Citrix says FBI investigating network breach by ‘international cyber criminals’

Citrix, a VPN service widely used in the corporate world, revealed Friday that the FBI is investigating a breach to its internal network by “international cyber criminals.” The hackers appear to have “accessed and downloaded business documents,” the company said in a blog post, adding that it doesn’t know specifically what was accessed. There is no sign that the breach has compromised any Citrix product or service, the Florida-based company said. “While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords,” Citrix said. “Once they gained a foothold with limited access, they worked to circumvent additional layers of security.” Citrix said it had hired a top digital forensics company to investigate further. News of the breach led to a drop in stock for the company Friday. Citrix has said it provides VPN services to 400,000 companies worldwide, including most of […]

The post Citrix says FBI investigating network breach by ‘international cyber criminals’ appeared first on CyberScoop.

Continue reading Citrix says FBI investigating network breach by ‘international cyber criminals’

House panel: Equifax breach was ‘entirely preventable’

The devastating 2017 breach of credit-reporting company Equifax, which exposed data on 148 million people, was “entirely preventable” had the company applied proactive security measures, a congressional investigation has concluded. “Had the company taken action to address its observable security issues prior to this cyberattack, the data breach could have been prevented,” says the report issued Monday by the House Oversight and Government Reform Committee. The committee’s 96-page report lays out why the hack, which compromised people’s names, social security numbers, addresses, credit card numbers, and other identifiers, has become a case study in failed IT leadership and software patching. A “lack of accountability and no clear lines of authority in Equifax’s IT management structure” meant key security protocols were neglected, the House panel found: Equifax allowed over 300 security certificates to expire, including 79 for monitoring “business-critical” domains. Furthermore, the company did not spot data being exfiltrated from its […]

The post House panel: Equifax breach was ‘entirely preventable’ appeared first on Cyberscoop.

Continue reading House panel: Equifax breach was ‘entirely preventable’

Radisson discloses data breach impacting rewards customers

Radisson Hotel Group, an international hospitality chain, disclosed Thursday that it suffered an incident in which some customer information was exposed. The compromised information includes basic name, residence, email address for all impacted customers. In some cases, it also includes company names, phone numbers, rewards numbers and frequent flier numbers. The company stressed that the breach did not involve credit card information or passwords. Customers who’ve stayed at Radisson hotels but aren’t rewards members are not affected, the company said. Radisson warns in its disclosure that hackers might try to use some of this information to conduct phishing attempts “including through the use of links to fake websites,” and try to deceive customers into sending passwords or other information. The hotel company did not describe the nature of the “data security incident” or say how many people were impacted, but said it was a “small percentage” of rewards customers. It’s […]

The post Radisson discloses data breach impacting rewards customers appeared first on Cyberscoop.

Continue reading Radisson discloses data breach impacting rewards customers

Data Breach Notification Laws: Is it Time for a Uniform Standard?

State data breach notification laws had two primary aims in mind. The first was to potentially embarrass organizations to improve their data security by forcing them to disclose certain data breaches publicly. The second was to help consumers have a f… Continue reading Data Breach Notification Laws: Is it Time for a Uniform Standard?

Dixons Carphone: 2017 data breach affected 10 million 

European electronics and telecom retailer Dixons Carphone said a breach of its systems last year could have resulted in attackers accessing roughly 10 million records, including customers’ personal data. On June 13, the company first announced that its networks had been compromised by intruders, and that it was working with authorities. Since then, “we have been putting further security measures in place to safeguard customer information, increased investment in cyber security and added additional controls,” Dixons Carphone said Monday in a statement. The company revealed that although it has evidence “some” data may have been siphoned out of the company’s systems, the exfiltrated information does not include credit card or bank account details. There is also no proof any fraud has occurred because of the breach, the company said. The intruders accessed non-financial personal information, such as names, addresses and email addresses. They also accessed the records of 5.9 million […]

The post Dixons Carphone: 2017 data breach affected 10 million  appeared first on Cyberscoop.

Continue reading Dixons Carphone: 2017 data breach affected 10 million 

Are Breach Disclosure Laws Unconstitutional in the Wake of Supreme Court Abortion Case?

Your company has suffered a data breach. The law requires you to fall on your sword, and—at considerable time and expense—provide a government-scripted breach disclosure notice to your customers, including the facts and circumstances surrounding the b… Continue reading Are Breach Disclosure Laws Unconstitutional in the Wake of Supreme Court Abortion Case?

Capitol Hill staffers learn what really happens when there’s a data breach

In the past three years, U.S. lawmakers have struggled to nail down key details of how two of the biggest data breaches in history affected the public and private sectors. “How far back does your information database go that was compromised?” former Utah Rep. Jason Chaffetz demanded of then-Office of Personnel Management director Katherine Archuleta at a June 2015 hearing. Chaffetz berated Archuleta for failing to secure OPM’s IT systems, from which alleged Chinese hackers extracted data on 22 million current and former federal workers. “I just hope we get to the bottom of this…because this is a mess,” Rep. Ben Ray Luján, D-N.M., said in October after questioning former Equifax CEO Richard Smith on when he knew hackers had struck the credit-reporting firm. The breach compromised data on 148 million people. To try to demystify future breach-related discussions on Capitol Hill, cybersecurity firm FireEye held a quiet training session for roughly […]

The post Capitol Hill staffers learn what really happens when there’s a data breach appeared first on Cyberscoop.

Continue reading Capitol Hill staffers learn what really happens when there’s a data breach

Respiratory device maker Inogen says breach exposed customer data

A company that makes respiratory care equipment disclosed on Friday that it experienced a data breach that gave hackers access to customer information. Inogen, which produces and sells portable devices to people with chronic respiratory issues, said in a Securities and Exchange Commission filing that “unknown persons” from outside the company obtained unauthorized access to employee emails. Inogen said the breach occurred some time between Jan. 2 and March 14 this year, but did not say when it was discovered. The company believes some of those emails possibly had sensitive information relating to Inogen’s rental customers. The filing does not say how the unauthorized access occurred. Inogen says it has notified 30,000 current and former customers, granting them credit monitoring and an insurance reimbursement policy. The customer data includes private information such as contact information, dates of birth, dates of death, Medicare identification number, insurance policy information and the type of […]

The post Respiratory device maker Inogen says breach exposed customer data appeared first on Cyberscoop.

Continue reading Respiratory device maker Inogen says breach exposed customer data

Delta and Sears data breach exposes credit card information of customers

Some customers of Delta Airlines and Sears had their credit card information exposed following a data breach last fall at a mutual contractor, the companies announced Wednesday.  San Diego-based [24]7.ai, a customer experience software and services company, said in a press release that a data breach into customer payment information began on Sept. 26, 2017, and was discovered and contained on Oct. 12, 2017.  Sears said that less than 100,000 customers likely were affected. Delta Airlines said a “small subset” of customers had been affected by the breach, but that “customers’ passport, security and frequent-flyer information had not been included in the breach.” Both Delta and Sears said they will ensure that customers will not be liable for fraudulent transactions on their credit cards resulting from the supply chain breach. Delta said it would set up a website for concerned customers today, and Sears promised to create a hotline for […]

The post Delta and Sears data breach exposes credit card information of customers appeared first on Cyberscoop.

Continue reading Delta and Sears data breach exposes credit card information of customers