breach notification – Page 3

Industrial giant Honeywell says it has ‘returned to service’ after cyber intrusion

Posted on March 23, 2021 by Sean Lyngaas

Honeywell, a Fortune 100 firm that makes aerospace and energy equipment, said Tuesday that malware had disrupted “a limited number” of its computer systems. Honeywell said it had “returned to service” following the incident, but the Charlotte, North Carolina-based firm’s statement did not elaborate on how service was disrupted. A Honeywell spokesperson did not immediately respond to questions on the incident, including whether ransomware was involved and who was responsible. Honeywell, which reported some $33 billion in sales last year, said it did not expect the malware disruption to have a “material impact” on the firm. Honeywell called in Microsoft to help remediate the intrusion, and the computer systems have “since been secured,” the statement said. “Our investigation is ongoing, but at this point, we have not yet identified any evidence that the attacker exfiltrated data from our primary systems that store customer information,” Honeywell added. “If we discover that […]

The post Industrial giant Honeywell says it has ‘returned to service’ after cyber intrusion appeared first on CyberScoop.

Continue reading Industrial giant Honeywell says it has ‘returned to service’ after cyber intrusion→

Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries

Posted on February 23, 2021 by Tim Starks

A host of federal government policy failures contributed to the rippling damage of the SolarWinds hack, leaders of cyber firms told a Senate panel on Tuesday, with even lawmakers saying Congress must do more to prevent a repeat. More than two months after the hack became public, the wide-ranging Senate Select Committee on Intelligence hearing committee demonstrated that the U.S. government, the private sector and digital incident responders still are wrestling with the ramifications of an suspected Russian espionage campaign that leveraged the federal contractor SolarWinds. A number of big questions remain: SolarWinds still hasn’t determined how the hackers originally got into its systems, nobody has fully settled debates on whether the incident amount to espionage, or something worse, and suspicions abound that more victims remain unrevealed. “It has become clear that there is much more to learn about this incident, its causes, its scope and scale, and where we […]

The post Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries appeared first on CyberScoop.

Continue reading Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries→

SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings

Posted on February 22, 2021 by Tim Starks

The chief executive of SolarWinds on Monday said his company is still seeking a fuller understanding of the scope of the hack on its Orion software — and laying the groundwork for what SolarWinds, as well as the federal government, should be doing next. “What we are… still learning is the breadth and depth of the sophistication of the attackers, number one,” Sudhakar Ramakrishna said at a Center for Strategic and International Studies online event where he noted that the company’s investigation into what happened is ongoing. “Number two is the patience with which they carried out these attacks, and obviously the persistence,” he said, citing as an example that the hackers appeared to use earlier versions of Orion code as a test bed for their eventual attack. Ramakrishna took over as CEO weeks after news about the hack of SolarWinds’ updates to its Orion software had become public. The […]

The post SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings appeared first on CyberScoop.

Continue reading SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings→

Cyberattack disrupts services at crane manufacturer Palfinger

Posted on January 25, 2021 by Sean Lyngaas

Palfinger, an Austrian firm that makes cranes and other machinery, said Monday that an “ongoing global cyberattack” had disrupted the company’s ability to process orders and shipments of its equipment. Email services across the company were down in an incident that was causing “massive effects on its IT infrastructure,” Palfinger said in a statement greeting visitors to its website. The possible suspects, the malicious software used and the possible length of the recovery process all remained unclear at the time of publication. Palfinger has much at stake in keeping the IT supporting its logistics functioning. The company has 33 manufacturing and assembly sites in Asia, Europe and North and South America, according to its website, and reported more than $2 billion in revenue in 2019. “In the manufacturing business, time is money, so the disruption of Palfinger’s IT services, as well as order processing and shipment delays, translates to lost […]

The post Cyberattack disrupts services at crane manufacturer Palfinger appeared first on CyberScoop.

Continue reading Cyberattack disrupts services at crane manufacturer Palfinger→

Networking giant Belden says hackers accessed data on employees, business partners

Posted on November 25, 2020 by Sean Lyngaas

Belden, a U.S. manufacturer of networking and industrial cable products, said Tuesday that unidentified attackers had accessed and copied data on current and former employees, and some of its business partners. The St. Louis-based company, which reported more than $2 billion in revenue last year, said in a statement that it believed it prevented the attackers from further accessing data on its servers, and that it had hired lawyers to help it “notify appropriate regulatory authorities [of the incident] around the world.” The company said law enforcement is investigating the incident. Executives did not disclose the type of data involved, or how many people’s information was compromised. Belden, which has offices on multiple continents, makes fiber-optic cables and networking equipment used in the transportation, oil and gas, and other sectors. Belden has invested considerably in cybersecurity products. The company in 2014 bought cybersecurity company Tripwire, which makes data-integrity software, for $710 million. Belden said it […]

The post Networking giant Belden says hackers accessed data on employees, business partners appeared first on CyberScoop.

