Security News 

Data Breach at Michaels Stores Exposes 3 Million Credit Cards

Approximately 2.6 million payment cards used at Michaels locations were accessed, along with 400,000 cards used at Aaron Brothers.

Three Self-Described Anonymous Hackers Arrested in South Korea

The three have been charged with threatening to launch cyber attacks against the Korean government.

UPMC Data Breach Affects 27,000 Employees

At least 788 UPMC employees have already been victims of tax fraud.

Phishing Campaign Targets World of Warcraft Players

The e-mails ask recipients for their user names, passwords, and answers to security questions.

Alleged Heartbleed Hacker Arrested in Canada

Stephen Solis-Reyes, 19, is a second-year student at Western University.

Two Thirds of U.S. Companies Were Breached by SQL Injection Attacks in 2013

The average SQL injection breach took almost 140 days to discover, according to the Ponemon Institute.

88 Percent of U.S. Consumers Are Worried About Data Privacy

One third of consumers have been directly impacted by the misuse of personal data in the past year, according to GfK.

University Urology Acknowledges Insider Breach

An administrative assistant provided patient names and addresses to a competing healthcare provider.

Texas Cardiology Clinic Hacked

More than 1,400 patients' names, addresses, phone numbers, Social Security numbers and medical records were exposed.

Heartbleed Bug Exposes 900 Canadian Taxpayers' Data

The Canada Revenue Agency says some data 'that may related to businesses' was also accessed.

Nine Charged with Using Zeus Malware to Steal Millions

The defendants allegedly told banks they were employees of the victims and were authorized to make transfers from their accounts.

Mumsnet Resets 1.5 Million Passwords Following Data Breach

The Heartbleed bug was leveraged to access user names, e-mail addresses and passwords.

Plastic Surgery Provider Hacked, 480,000 People's Data Exposed

Potential clients' names, addresses, e-mail addresses, phone numbers and birthdates were exposed, along with the surgeries they were considering.

Hacker Weev's Conviction Overturned

Key to the court's decision was the question of whether Andrew Auernheimer should have been charged in New Jersey.

Bulgarian Credit Card Fraud Gang Dismantled

25 people were arrested, and 250 skimming devices, 2,000 blank credit cards and more than 50,000 Euros in cash were seized.

LaCie Acknowledges Year-Long Data Breach

Customers who made online purchases between March 2013 and March 2014 are affected.

VFW Hacked

A hacker believed to be from China accessed 55,000 VFW members' names, addresses and Social Security numbers.

Majority of Employees Don't Receive Security Awareness Training

A recent survey found that 56 percent of respondents have not been provided with training by their employers.

Canada Stops Accepting Online Tax Returns Due to Heartbleed Bug

The CRA says taxpayers will not be penalized for filing their returns late.

Hackers Steal $35,000 in Club Carlson Gold Points

The company says about 650 customers are affected.

70 People Arrested for Airline Ticket Fraud

According to Europol, the arrests took place in 23 countries, in connection with 265 fraudulent ticket purchases.

Southern California Hospital Acknowledges Insider Breach

Patients' Social Security numbers, driver's license numbers, addresses, birthdates and limited medical information were accessed more than a year ago.

Fake Anti-Virus App Gets 10,000 Downloads on Google Play

The app was briefly the top new paid app on Google Play, but it did nothing at all.

Deltek Hacked

The passwords of 80,000 employees of federal contractors may have been accessed, along with credit card data for 25,000 of those employees.

School Loses $1.7 Million to Phishing Scam

The finance staff at St. Aldhelm's Academy replied to an e-mail asking for their banking information.

Hacked Gmail Account Exposes 1,256 Patients' Data

Patients' names, birthdates, surgical descriptions or codes, surgical dates and special surgical instructions may have been exposed.

European Cyber Army Hacker Targets Syria

Over 60,000 full names, user names, phone numbers and home addresses were leaked, along with several encrypted passwords and several in clear text.

Kaiser Permanente Acknowledges Three-Year Data Breach

A company server was infected with malware in the fall of 2011, but the infection wasn't detected until two months ago.

Florida School District Publishes Employees' Social Security Numbers Online

The data was included in a document that was inadvertently made available online for two years.

