Malware was installed on 23 company computers, seven of which were found to be sending data to a server in Hong Kong.
Point-of-sale systems vendor Signature Systems says 108 independent restaurant locations are also affected.
The flaw could 'allow a remote attacker to execute arbitrary code on an affected system,' according to US-CERT.
Attacks by disgruntled employees have cost companies as much as $3 million, according to a recent alert.
880,000 customers' credit card information may have been exposed, along with another 560,000 customers' email addresses and encrypted passwords.
The data was mistakenly made accessible via Google searches between December 2013 and April 2014.
The company says the cybercriminals had 'unique, custom-built malware' in place from April to September 2014.
According to a recent Senate report, the U.S. Transportation Command was aware of only two of those breaches.
Godswill Oyegwa Uyoyou allegedly provided a group of co-conspirators with access to Skye Bank's computer systems.
According to the New York Times, more than 90 of the bank's servers were affected by the breach.
That's true despite the fact that a third of healthcare employees work outside the office or clinic at least once a week, according to Forrester.
Six former Saks Fifth Avenue employees have been charged with grand larceny and identity theft.
Google says the leaked credentials were not the result of a breach of its systems, and less than two percent of them would have worked for Gmail.
A recent McAfee study found that 80 percent of business users fell for at least one in seven phishing emails.
The company says it was recently alerted to the threat by one of its security partners.
Almost 900,000 payment cards appear to have been affected.
'The benefits of encryption have been known for some time, but companies just aren't doing it,' says SafeNet chief strategy officer Tsion Gonen.
The breach may have lasted for several months, making it potentially far more damaging than last year's three-week-long Target breach.
The company says the breaches were the result of 'a very targeted attack on user names, passwords and security questions.'
The users' email addresses and encrypted passwords were posted on a publicly accessible server for approximately three months.
In a recent survey, 61 percent of IT professionals said they can't deter or respond to insider attacks.
The company hasn't yet determined how many locations may be affected.
The hackers stole gigabytes of sensitive data, though it's not clear whether the attacks were aimed at financial gain or cyber espionage.
A DHS advisory urges companies to work with IT, anti-virus vendors, managed service providers and PoS system vendors to check for vulnerabilities.
27 million names, resident registration numbers, account names and passwords were allegedly accessed by a Chinese hacker.
- Aug 2014
- Jul 2014
- Jun 2014
- May 2014
- Apr 2014
- Mar 2014
- Feb 2014
- Jan 2014
- Dec 2013
- Nov 2013
- Oct 2013
- Sep 2013
- Aug 2013
- Jul 2013
- Jun 2013
- May 2013
- Apr 2013
- Mar 2013
- Feb 2013
- Jan 2013
- Dec 2012
- Nov 2012
- Oct 2012
- Sep 2012
- Aug 2012
- Jul 2012
- Jun 2012
- May 2012
- Apr 2012
- Mar 2012
- Nov 2011
- Aug 2011
- Jun 2011
- Mar 2011
- Dec 2010
- Sep 2010
- Aug 2010
- Jul 2010
- Jun 2010
- Apr 2010
- Mar 2010
- Feb 2010
- Jan 2010
- Dec 2009
- Apr 2006
- What are the top Android security apps?
- What are the top Android security risks?
- What are today's top cyber threats?
- What's the most secure way to delete data?
- How does hard drive encryption work?
- Is old software inherently insecure?
- Are Macs immune to malware?
- How can BYOD risk be managed?
- Which web browser is the most secure?
- How do I protect my iOS device?
- What are the top iPhone security apps?
- How do I secure my wireless network?
- Are public Wi-Fi hotspots safe?