Michaels confirms security breach affecting 2.6 Million cards

After over two months of investigation, Michaels stores has finally confirmed the payment card data breach affecting approximately 2.6 million cards.

The compromised data includes Payment card information such as numbers and expiration date for the payment cards.  However, there is no evidence that other data such as names, PINs,addresses have been accessed.

The data breach occurred between May 8, 2013 and January 27, 2014.  The company said only a small percentage of cards(7%) used at Michaels stores during this period were impacted by this breach.

The company is offering one year free credit card monitoring.  After receiving limited reports of fraud,  the company is also offering one year free identity protection and fraud assistance services.

The location of affected stores and dates of exposure are listed here.

Aaron Brothers, one of the subsidiaries of Michaels stores, was also attacked by criminals.  The breach which took place between june 26,2013 and Feb 27,2014 have affected approximately 400,000 cards.

"We have now identified and fully contained the incident, and the malware no longer presents a threat while shopping at Michaels or Aaron Brothers" The retailer said they have removed the malware in question. 

Details of Over 480,000 people stolen from The Harley Medical Group


Hackers breached the server of an UK Plastic & Cosmetic Surgery company The Harley Medical Group and compromised personal details of over 480,000 people.

The individuals who have submitted their data via an initial inquiry form on the company's website were affected by this breach.

The information accessed by attackers include the names, email IDs ,date of birth, addresses and phone numbers , according to Hot For Security.  No clinical or Financial information has been accessed by attackers.

The company said it believed the attack was an attempt to extort money from the company.

"We have informed the police and will continue to provide whatever assistance they may require to track down the perpetrator of this illegal act" Harley chairman Peter Boddy said in the letter.

LaCie Security Breach went unnoticed for a Year


If you used a credit or debit card to purchase electronic items at LaCie's website last year, you may want to eagle-eye your card statements.

LaCie, French Computer Hardware company specializing in external hard drives, announced that it fell victim to a security breach that put customers' personal information and financial information at risk.

The company says cybercriminals used malware to infiltrate their website.  After getting notification from FBI on March regarding the breach, LaCie hired cyber forensic investigation firm.

Customers who made transactions between March 27,2013 and March 10,2014 were affected by this data breach.

According to an incident notification, customers' usernames, passwords, names, addresses, email IDs, credit and debit card information are all at risk.

Customers' passwords have been reset. e-commerce portion of the site has temporarily been disabled while the company "transition to a provider that specializes in secure payment processing services".

55,000 Social Security Numbers exposed in VFW.org security breach

The Veterans of Foreign Wars(VFW.org) of the United States recently began notifying affected users that hackers were able to their personal information.

In February 2014 , attackers compromised the VFW's website and planted malicious code that infects users' system with malware who visits vfw.org from vulnerable Internet Explorer versions.  The attack was believed to be originated from China.

An investigation into the incident shows that names, addresses and social security numbers of approximately 55,000 VFW members were compromised in the breach.

The letter dated April 4 said back in March VFW became aware of the security breach.

"VFW has been informed that the purpose of the attack wasn't identity theft, but rather to gain access to information regarding military plans or contracts" The letter reads.

VFW said they are offering one free year of identity theft protection services from AllClear ID to the affected members.

GovWin IQ website hacked, credit card information of 25,000 at risk

GovWin IQ System run by an enterprise software and information solutions provider Deltek suffers a security breach that puts information of around 80,000 employees of federal contractors at risk.

GovWin  are designed specifically for Government Contractors aiming to grow their business.

The breach occurred sometime between July 3,2013 and November 2,2013.  However, the company came to know about the breach only on March 13,2014.  

The hacker exploited a security vulnerability in the GovWin IQ System and managed to access customers' data.  The information accessed by hackers includes Names, billing addresses, phone numbe,s. and business email IDs.

According to Federal News radio report, the hackers also had access to credit card information of about 25,000 of those affected customers. Those who had card information compromised are being offered free credit monitoring services.

The company says it is cooperating with law enforcement on this case.  They have also hired a cyber security forensic firm. They also claimed to have arrested the hacker believed to behind the breach.

Germany's biggest data theft, 18 million emails and passwords stolen


18 Million email addresses and passwords have been stolen in what is being called the biggest data theft in Germany's history.