Codenomicon Researchers Warn of Heartbleed OpenSSL Security Flaw

The vulnerability 'allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.' Hacked

Hacker ProbablyOnion leaked 36,802 names, addresses, phone numbers, e-mail addresses and plain text passwords.

Stolen Flash Drive Exposes 2,595 Michigan Residents' Data

The flash drive contained names, addresses and some birthdates, along with 1,539 Social Security numbers or Medicaid identification numbers.

Xbox Live Hacked by Five-Year-Old Boy

To thank him for finding the security flaw, Microsoft gave Kristoffer Von Hassel four games, $50, and a year-long subscription to Xbox Live.

Anonymous' Barrett Brown Signs Plea Deal

While the plea deal is sealed, a separate document indicates that Brown now faces just two charges, with a greatly reduced potential prison sentence.

Kansas State Assessments Hit by DDoS Attacks

'We don't know if it was two bored teenagers or an anti-testing attack,' Center for Education Testing and Evaluation co-director Marianne Perie says.

LewisGale Regional Health System Suffers Insider Breach

An employee of LewisGale's billing service accessed 40 patients' names, Social Security numbers, home addresses and health insurance information.

18 Million E-mail Account Passwords Stolen in Germany

The breach is the second major theft of e-mail account information reported in Germany this year.

Computer Theft Exposes 2,394 Texas Children's Personal Data

Names, addresses, birthdates, Social Security numbers, Medicaid numbers, photos and/or health information may have been accessed.

Stolen Flash Drives Expose 5,000 Palomar Health Patients' Data

The unencrypted drives held the patients' names, birthdates, diagnoses, treatment information and insurance information.

Man Arrested for Breach of South Korean Web Portal

The man, surnamed Seo, allegedly purchased 25 million Naver users' account information.

Boxee Hacked

158,128 e-mail addresses and encrypted passwords were leaked online.

Stolen Laptop Exposes UK HealthCare Patient Data

1,079 patients' protected health information may have been exposed.

SendGrid Hit by Social Engineering Attack

A hacker was able to convince the company over the phone to change a customer's e-mail address.

Phishing Attack Exposes Franciscan Medical Group Patients' Data

Approximately 8,300 patients' personal and medical information may have been exposed.

Spec's Hacked

The company says 'an estimated fewer than 550,000' people's credit card or bank information may have been accessed.

Malware Exposes Rosenthal Wine Shop Customer Data

Customers' names, addresses, payment card account numbers, expiration dates and security codes may have been exposed.

Subcontractor Error Exposes 3,100 Alabama Patients' Medical Data

A billing vendor's IT subcontractor mistakenly stored files on an unsecured server.

Survey Finds Most Companies Aren't Ready for a Data Breach

71 percent of IT decision makers say they're either 'not confident' in their security or 'not at all prepared' to manage a security breach.

Bank Drops Out of Target Data Breach Lawsuit

It's not clear why Trustmark dropped out of the suit, but Trustwave says it was incorrectly identified as Target's security services provider.

Lost USB Drive Exposes Sensitive Data from Wolf and Company

Names and Social Security numbers may have been exposed when the unencrypted drive was lost in the mail.

Researcher Warns of Tesla Model S Security Flaws

A relatively vulnerable six-character password can be leveraged to unlock the car and view its location.

Australian Hacker May See All Charges Dropped

'It's a travesty, and it's taken nearly a year to get to this point,' said Matthew Flannery's solicitor Manny Conditsis.

Payroll Data Breach Impacts Sorenson Communications Employees

Employees' names, birthdates, addresses, income history, Social Security numbers, W-2 information and emergency contact data may have been exposed.

Cerberus Hacked

96,564 user names and encrypted passwords were accessed.

University of Wisconsin Hacked

15,000 students' names, addresses, phone numbers, e-mail addresses and Social Security numbers may have been exposed.

Lookout Warns of Litecoin-Mining Android Malware

The malware leverages infected devices to mine for Litecoin, Dogecoin and Casinocoin.

Europol Dismantles Online Fraud Gang

Hundreds of victims in more than 15 countries were affected by the scam.

