Data Breach Victims Eligible for Compensation in $3.25M Settlement
Description
See Tickets, a global ticketing services company, detected suspicious activity on several of its e-commerce platforms in May of 2023. A subsequent investigation revealed that cybercriminals had injected malicious code into the company’s checkout pages. This unauthorized code enabled the attackers to capture customer information transactions processed between February 28, 2023, and July 2, 2023. The compromised data included names, addresses, zip codes, payment card (more…)
$200,000 Fraudulent Scheme Forces Finance Director to Step Down
Description
The mayor of Plymouth, Connecticut reported on the mayor’s office Facebook page that the town had fallen victim to a sophisticated social engineering scam. Cybercriminals had compromised the accounts of one of the town’s vendors a month earlier, gaining access to information about an ongoing project for the town. Using this knowledge, the scammers sent fraudulent invoices to the town’s financial department. While the (more…)
Misconfigured Settings Exposes Social Security Numbers of Aviation Industry Users
Description
FlightAware, based in Houston, Texas, is renowned for delivering real-time, historical, and predictive flight insights to various segments of the aviation industry, including airlines, airports, and air traffic control. On July 25, the company identified a configuration error in its backend systems that had exposed personal user information for over three years, allowing unauthorized access. In response, the company’s President issued a letter to (more…)
Cybercriminals Skim Credit Card Numbers from the Oregon Zoo website
Description
On August 16, the Oregon Zoo reported on August 16 that the credit card information of more than 117,000 people who had visited the year was stolen. This discovery resulted from a 6 week long investigation into a payment skimming malware attack on the zoo’s payment platform, managed by a contracted vendor. The investigation began after suspicious activity was detected in June 2024 and (more…)
City in Ohio Avoids Devastating Ransomware Attack
Description
The city of Columbus, Ohio, had its communication and digital services impacted for almost two weeks following a cybersecurity incident that was detected on July 18, 2024. City officials clarified that the incident is entirely unrelated to the CrowdStrike incident that occurred during the same period. Email services have been completely down, and some computer services affecting public safety, utilities, and public health were (more…)
AT&T Data Breach Spurs Lawsuit and Action from Washington
Description
AT&T announced on July 12, 2024, that it had been a victim of a data breach. The company learned of the breach in April but delayed disclosing it at the request of federal investigators. The attack is attributed to unauthorized access to an AT&T workspace on a third-party cloud platform. Snowflake is a well-known data warehousing (more…)
Intuit Faces Lawsuit in Relation to 2024 Data Breach
Description
Intuit, a global financial technology company known for brands like TurboTax, Credit Karma, and QuickBooks, faced a significant data security incident in early 2024. The company discovered unauthorized access to its systems on February 27, 2024, with the breach period spanning from December 23, 2023, to February 21, 2024.
On April 27, 2024, Intuit began notifying affected customers that their accounts had been temporarily frozen for (more…)
One Security Breach Cripples 15,000 Car Dealers
Description
CDK Global is a leading Software-as-a-Service (SaaS) provider of integrated technology solutions to the automotive retail industry. According to a 2023 cybersecurity report published by CDK that focused on automobile dealerships, 17% of dealers reported experiencing a cyberattack or incident in 2023. That is an increase of 13% over the year prior. Of those that reported an attack, 46% said their business was impacted either (more…)
Live Nation Faced with Suit after Recent Data Breach
Description
A hacker group known as ShinyHunters, claims to have breached Ticketmaster’s systems and exfiltrated a staggering 1.3 terabytes of data belonging to approximately 560 million customers worldwide. Ticketmaster is an event ticket broker owned by the global entertainment company, Live Nation. The compromised data included names, addresses, phone numbers, credit card information, and other payment details dating back to 2011. ShinyHunters is reportedly demanding a (more…)
Elaborate Email Deception Scam Swindles $445,000 from Victim
Description
The town of Arlington, Massachusetts, discovered firsthand how well-organized cybercriminal organizations on the other side of the world can steal money from unsuspecting victims. On June 5, 2024, the Town Manager published a letter to the community outlining how the local municipality had fallen victim to a business email compromise (BEC) email scheme attack in which more than $445,000 was diverted to an account in control (more…)