Tag Archive for: data

MarineMax confirms data breach | SC Media

/in


MarineMax has disclosed having employee and customer data stolen from its systems following a cyberattack last month, BleepingComputer reports.

“…[O]ur ongoing investigation has identified that this organization exfiltrated limited data from this environment that includes some customer and employee information, including personally identifiable information,” said the major U.S. global recreational boat, yacht, and superyacht retailer in an updated filing with the U.S. Securities and Exchange Commission.

No additional details regarding the perpetrator of the breach have been provided but the Rhysida ransomware-as-a-service operation already laid claim on the incident, demanding more than $1 million worth of bitcoin as ransom for financial documents and other data, which MarineMax denied.

MarineMax’s confirmation comes nearly a month after Rhysida leaked all of the data it purportedly stole from Chicago-based Lurie Children’s Hospital after it refused to pay the ransom. Sony-owned video game developer Insomniac Games also had 1.67 TB of files exposed by the ransomware gang as a result of not paying the $2 million ransom.

Source…

Nearly 3M people hit in Harvard Pilgrim healthcare data theft • The Register

/in


Infosec in brief Nearly a year on from the discovery of a massive data theft at healthcare biz Harvard Pilgrim, and the number of victims has now risen to nearly 2.9 million people in all US states.

Pilgrim’s problems were first admitted last year after a March ransomware infection that affected systems tied to the health services firm’s commercial and Medicare Advantage plans. While the intrusion occurred on March 28, 2023, it wasn’t discovered until April 17. Pilgrim says it believed customer data was extracted in the interim period.

“After detecting the unauthorized party, we proactively took our systems offline to contain the threat,” Harvard Pilgrim said in its latest notification letter sent out this month. “We notified law enforcement and regulators and are working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation.”

Names, physical addresses, phone numbers, birth dates, clinical information including lab results, and social security ID numbers were all compromised, Harvard Pilgrim said. 

The latest notification letters mark the fourth time Harvard Pilgrim has updated the total number of victims. An update in February put the total number at 2,632,275 individual records exposed; now it is reporting a total of 2,860,795 people. 

As is usually the case in these sorts of dramas, credit monitoring and identity protection services are being offered, and the business doesn’t believe any of the stolen data has been misused as a result of the theft – that it knows about at least. 

It’s not uncommon for victim numbers to increase during the course of an investigation, though 2.8 million is a lot of people and may not be the final tally yet.

“Our investigation is still underway and we will continue to provide notification in the event we identify additional individuals whose information may have been impacted,” a spokesperson told The Register.

Critical vulnerabilities: A very Cisco week

There weren’t a ton of critical vulnerabilities to report this week, though Cisco did have a pretty busy few days with a series of updates going out for IOS and other products.

Source…

AT&T data breach: Millions of customers caught up in major dark web leak

/in


Manage consent settings on AMP pages

These settings apply to AMP pages only. You may be asked to set these preferences again when you visit non-AMP BBC pages.

The lightweight mobile page you have visited has been built using Google AMP technology.

Strictly necessary data collection

To make our web pages work, we store some limited information on your device without your consent.

Read more about the essential information we store on your device to make our web pages work.

We use local storage to store your consent preferences on your device.

Optional data collection

When you consent to data collection on AMP pages you are consenting to allow us to display personalised ads that are relevant to you when you are outside of the UK.

Read more about how we personalise ads in the BBC and our advertising partners.

You can choose not to receive personalised ads by clicking “Reject data collection and continue” below. Please note that you will still see advertising, but it will not be personalised to you.

You can change these settings by clicking “Ad Choices / Do not sell my info” in the footer at any time.

Source…

Activision is investigating reports of malware stealing player data

/in


Call of Duty MW II Season 6 Blackcell

Activision is reportedly investigating the possibility of malware that’s been targeting players in Call of Duty in attempts to steal player data. At the moment it doesn’t seem to be confirmed where the malware comes from or how it’s infecting players’ PCs. However, there is talk that the malware was able to infect player PCs through the downloads of unauthorized software for use with Call of Duty.

In other words, players who had their data stolen may have been infected with the malware after downloading cheat software. First reported by TechCrunch, the main goals of these hackers aren’t yet clear. TechCrunch says the hackers were “trying to steal passwords for various types of accounts.” It’s also noted that it isn’t just passwords for gaming accounts that are being targeted. But also the passwords for crypto wallets.


Activision has acknowledged these claims and is actively looking into the situation. The company is also “aware of some claims that some player credentials across the broader industry could be compromised from malware from downloading or using unauthorized software.” It isn’t confirmed yet that these hacks were caused by the downloads of unauthorized third-party software.




Following reports of malware stealing player data, Activision says company servers are safe

The good news for legitimate players, it seems, is that Activision company servers are reportedly fine. A spokesperson for Activision Blizzard who spoke with TechCrunch says that the company servers “remain secure and uncompromised.” So it’s quite likely that only players downloading and using unauthorized third-party software have been impacted.

Call of Duty has had an ongoing issue with cheaters using third-party software to gain an advantage. Activision’s anti-cheat team has implemented a number of mitigations over the last couple of years to try and stop them. For instance, players caught using aim assist on PC through unauthorized software will have the game immediately shut down. Other mitigations cause enemy players to become invisible for those cheating, as well as make them invincible to damage.

While it hasn’t been confirmed that players…

Source…