Data Breach Exposes Firefighters' Personal Information

Names and Social Security numbers were mistakenly exposed to all department personnel.

Banks Sue Target, Trustwave Over Data Breach

The lawsuit alleges that vulnerabilities in Target's systems were 'either undetected or ignored by Trustwave.'

Shelburne Country Store Hacked

Customer names, addresses, credit or debit card numbers, expiration dates and verification numbers may have been accessed.

Lost Flash Drive Exposes Florida Children's Medical Data

Last names, medical record numbers, birthdates, gestational ages, birth weights and dates of hospitalizations may have been exposed.

Stolen Computers Expose Greenleaf Book Group Vendor, Customer Data

Names, credit card information, e-mail addresses and some mailing addresses may have been exposed.

Alleged Hacker Arrested for Attack on U.S. Gaming Company

The man allegedly sold players' IP address in order to allow customers to launch denial of service attacks.

Laptop Theft Exposes Digia Employee Data

Employee names, addresses, birthdates, Social Security numbers, driver's license numbers and/or banking data may have been exposed.

Stanford Hospital, Contractor to Pay $4.1 Million for 2010 Data Breach

The breach exposed 20,000 emergency room patients' medical information.

Auburn University Hacked

Almost 14,000 names and Social Security numbers may have been accessed.

Basecamp Hit by Cyber Attack, Blackmail

Company co-founder David Heinemeir Hansson says the attackers demanded money to make the DDoS attack stop.

California DMV Admits Credit Card Breach

A breach at the DMV's credit card processor may have exposed customers' card numbers, expiration dates and security codes.

Valley View Hospital Hacked

5,400 patients' personal information may have been exposed after hospital computers were infected with a virus.

Arcadia Home Care Acknowledges Insider Breach

The company says an independent contractor used his database access to steal employees' personal information.

Data Breach Exposes 6,000 High School Students' Personal Data

The students' names, birthdates, genders, final grades, learning skills and work habit assessment scores were mistakenly made available online.

Laptop Theft Exposes 1,700 Arizona Patients' Info

Patients' names, birthdates, prescription information and medical record numbers were exposed.

Cancer E-mails Deliver Malware

The e-mail claims that the recipient has cancer -- but an attachment delivers the ZeuS Trojan.

Bitcoin Exchange CoinEX Hacked

Site operator Vitaly A. Sorokin says he plans to cover the losses himself.

EA Games Hacked

An EA Games server was used to host a phishing page designed to steal Apple login credentials.

Hacker Diabl0 Arrested in Bangkok

Farid Essebar will be extradited to Switzerland, where he's accused of causing more than $4 billion in damages in 2011.

Researchers Develop Google Glass Spyware

The malware takes and uploads a photo every 10 seconds without notifying the user.

IRS Acknowledges Insider Data Breach

Approximately 20,000 current and former employees' names, addresses and Social Security numbers may have been exposed.

Hacker Crashes Google Play Twice

Ibrahim Balic uncovered a vulnerability that blocked developers from uploading Android apps to the store.

Miss Teen USA Hacker Jailed

Jared James Abrahams was sentenced to 18 months in federal prison.

Maryland Nonprofit SCI Hacked

9,700 names, personal health information and Social Security numbers were exposed.

Ransomware Victim Kills Self, Son

'I apologize to all of you ... I don't want Nicusor to suffer because of me,' Marcel Datcu wrote in a suicide note.

Sally Beauty Supply Confirms Credit Card Breach

The company today stated that 'fewer than 25,000 records containing card-present (track 2) payment card data have been illegally accessed.'

Employee Arrested in Connection with Morrisons Data Breach

The unidentified man faces up to 10 years in prison if convicted.

Syrian Electronic Army Claims Breach of U.S. Central Command

CENTCOM spokesman Oscar Seara called the claims 'totally bogus.'

Insider Breach Exposes 100,000 Morrisons Employees' Payroll Data

The employees' names, addresses and bank account details were posted online.

Stolen Backup Drives Expose Silversage Advisors Data

Customers' names, mailing addresses, Social Security numbers, driver's license numbers and account information may have been exposed.

