Canada Revenue Agency Discloses Credential Stuffing Attack on 5,500 Service Accounts

A credential stuffing attack targeting Canada Revenue Agency (CRA) accounts has forced the government tax collector to suspend its online services over the weekend. The compromised accounts were linked to the GCKey portal, a system used by 30 federal d… Continue reading Canada Revenue Agency Discloses Credential Stuffing Attack on 5,500 Service Accounts

Walgreens Discloses Data Breach Impacting Personal Health Information of More Than 72,000 Customers

The second-largest pharmacy chain in the US recently disclosed a data breach that may have compromised the personal health information (PHI) of more than 72,000 individuals across the United States. According to Walgreens spokesman Jim Cohn, prescripti… Continue reading Walgreens Discloses Data Breach Impacting Personal Health Information of More Than 72,000 Customers

Small Businesses Tapping COVID-19 Loans Hit with Data Exposure

The SBA said sensitive information about applicants may have been revealed to others applying for disaster loan program funds. Continue reading Small Businesses Tapping COVID-19 Loans Hit with Data Exposure

Walgreens app exposes customer prescription data

Pharmacy chain Walgreens is alerting customers that their prescription data and other information may have been exposed thanks to a flaw in the company’s messaging app. An “error” in the messaging feature of the Walgreens app that customers use to track prescriptions left some of their personal information exposed to other customers between Jan. 9 and Jan. 15, according to Rina Shah, vice president of pharmacy operations. A “small percentage” of customers were affected, she said. Exposed data included customers’ names, prescription numbers, drug names and, in some cases, shipping addresses. It did not include financial data, Shah said in a letter posted last week to the California attorney general’s website. California law requires companies to report data breaches affecting state residents. It was unclear precisely how many people were affected by the breach. A Walgreens spokesperson did not immediately respond to a request for comment. The company advised customers to monitor their prescriptions […]

The post Walgreens app exposes customer prescription data appeared first on CyberScoop.

Continue reading Walgreens app exposes customer prescription data

Estée Lauder Exposes 440M Records, with Email Addresses, Network Info

Middleware data was exposed, which can create a secondary path for malware through which applications and data can be compromised. Continue reading Estée Lauder Exposes 440M Records, with Email Addresses, Network Info

Exclusive: PR software firm exposes data on nearly 500k contacts

A company that sells content management software and services exposed data on 477,000 media contacts, including 35,000 hashed user passwords, to the public internet. In October, iPRsoftware, a U.S.-based company that specializes in software that manages and disseminates company public relations and marketing, was discovered to be exposing the data along with administrative system credentials and assorted documents. Among the documents were marketing materials for client companies, as well as credentials for the company’s Google and Twitter accounts and a MongoDB hosting provider. Chris Vickery, director of cyber risk research at UpGuard, first contacted the company about the exposure in October. Despite the company’s acknowledgement of the issue, Vickery observed that over the next week, the only thing that changed was the appearance of a log file for the purpose of reviewing activity related to the open repository. When contacted weeks later by CyberScoop about the exposure, a company representative said it […]

The post Exclusive: PR software firm exposes data on nearly 500k contacts appeared first on CyberScoop.

Continue reading Exclusive: PR software firm exposes data on nearly 500k contacts