been compromised.

According to the news report, a person familiar with the investigation who spoke on the condition of anonymity informed that soon after the attack, it launched an internal investigation while it worked with law enforcement.

However, during that time the company did not believe customer information had been compromised, the person added.

"Security is a top priority, and we focus significant time and energy to help keep E-Trade customer data and information safe and secure," a company spokesperson said in a statement. "We take these matters extremely seriously, and in all instances we continuously assess and improve upon E-Trade’s capabilities. We have also contacted any customers we believe may have been impacted."

New York Health Insurer's Security Hack Risks 10 Million Records

A New York based, nonprofit health insurance company, Excellus BlueCross BlueShield had declared on Wednesday (September 09) that cyber attackers have breached its Information Technology (IT) systems which had exposed the information for as many as 10 million of its clients nationwide. People who have been affected include 7 million Excellus members and 3.5 million members under the affiliate Lifetime Healthcare Companies.

According to the Security experts health care companies tend to contain large amount of data of users regarding their personal information which is why they are increasingly becoming the target of hackers.

The company believes that the attackers may have gained unauthorized access to information of individuals' names, dates of birth, Social Security numbers, mailing addresses, telephone numbers, member identification numbers, financial account information and claims information.

Apart from this, the hackers might have got hold of most personal information, revealing not only financial details but even violating the privacy of their medical history.

The insurance company had discovered the first cyber breach that gave hackers the potential to access the records of its users in August 2015.

According to Spokesman of Excellus, Kevin Kane, the company had hired cyber security firm ‘Mandiant’ to conduct a forensic review of its computer system, seeing the rise in attacks. The security firm found evidence of cyber break-ins dating back to Dec. 23, 2013 after which the Federal Bureau of Investigation was called in to notify the customers.

Though, the company has found no data leaving the insurer's systems till now nor is there evidence that the compromised data has been used fraudulently, but it plans to offer two years of free identity theft protection service from risk-mitigation and investigation to the affected users.

A Professor at the New York based University at Buffalo and an expert on cyber deception and information technology, Arun Vishwanath said that health care breaches are more harmful as they impact insurer’s “vendors, physician offices connecting to them, and accessible affiliates all over the country,"

In 2015, Ponemon Institute in Michigan declared a report stating that criminal cyber attacks on the US health sector had increased 125% since 2010.

The report also stated that the healthcare organizations lacked resource, process and technology to prevent and detect attacks or protect the data, despite holding abundance of personal information of its users which has become the reason of increasing cyber attacks on them.

There has been a string of attacks on the health insurance industry in the past year.

The breach on Excellus came six months after a breach at Washington's ‘Premera Blue Cross’ which had exposed the records of 11 million customers and seven months after a breach at ‘Anthem’ that disclosed up to 80 million records.

Earlier, UCLA Health System and CareFirst were also breached of their security, risking their customer’s details. hacked, 93000 customers credit cards info compromised

Florida-based internet service provider announced that one of its computer systems may have been breached, exposing the credit card information of approximately 93,000 customers.

The breach was reported on August 13 which uncovered the unauthorized activity as part of its ongoing security monitoring and shutdown process. The stolen information included credit card information, actual names associated with the payment cards and residential address of the clients. But, the social security numbers and the verification codes were affected by the data breach.

The company owns two other well-known web services companies – and Network Solutions. says that computer systems at Network Solutions and weren’t affected in the attack., based in Jacksonville, Florida, is a website design, e-commerce, hosting and domain registration company; which claims to have more than 3.3 million customers.

All affected customers are being contacted by email and mail, and are being offered one year of credit monitoring services.

Plex Forum hacked, change your password now

ALERT! Internet movie and television enthusiasts, who have been using the PLEX media servers and the PLEX forums for their daily dose of entertainment, it's time to check in your private credentials. PLEX, an online movie and TV library forum has announced that their servers have been hacked on the morning of 2nd July, 2015; which has left registered email addresses, user ids and passwords vulnerable.

The company has clarified that only the accounts that have been used for accessing the services of PLEX forums have been compromised. Yet, it added that the accounts that were created through social media hyperlinks and were never used to access the forums are most probably vulnerable to data breach. The company has however stated that their has been no breach of credit card information as it is never stored in the servers.

The company after finding about the attack, sent an email to the users, requesting them to reset their passwords. The email sent by the company follows :

Dear Plex User,

Sadly, we became aware this afternoon that the server which hosts our forums and blog was compromised. We are still investigating, but as far as we know, the attacker only gained access to these parts of our systems. Rest assured that credit card and other payment data are not stored on our servers at all.

