Tokyo Olympics organizers’ data swept up in Fujitsu hack: report

The organizing committee of the Tokyo Olympics is the latest victim of a breach in which hackers broke into a Japanese government contractor’s data-sharing tool, according to a Japanese media report. The breach affected some 170 people who participated in a cybersecurity drill ahead of the Olympic Games next month, Kyodo News reported. The leaked data included the names and affiliations of people from 90 organizations involved in hosting the Olympics, according to the outlet. It’s apparently the latest Japanese organization to be swept up in an incident that began with unidentified attackers accessing data-sharing software made by technology firm Fujitsu. The breach of the tool last month has reportedly given hackers access to data at multiple Japanese government ministries. Fujitsu has suspended use of the software as it investigates the breach. The Japanese government’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), which hosted the cybersecurity drill, […]

The post Tokyo Olympics organizers’ data swept up in Fujitsu hack: report appeared first on CyberScoop.

Continue reading Tokyo Olympics organizers’ data swept up in Fujitsu hack: report

Ransomware forced Bose systems offline, exposed personal data of 6 former employees

A ransomware intrusion of the computer networks of Bose in March forced some of the electronic giant’s IT systems offline and exposed the personal information of a handful of former employees, the company said in a breach notification letter. Seven weeks into an investigation of the incident, in late April, Bose discovered that hackers had accessed and “potentially exfiltrated” files containing the Social Security numbers and salary information of six former Bose employees based in New Hampshire, according to the statement. Bose could not confirm whether the data was exfiltrated, the company said in a May 19 letter posted to the New Hampshire attorney general’s website. Neither private sector experts nor the FBI have found evidence of the data being sold on the dark web, the letter said. The incident is a reminder that while, high profile ransomware attacks like the one on Colonial Pipeline are impossible to miss, some […]

The post Ransomware forced Bose systems offline, exposed personal data of 6 former employees appeared first on CyberScoop.

Continue reading Ransomware forced Bose systems offline, exposed personal data of 6 former employees

Hack of IT provider exposes data on 4.5 million Air India passengers

Data on 4.5 million Air India passengers was compromised in a hack of a major IT provider to the airline industry, Air India announced last week. The initial breach of the IT provider, SITA — disclosed in March — affected numerous airlines from Lufthansa to Cathay Pacific, but the investigation has now revealed one of its biggest victims yet in India’s flagship air carrier. The breach covers nearly a decade of data on Air India passengers, and includes passport, ticket information and credit card information, Air India said in a statement. Air India said it has secured the hacked servers, notified credit card firms of the breach and reset passwords for frequent flyer accounts. The airline also advised passengers to change their own passwords where applicable. “[O]ur data processor has ensured that no abnormal activity was observed after securing the compromised servers,” the statement said. It is still unclear who is […]

The post Hack of IT provider exposes data on 4.5 million Air India passengers appeared first on CyberScoop.

Continue reading Hack of IT provider exposes data on 4.5 million Air India passengers

National security officials outline hopes for national data breach notification law

Top U.S. national security officials on Tuesday explained some ideal elements to a potential national data breach reporting law, describing the idea as one pathway to stopping massive security incidents like the SolarWinds hack. A national data breach reporting law would need to be clear and concise for companies to follow it, and generally not be a huge burden, said Tonya Ugoretz, deputy assistant director of the FBI. It also might function as an alternative to government surveillance of private sector networks, a controversial idea previously suggested as a means of detecting cyber-espionage. Such a law should be focused on receiving reports about only especially sensitive breaches, such as those which jeopardize national security and critical infrastructure or that compromise U.S. government information, Ugoretz said during a prerecorded segment that aired at the virtual 2021 RSA Conference. However, Ugoretz and Adam Hickey, the deputy assistant attorney general and the Justice […]

The post National security officials outline hopes for national data breach notification law appeared first on CyberScoop.

Continue reading National security officials outline hopes for national data breach notification law

Hackers disrupt networks at San Diego medical provider, Kansas organ transplant facilitator

A pair of hacks at health care organizations revealed in recent days highlights the enduring cybercriminal threat to the sector as the U.S. makes progress in fighting the coronavirus pandemic. Scripps Health, a San Diego-based nonprofit system with five hospital campuses, on May 1 said that it had suspended access to IT applications that support its health care facilities following a “security incident.” The incident forced Scripps to reschedule some patient appointments for Saturday and Monday, but “patient care continues to be delivered safely and effectively at our facilities,” the nonprofit said in a statement on its Facebook page. (Scripps’ website was still down by press time on Tuesday morning.) Meanwhile, Midwest Transplant Network, a Kansas-based organization that connects organ donors with recipients, said it had been working to determine if patients’ personal health data had been affected by a recent breach. NPR affiliate KCUR reported that some 17,000 people […]

The post Hackers disrupt networks at San Diego medical provider, Kansas organ transplant facilitator appeared first on CyberScoop.