The compromised accounts are reportedly being misused for criminal purposes such as spreading spam emails.

The authorities have determined that at least three million of compromised accounts belong to German citizens(accounts ending with '.de').  The rest had international domain extensions such as '.com'.

It is still unknown exactly how many German and people from other countries have been affected by this massive data theft. 

A spokesperson for the states prosecutor's office in Verden, Lower Saxony, Germany, told The Local that they are currently in the process of determining how hackers accessed 18 million accounts.

It is second major data theft in Germany this year.  In January, German authorities announced that hackers accessed 16 million email addresses and passwords.

Spec's breach affects 550,000 customers

Texas liquor store Spec's says it experienced a cyber attack on its network  that exposed personal and financial information of more than a half million customers.

The company issued a statement saying the breach affects fewer than 5% of its total transactions.  Those who shopped at one of the 34 their affected stores were affected by this breach.

According to the statement, the attack began on October 31,2012 and may have continued through March 20 of this year.

The exposed information includes names, credit/debit card number, expiration date and card security code or check information including Bank account number, bank routing number, birth dates, driver's license number.

Spec's spokeswoman Jenifer Sarver told the Houston Chronicle that the breach affected "an estimated fewer than 550,000" customers and Spec's employees.

Spec's says it's working with United States Secret service in ongoing criminal investigation to arrest the attackers and taking steps to prevent future attacks.

25,000 cards data compromised in Sally Beauty data breach


Earlier this month, Krebs on Security first reported that one of the largest retailers of beauty products 'Sally Beauty' had been hacked.  At the time, the Sally Beauty said there is no card data involved in the breach.

Today, the company confirmed that its network has been breached and fewer than 25,000 credits cards data may have been compromised by attackers. 

“As experience has shown in prior data security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security breach/incident prior to the completion of a comprehensive forensic investigation." Sally Beauty said.

"As a result, we will not speculate as to the scope or nature of the data security incident." the company added.

The company said they will continue to work with Verizon and US secret services on this investigation.  The company is taking necessary actions and precautions.

In the meantime, an unknown hacker defaced a website selling the stolen credit card data and send a message to the admin of the site as well as to Brian Krebs.

" Hi subhumans and miscreants, your fraud site is gone now. Go away.
Also, Krebs, please dont call me a punk on Twatter: im trying to be a good person :(" The defacement page reads.

"To all the people who used this service to blackmail and threaten and "dox" people's families: fuck you especially. To the "regular" fraudsters: fuck you too but slightly less.  To Cloudflare: why in a billion 6000-degree hells is your NS TTL 80000?" 

Hacker breaches Johns Hopkins University website

 
A hacker claiming to be part of the Anonymous hackers group has breached the Johns Hopkins University website and leaked the data compromised from the database server.

The database server contains information of current and former biomedical engineering students.  The stolen information includes name, phone number and email id of students.

The University says no information such as Social Security numbers and credit card numbers that would make identity theft a concert, is not involved in the breach.

According to the Baltimore Sun, the so-called anonymous hacker attempted to extort the university for further access to its database server, threatening to leak the stolen data unless university handed over the server password.

The breach reportedly occurred in last November, the vulnerability responsible for the breach has been patched.  The University is currently working with FBI and trying to remove the leaked data from online. 

Bitcoin Bank Flexcoin website hacked, $600,000 worth Bitcoins stolen

Bitcoin Bank "FlexCoin" website has been closed after reportedly hackers attacked the site and stole 896 bitcoins worth $600,320.

The organization claims the attack happened on March 2nd, in which attackers transferred the bitcoins to two different addresses.

"As Flexcoin does not have the resources, assets, or otherwise to come back from this loss, we are closing our doors immediately." the company posted a statement on its main page.

The bitcoins stored in cold storage were not affected by this breach, as coins were held offline.  Those users who put their coins into cold storage will be contacted by Flexcoin and asked to verify their identity.

For others, the company pointed out a link to TOS, where it says "Flexcoin Inc is not responsible for insuring any bitcoins stored in the Flexcoin system. You are entering into this agreement with Flexcoin Inc. You agree to not hold Flexcoin Inc, or Flexcoin Inc's stakeholders, or Flexcoin Inc's shareholders liable for any lost bitcoins."