If you are receiving this email, you have a forum account which is linked to a account. The attacker was able to gain access to IP addresses, private messages, email addresses and encrypted forum passwords (in technical terms, they are hashed and salted). Despite the password encryption measures, we take your privacy and security very seriously, so as a precaution, we’re requiring that you change your password.

Be sure to choose a strong password, never share it, and never re-use passwords for different accounts! Even better, use a password manager (1Password, for example) to manage a unique password for you. Access to your Plex account will be blocked until you do so.

Please follow this link to choose a new password.

We’re sorry for the inconvenience, but both your privacy and security are very important to us and we’d rather be safe than sorry!

We will post more detailed information on our blog shortly. Thanks for using Plex!
Now the question arises whether the company can strengthen the security of its servers and continue providing the services without putting the privacy of its users at stake?

Hard Rock Hotel & Casino reports possible card breach

Hard Rock Hotel Las Vegas has issued a statement on May 1 in which they disclosed a security incident which may have affected the customer’s credit card information.

It said that the incident allowed hackers to access to information about credit or debit cards used at certain Hard Rock Hotel & Casino Las Vegas retail and service locations. 

The information affected the names, card numbers, and CVV codes. However, it does not have access to the PIN numbers or other sensitive customer information.

According to the statement, the incident was happened to credit or debit card transactions between September 3rd, 2014 and April 2nd, 2015 at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant.

The attack did not affect transactions at the hotel, casino, Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tattoo or Reliquary Spa & Salon.

The hotel urged its customer to review their credit and debit card statements and report, if they notice any suspicious activity at their bank accounts.

It also informed that the customers are not responsible for unauthorised charges that are reported in a timely manner.
They wrote that in order to protect their customer’s identity, they have now engaged Experian®, the largest credit bureau in the US, which will offer the customers complimentary Fraud Resolution and identity protection for one year.

They said that Fraud Resolution assistance is available anytime however, customers are requested to activate the fraud detection tools, which is available through ProtectMyID® Elite. It provides superior identity protection and resolution of identity theft.

In order to activate ProtectMyID® , the customers have to request for an activation code through an email to Once they receive the code, they have to activate ProtectMyID® Elite at

Harbortouch discloses a breach caused by malicious software

Harbortouch, which supplies point-of-sale (POS) systems to thousands of businesses across United States, disclosed a breach in which some of its restaurant and bar customers were impacted by a malware. The malware allowed hackers to get customer card data from the affected merchants.

A card issuer recently reported to KrebsOnSecurity about the concerned authority is ignoring the dangerousness of the breach. And the ignorance of the company would affect more than 4,200 Harbortouch customers nationwide.

Before the Harbortouch had revealed, many sources involved in financial industry suspected that there was a possibility of a breach at a credit card processing company.

According to an article published on  KrebsOnSecurity, the suspicion increased whenever banks realized card fraud that they could not easily trace back to one specific merchant.

Some banks wanted to know about the unrevealed fraud as stolen cards were used to buy goods at big box stores. They made some changes in the way they processed debit card transactions.  

United Bank recently issued a notice saying that in a bid to protect its customers after learning of a spike in fraudulent transactions in grocery stores and similar stores such as WalMart and Target, it has started a block in which customers will now be required to select ‘Debit’ and enter their ‘PIN’ for transactions at these stores while using their United Bank debit card.

Harbortouch issued a statement last week, in which the company said it has identified and contained an incident that affected a small percentage of its merchants. It also confirmed the involvement of malware installation on the POS systems. The advanced malware was designed in such a way that the antivirus program running on the POS System could not detect.

The Harbortouch however, removed the malware from affected systems shortly when the problem was detected.

Mandiant, a forensic investigator, helped the company in its investigation.

The company explained in the statement that it does not directly process or store card holder data and only a small percentage of their merchants got affected for a short period of time. 

Currently, the company’s officials are working with the parties concerned to notify the card issuing banks that were impacted. After that the banks can conduct heightened monitoring of transactions to detect and prevent unauthorized charges.

However, the sources at a top 10 card-issuing bank in the United States that shared voluminous fraud data with an author of KrebsOnSecurity on condition of anonymity, the breach extended to at least 4,200 stores that run Harbortouch’s the POS software.

Nate Hirshberg, marketing director at Harbortouch, said the statements are not true.

White lodging confirms second data breach at 10 hotels

White Lodging Services Corporation (WLSC), an independent company which manages more than 160 hotels in 21 states of America, has confirmed a second data breach on its credit card systems at 10 locations.

In a press release issued on April 8, the WLSC said that the suspected breach of point-of-sale systems at food and beverage outlets, such as restaurants and lounges, from July 3, 2014 to February 6, 2015 at 10 hotels.

While it is believed that some of the breached locations were the last year’s breached locations only, the Indiana-based company clarified that the second was a separate breach.

