Travel industry giant Sabre said Wednesday an intruder using stolen account credentials for its widely used reservations software had access to payment card details and personal information over a seven-month period. But it declined to say how many people are affected.
Members of Parliament in Britain have had their remote email access suspended following an apparent brute-force hack attempt aimed at exploiting weak passwords to gain access to their accounts. Officials say fewer than 90 email accounts appear to have been breached.
South Korean web hosting firm Nayana has agreed to pay attackers a record-shattering $1 million to unlock 153 Linux servers crypto-locked by ransomware. Security researchers say the infection was likely exacerbated by the company running ancient versions of the Linux kernel, as well as Apache and PHP.
Clothing retailer Buckle says malware installed on its point-of-sale systems apparently stole customers' payment card details for nearly six months. Buckle's warning, which follows a breach alert from Kmart, shows the fight against payment card fraud is far from over.
Kmart has suffered a data breach affecting "some, not all" of its 735 U.S. locations as a result of its point-of-sale systems being infected by malware designed to siphon payment card data. The retailer described the malware as "undetectable by current anti-virus systems and application controls."
Restaurant chain Chipotle Mexican Grill says customers' payment card data was stolen via point-of-sale malware installed at the vast majority of its more than 2,000 restaurant locations for more than three weeks.
Travel industry software giant Sabre has alerted hotels that its software-as-a-service SynXis Central Reservations system - used by more than 36,000 properties - was breached and payment card data and customers' personal details may have been stolen.
In the wake of fraud reports, Blowout Cards has issued a security alert to customers, warning that an attacker hacked its website and installed a PHP file designed to skim payment card details at the time of purchase.
Free advice for breached businesses: Once you admit that you've suffered a data breach or that you're investigating a security incident, disseminate that message far and wide so no one can accuse you of trying to cover it up. That's the lesson from an incident at BlowOut Cards, a sports card trading site.
So-called "trust attacks" aren't waged for financial gain. They're waged to compromise data, data integrity and to expose sensitive information. Why Darktrace CEO Nicole Eagan says trust attacks will be among our greatest IoT worries in 2017.
Gov. Susana Martinez has signed legislation making New Mexico the 48th state to enact a data breach notification law. Alabama and South Dakota remain the only states without a data breach notification statute.
Intercontinental Hotels Group says that in addition to 12 hotels that it directly manages suffering a point-of-sale malware outbreak that began in 2016, 1,200 IHG-branded franchise hotel locations in the United States were also affected.
Luxury clothing retailer Neiman Marcus has disclosed that a December 2015 breach compromised more sensitive information than first thought. It also disclosed a fresh attack in January that exposed names, contact information, email addresses and purchase histories.
Following the Westminster attack in London, Britain's home secretary scapegoated social networks and end-to-end encryption communications. Is it possible her government has a messy domestic political issue that it's trying to avoid discussing?
Not too fast, not too slow. Notwithstanding regulations and contractual obligations, that's legal and security experts' consensus on how quickly organizations that suspect they've been breached should notify individuals whose information may have been exposed.