Continue reading Hackers disrupt networks at San Diego medical provider, Kansas organ transplant facilitator

Geico data breach opens door to unemployment scams

Over the course of six weeks earlier this year, fraudsters repeatedly stole driver’s license numbers from a database maintained by Geico. Now, the motor vehicle insurer is warning customers that the scammers could apply for unemployment benefits using the pilfered data. “If you receive any mailings from your state’s unemployment agency/department, please review them carefully and contact that agency/department if there is any chance fraud is being committed,” Sheila King, a manager for data privacy at Geico, wrote in a breach notice letter posted to the website of California’s attorney general on April 15. The perpetrators of the breach used personal information on Geico customers that they acquired elsewhere to access Geico’s sales system and steal the driver’s license numbers, according to King. Geico has taken “additional security enhancements” to guard against fraud on its website in light of the incident, King added. It was unclear how many people were […]

The post Geico data breach opens door to unemployment scams appeared first on CyberScoop.

Continue reading Geico data breach opens door to unemployment scams

Banking organizations dub proposed US cyber notification regulation ‘burdensome’

Banking groups have objected to elements of a proposed U.S. cyber incident notification rule, saying that its threshold for mandatory disclosure of such events to regulators is overly broad and would lead to over-reporting of incidents. Under the proposed regulation from the Treasury Department and other regulators, banks would have to notify their regulators within 36 hours of certain kinds of attacks, and bank service providers would have to notify their customers of particularly damaging incidents as well. “While we support the policy goals of the proposed rule, we believe that, as currently drafted, the proposed rule calls for notification of incidents well below the intended threshold of critical cybersecurity incidents,” wrote the American Bankers Association, Bank Policy Institute, Institute of International Bankers, and the Securities Industry and Financial Markets Association. “As a result, the proposed rule would lead to significant and burdensome over-reporting to the Agencies, contrary to its […]

The post Banking organizations dub proposed US cyber notification regulation ‘burdensome’ appeared first on CyberScoop.

Continue reading Banking organizations dub proposed US cyber notification regulation ‘burdensome’

Banking organizations dub proposed US cyber notification regulation ‘burdensome’

Banking groups have objected to elements of a proposed U.S. cyber incident notification rule, saying that its threshold for mandatory disclosure of such events to regulators is overly broad and would lead to over-reporting of incidents. Under the proposed regulation from the Treasury Department and other regulators, banks would have to notify their regulators within 36 hours of certain kinds of attacks, and bank service providers would have to notify their customers of particularly damaging incidents as well. “While we support the policy goals of the proposed rule, we believe that, as currently drafted, the proposed rule calls for notification of incidents well below the intended threshold of critical cybersecurity incidents,” wrote the American Bankers Association, Bank Policy Institute, Institute of International Bankers, and the Securities Industry and Financial Markets Association. “As a result, the proposed rule would lead to significant and burdensome over-reporting to the Agencies, contrary to its […]

The post Banking organizations dub proposed US cyber notification regulation ‘burdensome’ appeared first on CyberScoop.

Continue reading Banking organizations dub proposed US cyber notification regulation ‘burdensome’

Ubiquiti Accused of Lying to Help Stock Price

Ubiquiti said its January breach was the fault of a “third party.” But this week, an insider says Ubiquiti lied: “It was catastrophically worse.”
The post Ubiquiti Accused of Lying to Help Stock Price appeared first on Security Boulevard.
Continue reading Ubiquiti Accused of Lying to Help Stock Price

Top insurer CNA disconnects systems after cyberattack

CNA, one of the U.S.’s top providers of cybersecurity insurance, is struggling with a cyberattack that prompted it to disconnect its systems from its network. Its website hasn’t been working for the last couple days, and at press time displayed the message, “The attack caused a network disruption and impacted certain CNA systems, including corporate email.” The Chicago-based firm reported more than $10 billion in revenue in 2020, and is in the top 15 U.S. property and casualty insurers and top 10 U.S. providers of cyber insurance, according to recent measurements. If the attack proves to include policyholder data, a cyber insurance industry expert warned, it could enable particularly devastating further incidents that hackers could use as leverage in extortion attempts. If that’s the case, CNA said, it will keep customers updated. The company said it discovered the intrusion on March 21, adding that it is working with forensics experts […]

The post Top insurer CNA disconnects systems after cyberattack appeared first on CyberScoop.

Continue reading Top insurer CNA disconnects systems after cyberattack