According to KrebsOnSecurity news report published on April 15, in February 2015 it reported for the second time within a year that multiple financial institutions were complaining about the fraud on customer’s credit and debit cards that were all recently used at a string of hotel properties run by the WLSC.

However, the company said it had no evidence of a new breach at that time, but last week only, it confirmed the suspected breach of point-of-sale systems at 10 locations.

Banking sources back in February 2015 said that the credit cards compromised in this most recent incident looked like they were stolen from many of the same WLSC locations implicated in the 2014 breach, including hotels in Austin, Texas, Bedford Park, Ill., Denver, Indianapolis, and Louisville, Kentucky.

“After suffering a malware incident in 2014, we took various actions to prevent a recurrence, including engaging a third party security firm to provide security and managed services,” said (in the press release) Dave Sibley, Chief Executive Officer (CEO) of the WLSC.

“However, these security measures failed to stop the malware occurrence on point-of-sale systems at those 10 hotels. We will continue our investigation as it is necessary to protect the personal information entrusted to us by our valuable guests. We deeply regret and apologize for this situation,” he added.

According the WLSC, the stolen data includes names printed on customers’ credit or debit cards, credit or debit card numbers, and the security code and card expiration dates.

The company is offering a year’s worth of credit protection services for customers impacted by the breach, from Experian.

Database hacked at Biggby Coffee, personal information of customers at risk

Security breach at Biggby Coffee has potentially exposed personal information of some of its customers and job applicants.

Biggby Coffee, a leading coffee franchise business based out of Michigan stores information like customer or applicant’s name, date of birth, email address, address, telephone number, Social Security number, driver's license record, employment history.

However the company maintains that no sensitive data like financial information has been leaked, only details like name, contact details and employment history might have been subjected to the breach.

A spokeswoman for the company added that less than 20 % of Biggby's customer data was affected and only information submitted via the website had been compromised. Also, the information accessed had nothing to do with the cash registers or point of sale systems in the stores,

The attack on the company's systems was discovered on the last week of March, when its web developer and hosting company Traction revealed that a criminal has forced its way into the system and accessed the consumer database.

The data breach has been reported to the police and FBI.

Hackers target Executive club members of British Airways

Being an executive customer at British Airways (BA) does not guarantee any better security from hackers. Thousands of executive customers found this out to their peril as BA confirmed the hacking of the accounts.

According to the company, it was not a direct attack on the central database; the attack was carried out on some account holders using information on the users available elsewhere on the internet. Also, the company maintained that only “a small number of frequent flyer Executive Club accounts” had been affected and though there has been some unauthorized activity, no sensitive information had been leaked.

Though the company said that the hackers had not gained any access to any subsequent information pages like travel histories or payment card details within accounts, BA Executive Club (BAEC) account holder have registered complaints on the forums saying that their Avios points have been stolen. Avios points are accumulated through frequent travel can be used for other flights or upgrades. Tier points have not been affected due to this hack.

One user wrote, “My Avios balance, which was 46,418 yesterday, is suddenly zero,” Another said, “217,000 taken from my account this morning. 30 minute hold on the silver line.”
Other people are also reporting they are unable to access their accounts at all, with their BAEC number not being recognized at all.The company responded saying that the accounts have been locked down from access as a response to the breach and all the points would be subsequently reinstated.

Some members of BAEC affected by the issue have received emails requesting change of passwords, for those who have not but still are locked out of the accounts can place a call to the customer care.

For customers wanting to book flights now, bookings as redemption of points might not be available pending resolution of the matter but still can be checked for availability.

Alternatively, one might, if the options are available try to book through which has not been affected.

However, with so many cases, it is best to wait for a few days till the situation becomes clearer.

Slack hacked, over 100k users data compromised

Slack, a team communication tool, has suffered suffered a security breach on its central user database, potentially leaving user's login credentials in the hands of hackers.

Slack was launched in 2013 and its android application has been downloaded by more than 100,000 users so far(according to Google Play store).

The company confirmed the breach in a company blog post. The unauthorized access took place for about 4 days in February.

The database accessed by the intruders included usernames, email IDs, and  passwords(hashed). It also contained optional data added by users such as phone numbers, Skype IDs.

On the bright side, Slack didn't store the passwords in a plain-text format. The passwords have been hashed with a bcrypt and a randomly generated salt.  It does not mean this will thwart hackers from accessing your account, it will just slow down the process and give you a time to take action. And, NO Financial or payment data compromised in this attack.

In the wake of security breach, the company strengths its security for the authentication.  One of them is "2 step authentication" - a verification code in addition to your normal password whenever you sign in to Slack. Let's hope the company also fixes any other vulnerabilities in their website.