HealthSource of Ohio Data Breach Exposes 8,800 Patients' Personal Info

Names, addresses and phone numbers were exposed, along with some Social Security numbers and credit card numbers.

Seattle Archdiocese Hacked

As many as 90,000 employees and volunteers may be affected.

UCSF Medical Center Admits Third Data Breach in Four Months

Unencrypted computers containing 9,986 people's personal and health information were stolen in early January.

NYC MTA Data Breach Exposes 15,000 Employees' Info

A CD containing Social Security numbers, birthdates and salary information was found in a refurbished PC sold at a major retailer.

EC-Council Acknowledges, Details February Hacker Attack

In addition to a Web site defacement, some e-mail accounts were compromised.

Skagit County Fined $215,000 for Data Breach

Almost 1,600 patients' names, descriptions of services, and costs and dates of services were mistakenly made available online.

Laptop Theft Exposes 548 Neurology Patients' Information

Patient names, birthdates, physician names and results of nerve conduction tests may have been exposed.

Former TD Bank Employee Admits Identity Theft

Tenisha Francis opened seven fraudulent accounts at the bank, which were used to process stolen U.S. Treasury checks.

Stolen Laptop Exposes Emory Dialysis Patients' Data

826 patients' names, dates of service, and graphs of blood flow tests were exposed.

Leader of Identity Theft Ring Gets 12 Years in Prison

Jenaro Blalock used government employees' stolen identities to create fraudulent driver's licenses and open lines of credit.

Timken Company Acknowledges Data Breach

4,987 names, birthdates, genders and Social Security numbers were exposed.

Stolen Laptop Exposes 5,500 Canadian Patients' Data

Patient names, birthdates and diagnostic reports were exposed.

Data Breach at Statista Affects 50,000 Users

The company says hackers accessed customers' e-mail addresses and encrypted passwords.

North Dakota University System Hacked

The names and Social Security numbers of 290,000 students and 780 faculty and staff members may have been accessed.

Iowa DHS Acknowledges Data Breach

2,042 names, mailing addresses, Social Security numbers, birthdates, health information and abuse incident information may have been exposed.

British Pregnancy Advice Service Fined for Data Breach

Hacker James Jeffery accessed thousands of people's personal information in 2012.

Computer Theft Exposes 168,000 Los Angeles Patients' Data

Eight computers were stolen from Sutherland Healthcare Solutions' Torrance office.

Johns Hopkins University Hacked

The hacker published 1,300 students' names, e-mail addresses and phone numbers.

Stolen Computers, Hard Drives Expose Texas Patients' Personal Data

Names, addresses, phone numbers, Social Security numbers and health insurance provider policy numbers may have been exposed.

Oak Associates Funds Admits Data Breach

Shareholders' names, addresses, e-mail addresses, phone numbers, Social Security numbers and account information may have been exposed.

Two Hackers Arrested for Theft of 12 Million Mobile Customers' Data

The attackers allegedly earned almost $11 million by using the stolen information to sell mobile phones.

Hackers Breach Phishing Site by Mistake

Members of AnonGhost thought they were defacing the Web site for Yorkshire Bank -- but they defaced a well-designed phishing site instead.

Assisted Living Concepts Data Breach Exposes 43,600 Employees' Payroll Info

Current and former employees' names, addresses, birthdates, pay information and Social Security numbers were exposed.

Hacker Hits Church of Scotland, Church of Cyprus, Lutheran Church of Australia

More than 4,500 user credentials were published on Pastebin.

Survey Finds 40 Percent of CryptoLocker Malware Victims Have Paid Ransom

Researchers at the University of Kent found that approximately one in 30 people in the U.K. have been hit by the ransomware.

Bitcoin Exchange Poloniex Hacked

The unidentified hacker stole approximately $50,000 in Bitcoins.

Flexcoin Hacked, $600,000 in Bitcoins Stolen

Because it doesn't have the resources to recover from the loss, Flexcoin says, it's shutting its doors immediately.

Smucker's Hacked

Customer names, addresses, e-mail addresses, phone numbers, credit card numbers, expiration dates and verification codes may have been accessed.

Stolen Laptop Exposes AppleCare Customers' Data

Names, birthdates, mailing addresses and Social Security numbers may have been exposed.