Continue reading Networking giant Belden says hackers accessed data on employees, business partners→

Breach at food delivery service Chowbus reportedly affects hundreds of thousands of customers

Posted on October 6, 2020 by Sean Lyngaas

Two months after securing a $33 million funding round from investors, food delivery startup Chowbus is grappling with a breach that observers say exposed personal data on hundreds of thousands of customers. Customers reported receiving an email on Monday from Chowbus containing reams of customer data, including names, phone numbers and mailing and email addresses. The file is said to contain more than 800,000 rows. Got an email from @ChowbusOfficial support with a link to their full user data dump. Columns include email, full name, and full address. File has ~800000 rows. — Johnny Wang (@Johnny___Wang) October 5, 2020 The incident is a blow for a budding company that had recently attracted funding from Silicon Valley and New York venture firms alike. Founded four years ago in Chicago, Chowbus touts its app’s ability to connect diners with authentic and undiscovered Asian restaurants. In an email to customers, Chowbus CEO Linxin […]

The post Breach at food delivery service Chowbus reportedly affects hundreds of thousands of customers appeared first on CyberScoop.

Continue reading Breach at food delivery service Chowbus reportedly affects hundreds of thousands of customers→

Cruise operator Carnival hit by ransomware

Posted on August 17, 2020 by Sean Lyngaas

Carnival, the world’s biggest cruise line operator, suffered a ransomware attack on Saturday that exposed personal data on customers and employees, the company said in a Securities and Exchange Commission filing.
The intrusion, which hit the IT system … Continue reading Cruise operator Carnival hit by ransomware→

SANS Institute, which drills cyber professionals in defense, suffers data breach

Posted on August 12, 2020 by Sean Lyngaas

The SANS Institute, which trains cybersecurity professionals around the world, was hacked, resulting in the compromise of 28,000 records of personally identifiable information, the organization said Tuesday. The Maryland-based research and educational outfit said the breach was the result of a single phishing email sent to a SANS employee, which led to more than 500 of the organization’s emails being forwarded. The breached data included names, email addresses, and physical addresses — information submitted by attendees of a recent SANS virtual training event. After discovering the breach on Aug. 6, SANS said it “quickly stopped any further release of information” from the compromised email account, which was forwarding the data to an “unknown external email address.” The institute did not identify who was responsible for the hack. “We are investigating this incident with the support of some of the world’s top forensic experts to be certain that we understand the complete […]

The post SANS Institute, which drills cyber professionals in defense, suffers data breach appeared first on CyberScoop.

Continue reading SANS Institute, which drills cyber professionals in defense, suffers data breach→

Burglars expose Walgreens customer data in a different kind of breach

Posted on July 27, 2020 by Sean Lyngaas

Groups of unidentified thieves broke into multiple Walgreens stores in late May and early June and stole prescription information and other data on some 70,000 customers, a spokesman for the pharmacy chain said Monday. The assailants forced their way behind pharmacy counters and stole drug prescriptions, and also took a “very limited number of hard drives attached to stolen cash registers,” according to a letter Walgreens sent affected customers. Customers’ health insurance and vaccination information may have been swept up in the breach, Walgreens said, but credit card data and Social Security numbers were not affected. “Like many retailers, pharmacies and local businesses across the country, Walgreens recently had a number of its stores sustain varying degrees of damage as a result of vandalism and theft,” Walgreens spokesman Jim Cohn said. “Protecting our customers’ personal information is a top priority and something we take very seriously. We’ve worked with local law enforcement, and are continuing to take […]

The post Burglars expose Walgreens customer data in a different kind of breach appeared first on CyberScoop.

Continue reading Burglars expose Walgreens customer data in a different kind of breach→

Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands

Posted on July 24, 2020 by Sean Lyngaas

The security team at Twilio, a cloud communications company that claimed over $1 billion in revenue last year, could breathe a sigh of relief on Sunday night. Earlier in the day, someone had manipulated the code in a software product that Twilio customers use to route calls and other communications. The breach resembled a Magecart-style attack that skims websites for users’ financial data. Twilio cleaned up the code hours later, and said there was no sign the attackers had accessed customer data. But the damage could have been worse if the attack had been targeted, multiple security experts told CyberScoop. With access to the code, which was sitting in an unsecured Amazon cloud storage service known as an S3 bucket, the attackers could have conducted phishing attacks or distributed malware through the platform, according to Yonathan Klijnsma, head of threat research at security company RiskIQ. Dave Kennedy, founder of cybersecurity […]

The post Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands appeared first on CyberScoop.

Continue reading Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands→