Home Tags Posts tagged with "Data breach"

Data breach

About 500 million Yahoo users were hit by the 2014 hacking attack, the tech giant has confirmed.

The breach, the largest publicly disclosed in history, included swathes of personal information including names and emails as well as “unencrypted security questions and answers”.

According to Yahoo, the breach did not include any credit card data. The site said it believed the attack was state-sponsored.

Yahoo has announced it will buy digital video advertising service BrightRoll for $640 million

In July, Yahoo was sold to Verizon for $4.8 billion.

News of a possible major attack on Yahoo emerged in August when a hacker known as “Peace” was apparently attempting to sell information on 200 million accounts.

On September 22, Yahoo confirmed the breach was far bigger than first thought.

The data taken includes names, email addresses, telephone numbers, dates of birth and encrypted passwords.

Yahoo recommended all users should change their passwords if they had not done so since 2014.

It said in a statement: “Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry.”

Reuters reported three unnamed US intelligence officials as saying they believed the attack was state-sponsored because it was similar to previous hacks linked to Russian intelligence agencies.

0

Nearly four million US government workers have been hit by data breach, officials said.

Chinese hackers are suspected of carrying out the “massive breach” of the personal data of the Office of Personnel Management (OPM) employees.

OPM has confirmed that both current and past employees had been affected.

The breach could potentially affect every federal agency, officials said.

The hackers were believed to be based in China, officials said. Beijing responded by calling such claims “irresponsible”.

OPM said it became aware of the breach in April during an “aggressive effort” to update its cyber security systems.

It said it would be contacting all those individuals whose personal data may have been breached in the coming weeks, and offering them 18 months of free credit monitoring and identity theft insurance.OPM data breach 2015

OPM serves as the human resource department for the federal government. The agency issues security clearances and compiles records of all federal government employees.

Information stored on OPM databases includes employee job assignments, performance reviews and training, according to officials.

The breach did not involve background checks and clearance investigations, officials said.

Susan Collins, a member of the Senate Intelligence Committee, said the hackers were believed to be based in China.

She called the breach “yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances”.

China denied there was any official involvement in the attack.

China’s foreign ministry spokesman Hong Lei said at a regular briefing: “Cyber attacks are generally anonymous and conducted across borders and their origins are hard to trace.

“Not to carry out a deep investigation and keep using words such as <<possible>> is irresponsible and unscientific.”

The FBI and the Department of Homeland Security are said to be investigating the latest breach.

According to specialists familiar with Target security breach, the hackers who compromised up to 40 million credit cards and debit cards also managed to steal encrypted personal identification numbers (PIN).

One major US bank fears that the thieves would be able to crack the encryption code and make fraudulent withdrawals from consumer bank accounts, said an executive, who spoke on the condition of anonymity because the data breach is still under investigation.

Target spokeswoman Molly Snyder said “no unencrypted PIN data was accessed” and there was no evidence that PIN data has been “compromised.” She confirmed that some “encrypted data” was stolen, but declined to say if that included encrypted PINs.

The retailer said last week that hackers stole data from as many as 40 million cards used at Target stores during the first three weeks of the holiday shopping season, making it the second-largest data breach in US retail history.

Target has not said how its systems were compromised, though it described the operation as “sophisticated.” The US Secret Service and the Justice Department are investigating. Officials with both agencies have declined comment on the investigations.

The attack could end up costing hundreds of millions of dollars, but it is unclear so far who will bear the expense.

The hackers who compromised up to 40 million credit cards and debit cards also managed to steal encrypted PIN’s

The hackers who compromised up to 40 million credit cards and debit cards also managed to steal encrypted PIN’s

While bank customers are typically not liable for losses because of fraudulent activity on their credit and debit cards, JPMorgan Chase & Co and Santander Bank said they have lowered limits on how much cash customers can take out of teller machines and spend at stores.

The unprecedented move has led to complaints from consumer advocates about the inconvenience it caused from the late November Thanksgiving holiday into the run-up to Christmas. But sorting out account activity after a fraudulent withdrawal could take a lot more time and be worse for customers.

JPMorgan has said it was able to reduce inconvenience by giving customers new debit cards printed quickly at many of its branches, and by keeping branches open for extended hours. A Santander spokeswoman was not available for comment on Tuesday.

Security experts said it is highly unusual for banks to reduce caps on withdrawals, and the move likely reflects worries that PINs have fallen into criminal hands, even if they are encrypted.

While the use of encryption codes may prevent amateur hackers from obtaining the digital keys to customer bank deposits, the concern is the coding cannot stop the kind of sophisticated cyber criminal who was able to infiltrate Target for three weeks.

The attack on Target began on November 27, the day before the Thanksgiving holiday and continued until December 15. Banks that issue debit and credit cards learned about the breach on December 18, and Target publicly disclosed the loss of personal account data on December 19.

On December 21, JPMorgan Chase alerted 2 million of its debit cardholders that it was lowering the daily limits on ATM withdrawals to $100 and capping store purchases with their cards at $500.

[youtube brg9OlspoVI 650]

JPMorgan Chase customers will be limited to $100 in cash withdrawals and $300 in total purchases per day if they used Chase debit cards at Target during a recent security breach, the bank has announced.

Kristin Lemkau, a Chase spokeswoman, told NBC News the limit applies to about 2 million customer accounts, representing less than 10% of bank’s customers. The limit does not apply to Chase credit cards.

Earlier this week, as many as 40 million debit and credit cards were compromised during a Target data breach, which the store said began just before Thanksgiving and ended December 15.

As many as 40 million debit and credit cards were compromised during a Target data breach

As many as 40 million debit and credit cards were compromised during a Target data breach

The security breach exposed customer names, card numbers, expiration dates and the short security codes known as CVVs. The industry blog Krebs on Security, which first reported the breach, has reported that card accounts are already being sold on the black market.

Target, eager to repair the public-relations damage and restore customer trust, has apologized and offered a 10% discount at its stores this week.

Chase did not immediately give a time limit for the restrictions. The normal daily limit for transactions on Chase debit cards is $500, and the normal daily limit for cash withdrawals is generally $200 to $500, Kristin Lemkau said.

[youtube XKE0A_1sj70 650]

0

Target has confirmed it was hit by a major data breach involving 40 million of shoppers’ credit and debit card information.

Customers who visited any of Target’s stores between November 27 and December 15 are at risk of having their credit and debit card information stolen.

Target said what to do if you visited one of their stores during that timeframe:

  1. Closely monitor your credit and debit card statements for any suspicious activity.
    Target has confirmed it was hit by a major data breach involving millions of shoppers' credit and debit card information

    Target has confirmed it was hit by a major data breach involving millions of shoppers’ credit and debit card information

  2. If you find anything suspicious, immediately contact your bank. You can also contact the Federal Trade Commission to report incidents of identity theft or call the FTC at (877) 438-4338.
  3.  Check your credit report. If you find information that appears to be fraudulent, request that the credit reporting agency delete that information from your credit report file. You can get a free copy of your credit report once a year from one of the three credit reporting agencies including Experian, Equifax and Trans Union.
  4. Add a fraud alert to your credit report file with one of the three credit reporting agencies. That means creditors will be extra vigilant in protecting you, though it may delay your ability to obtain credit.
  5. To reach Target directly concerning the breach and precautionary steps you should take, call (866) 852-8680. The company says as many as 40 million credit and debit card accounts may have been compromised. Information that may have been stolen includes customers’ names, card numbers and three-digit security codes.[youtube pom42RDo_wE 650]