The company says they are working with law enforcement and trying to find the cause of the security breach.  

Hackers compromised 300k personal records from University of Maryland

Hackers breached University of Maryland's computer and compromised data belong to more than 300,000 people affiliated with the school on its College Park and Shady Grove campuses.

Details of students, staffs have been compromised in this security breach.  The accessed information includes Social Security numbers, names, birth dates and university ids, reports TwinCities.com

On Tuesday, 4 a.m, an Intruder gained access to a database containing information dating to 1998.  Other than stealing the data, the hacker didn't do any damage for the server.

University President Wallace D. Loh. said school officials are investigating the security breach and trying their best to prevent such kind of attacks in future.

Loh said they are also working with Law enforcements authorities. Computer forensics experts are examining the logs to determine how intruders gained access.

University plans to offer one year free credit card monitoring service to those who affected by this breach. 

KickStarter kicked by Hackers, username and password stolen

Online Crowdfunding website KickStarter is to be the latest high-profile website reporting security breach.  KickStarter became aware of the breach, after receiving a notification from Law enforcement.

Hackers breached their website( kickstarter.com) and gained access to the user's information including usernames, encrypted passwords, email IDs and phone numbers.  The company says there is No Credit card data compromised in this breach.  

Even though the password is encrypted one,  we aware the fact that attackers with enough computing power can easily crack those passwords.

The company informs that two accounts have been accessed by hackers so far.  All users are recommended to change their password immediately for the KickStarter website.

If you are using the same password in any other websites(most of us do), you are also advised to reset the password there also.

"We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting." the company apologizes in their blog post.

Hackers reportedly used stolen vendor credentials for hacking Target system


Target Corporation told Wall Street Journal that the massive data breach it suffered last month happened after cyber criminals compromised credentials from a vendor and used them for hacking into the Target system.

The company didn't provide much information.  It didn't say how hackers stole the credentials.  They also didn't specify in which portal hackers logged into.

Cyber security blogger Brian Krebs who brought the Target breach to the light, said in his blog that malware used in the breach had used username 'Best1_user' and password 'BackupU$r' to access the shared drive.  Krebs highlighted the fact that the username is same as the default password used in IT management software developed by BMC Software.

"According to BMC’s documentation, this account is normally restricted, but the attackers may have usurped control to facilitate lateral movement within the network." said in Dell SecureWorks report pointed out by Krebs.

The report also revealed that malware component installed a service called "BladeLogic", appeared to be mimicking the name of another product of BMC.

A Trusted source told Krebs that BMC's software is used by many major retailers.  He believes targets also use it.

Krebs also confirmed that cyber criminals known as Rescator are selling millions of cards stolen in the Target data breach.

Hackers used Xtreme RAT malware to gain access to Israeli Defense computer



 
Seculert, an Israel Cyber Security firm, told Reuters that hackers gained access to the Israeli Defense ministry computer by sending a malicious email containing an Xtreme RAT.

Seculert CTO Aviv Raff told Reuters that earlier this month hackers took control of around 15 computers including the Israel's Civil Administration computer which monitors Palestinians in Israeli-occupied territory.

The firm declined to identify other 14 computers targeted by the hackers. An anonymous source told Reuters these included companies involved in supplying Israeli defense infrastructure.

The latest attack is appeared to be originated from US servers. However, experts noticed some similarities to previous attacks. The firm suspects the Palestinians to be behind the cyber attack.

The firm hadn't determined what hackers did after gaining access to the systems. It believes that hackers had access to the infected computers several days.

Xtreme RAT is the remote access trojan that gives hackers complete access to the infected systems. An attacker is able to steal any documents or execute any other malware code in the system.

The same malware has been used in several other targeted-attacks including attacks targeting 'the Israeli police department', 'syrian anti-government activists' and other governments.

Data Breach : Laptops containing personal information of 74k people stolen from Coca-Cola


Coca-Cola company has reported a data breach on friday.  74,000 people are at risk after laptops containing their personal details have been stolen from the company's Atlanta headquarters.

According to the Wall Street Journal report, it includes the information belong to employees, supplies and contractors.

The laptops contained information such as Social Security numbers, addresses, driver's license numbers, some financial details and other personal information.

As per the Coca-cola's policies, the laptop must have been encrypted.  The worst part is that the stolen laptops weren't encrypted.