Data Breach at Sacred Heart Health Systems

A security breach at one of the third-party vendors of Sacred Heart Health Systems has resulted in the exposure of health and personal information of approximately 14,000 patients.

Hackers were able to access patients’ names, dates of service, dates of birth, diagnoses and procedures, total charges, and physicians’ names, and 40 of the patients Social Security numbers were also compromised, through phishing attack by gaining access to the email account of an employee of the billing vendor.

The incident was first discovered on Dec. 3, 2014, and username and password of the employee was immediately shut down. On Feb 2,2015, Sacred Heart was notified of the attack.

 They immediately launched an internal investigation by engaging computer forensics experts, to conduct and analyze the incident and help to accurately identify affected ones, and they sent letters to all affected patients informing them about the hacking attack. The hacker has not been identified.

Credit Card breach at Zoup puts NEXTEP in a soup

Eating out at Zoup? Be careful while using the credit card.
Thousands may be affected by a credit card breach that originated at the popular point-of-sale vendor NEXTEP systems which serves Zoup, and many other restaurants, corporate cafeterias, casinos, airports.

The incident came to light after  sources in the financial institutions  noted that all the cards which have recently showed fraudulent activity have been used at any of the 75  Zoup outlets across northern half of the United States and Canada. Zoup, one of Nextep’s biggest customers uses Nextep’s services at all outlets.

On being contacted by KrebsonSecurity, Zoup CEO Eric Ersher referred the calls to Nextep who admitted the breach. Nextep President Tommy Woycik  however added that he believed not all customers were impacted by the breach.

The pattern of breach is similar to the ones at other fast food chains —  Dairy Queen and Jimmy Johns, reported last year. In all such cases, malware is injected at the point of sale systems, which is designed to steal data encoded onto the magnetic strip at the back of credit and debit cards. The stolen data is then used to create counterfeit cards, which are then typically used to make purchases at big-box retailers. Such stolen cards are of considerable value at the underground cybercrime stores, and each card is sold for anywhere between $20 and  $100.

It is not clear how the nextep breach occurred but if previous examples are studied, the cause might be traced to stolen credentials which were then used to remotely administer malware into the system.

Effects of breach at point of sale vendors are huge. Last year, breach at the POS vendor Signature Systems Inc affected Jimmy John sandwich shops and at least 100 other restaurants. Earlier this year, Advanced Restaurant Management Applications (ARMA) suffered from a similar breach that affected many of its client restaurants.

Historically, food institutions have been prone to these attacks.While attacks at chain restaurants can be well  detected owing to pattern originating from the  huge data collated, the magnitude of the breach also increases owing to the number of outlets it affects.

KrebsOnSecurity is currently tracking down the commonalities between the POS breaches across the country.

Limited portion of ASML's IT System hacked

An unnamed hacker broke into a limited portion of an  IT system of a semiconductor supplier company called ASML on Sunday. In their initial investigation, ASML revealed that only a limited amount of data has been accessed.

According to  ASML, there has not been any evidence of  valuable files, both  from their or customers and suppliers side, has been compromised. Their IT staff quickly got to know about the break-in the IT system and took immediate step.

ASML is a multinational Dutch company, with its presence  felt in more than 16 countries in over 70 different locations. They make photolithography machines for the production of integrated circuits such as CPUs and memory chips, that improve the quality of life.

In recent times, many large companies have been targeted by hackers, but they  are constantly working to improve their defenses against hacking attempts and their detection capabilities.

ASML is listed in Euronext Amsterdam and NASDAQ under the symbol ASML.

Uber files John Doe lawsuit in response to nine month-old data breach

Uber has filed a John Doe lawsuit in the district court of Northern California as part of its investigation regarding a data breach of one its driver’s database.

Last year in on September 17th, Uber discovered that one of its databases had been accessed using a login key that was posted on a post on Github.  The key was used to access Uber's internal database which houses information about 50,000 drivers.

Uber has begun reaching out to drivers whose information was stored in the breached database. The company has also provided a one year free membership of Experian’s ProtectMyID Alert to drivers whose information has been stolen.

Uber has also subpoenaed Github to share the IP addresses of anyone who visited a particular gist post (the login key used to access the database was posted there) between March and September 2014.

Uber shared the information about the breach through a post on its blog, on which it mentioned that the breach of data had occurred sometime around 12th May, last year. The files that were stolen from the database contained names and driving license numbers of its drivers, past and present. According to Uber, no case of misuse of any stolen data has been reported.

Questions have risen after the post was published on Uber's blog as to why the company did not come forward with the information earlier, and why were driver partners whose information was stolen and put at risk, not informed about the incident earlier?