The company learned about the data breach on Dec. 10,2013.  The laptops apparently were stolen by former employee who was in charge of maintaining or disposing of equipment. 

The affected individuals have been notified about the breach and they are also offered free credit card monitoring service.

Neiman Marcus confirms security breach, credit card data stolen

Neiman Marcus, an American luxury specialty department store, has acknowledged that customers' credit/debit card data might have been stolen in a security breach, Cybersecurity journalist Brian Krebs reported on Friday.

While investigating the fraudulent credit and debit card charges, Krebs found evidence that those stolen cards had been compromised from Neiman Marcus.  So, he contacted the company and received confirmation that they are in fact investigating the data breach.

The company became aware of the breach in mid-December, when they get notification from their credit card processor.

Cyber forensics investigators still investigating to find out the cause, duration and size of the breach.  The company says its online customers were not affected by this data breach.

The company said that they are also working with U.S. Secret Service.  The breach occurred on the same time as the Target breach(Nov to Dec 2013). 

Straight Dope message board forum hacked


The Straight Dope, a famous online Q&A newspaper column published in the Chicago Reader, informs its users that their website is targeted and hacked.

The security breach allowed the attackers to compromise forum users' information which includes usernames, email address and passwords.

The forum asked user to change their Straight Dope password by visiting to the "http://boards.straightdope.com/sdmb/profile.php?do=editpassword".  If you have used the same password anywhere else, you are strongly recommended to change the password there also. 

Even though all passwords were stored as Hashes, if your password is not very strong, it won't take much time for a hacker to crack the password using brute force attack.

Ed Zotti, moderator of the forum, said that they are also working with law enforcement officials and conducting investigations.  He also highlighted that their forum doesn't store SSNs or any other financial information.

When i had look at the forum, i just found they are using the Old version of vBulletin(v3.7.3).  I'm not sure whether they have applied proper security patches.  If not, may be that's how hacker get the access.

World Poker Tour Amateur Poker League website admits to security breach

Recently a hacker using twitter handle "@smitt3nz" hacked into the World Poker Tour Amateur Poker League(WPTAPL) website and leaked a database containing email addresses,clear-text passwords of more than 170k users.

WPTAPL Officials have now confirmed the security breach to SC Magazine.  However, they are trying to downplay the impact of the breach.

Kurt McPhail, president and CEO of WPTAPL claimed the leaked information are pretty much worthless and most of the compromised data was old.

They also said that only 50k of leaked accounts are still active and information can't even be used to log into their website because players use different separate username to log in.

I can't agree with their point that the leaked info are worthless.  The listed email ids and passwords may not allow attackers to log in the WPTAPL.  But, most of people normally use the same password for their email ID.  An attacker can use the info to compromise the email account.

 The vulnerability in question is reportedly being fixed and members are being notified about the breach.

Staysure's system hacked and financial data of 90k+ customers stolen


Staysure, UK based Travel Insurance company, has notified more than 93,000 customers that their sensitive financial data may he been compromised by hackers.

The company systems suffered a cyber attack during the second half of the October 2013. However, they came to know about the breach only in the mid of November.

The company said that they immediately hired a cyber forensic investigator to fully ascertain the extent of the problem.

Hackers accessed sensitive information includes names, addresses, encrypted payment card details of customers and CVV details.

The company said that only people who bought the insurance policies before May 2012 are at risk - The company has stopped storing sensitive data after this date.

Affected customers are being offered a free access to Data Patrol, a 24/7 online identity fraud monitoring service provided by Experian.

Barry University’s Laptop infected with malware, patients info at risk


Patients of Foot and Ankle Institute at Barry University are being notified about a security breach that their personal information and medical records may have been compromised.

The Security breach was detected around May 14, according to the Miami Herald.  The school laptop was infected with a piece of malware.

The university hired a computer forensics company to investigate the incident.  They removed the malware from University's network and restored the affected files to their original state.

After several months, the University determined the some sensitive information of patients may have been compromised in the breach.  They university hasn't released the number of affected patients.

The sensitive information at risk includes the patients' name, Social Security Number, date of birth, bank account number, credit and debit card numbers, Driver license numbers, medical records.

The University offers a complementary 12 month credit monitoring service to those who affected by this security breach.