Purdue University Student Jailed for Hacking School Computers, Changing Grades

Roy C. Sun changed his grades from nine Fs and one incomplete to straight As.

Fort Benning Employee Charged with $2.2 Million Identity Theft Scheme Targeting Soldiers

Tracy Mitchell allegedly used service members' stolen identities to file more than 1,000 fraudulent tax returns.

L.A. Care Health Plan Acknowledges Data Breach

The breach, the company says, resulted from 'a manual information processing error which we have since corrected.'

Three Korean Hackers Arrested for Theft of 17 Million People's Personal Data

The three, surnamed Kim, Choi and Lee, allegedly stole the data from 225 different Web sites.

Average Enterprise Is Hit by a Cyber Attack Every 1.5 Seconds

That's twice the rate seen in 2012, according to FireEye researchers.

British Man Charged with Hacking U.S. Federal Reserve

Lauri Love allegedly stole names, e-mail addresses and phone numbers from Federal Reserve servers and posted the stolen data online.

Fake WhatsApp Desktop Client Delivers Malware

A spam campaign offers a download of the supposed client, but links instead to banking malware.

Alaska Communications Acknowledges Data Breach

Current and former employees' names, addresses, birthdates and Social Security numbers may have been accessed.

Lost USB Drive Exposes Hong Kong Hospital Patients' Data

The unencrypted drive contained 92 patients' personal information, along with data on drug prescriptions.

University of Maryland Extends Credit Protection for Data Breach Victims

The university is offering  five years of free credit monitoring services to the more than 300,000 people affected.

Bromium Warns of YouTube Ads Serving Malware

Google says it's 'beefing up internal procedures to prevent such events from occurring again,' according to Bromium.

Stolen USB Drive Exposes 2,172 Brooklyn Hospital Patients' Data

The unencrypted drive held limited medical information, including diagnoses and some lab values.

Indiana University Acknowledges Data Breach

146,000 names, addresses and Social Security numbers may have been exposed.

Majority of SOHO Wireless Routers Use Default IP Address, Outdated Firmware

A Tripwire survey also found that 30 percent of IT professionals haven't changed their wireless routers' default passwords.

Two Men Jailed for Identity Theft at Medical Lab

Angelo Ponds and Sean Guillaume were sentenced to 48 months and 94 months in prison, respectively.

Memphis Police Department Acknowledges Year-Old Data Breach

An undisclosed number of Social Security numbers and driver's license numbers were exposed in April of 2013.

Stolen Laptop Exposes 1,100 Indianapolis Hospital Patients' Data

The unencrypted laptop contained patients' names, birthdates, genders, dates of service, types of service and physician names.

CA Aims to Improve API Security

Modern Web and mobile apps tend to use external resources, often called via an API, making the API a critical control point for security. That is why CA is addressing API security with new products.

RiskIQ Reports 388 Percent Increase in Android Malware on Google Play

The company says 12.7 percent of all apps on Google Play in 2013 were malicious, up from just 2.7 percent in 2011.

Neiman Marcus Narrows Impact of Recent Data Breach

The company now says 350,000 credit and debit card numbers were exposed, not 1.1 million.

EC-Council Web Site Hacked, Defaced

A defacement page showed a photo of Edward Snowden's passport, and accused the organization of reusing passwords. Data Breach Exposes Customer Credit Card Information

Names, billing addresses, credit card numbers, expiration dates and CVV codes were exposed.

Zevin Asset Management Acknowledges Data Breach

An employee violated company policy by using an online service provider to host a document containing custodian account user names and passwords.

Syrian Electronic Army Hackers Hit FC Barcelona

The hackers briefly took over the football club's Twitter account.

Blue Shield of California Acknowledges Data Breach

Insurance agents' Social Security numbers were mistakenly exposed.

Austrian Energy Company Hacked

Energie Steiermark hasn't yet determined what data was exposed by the breach.

Insurance Company Fined $6.8 Million for Data Breach

TSS mistakenly exposed 13,336 beneficiaries' Medicare Health Insurance Claim Numbers.

Man Sues Wells Fargo over Kafkaesque Identity Theft Nightmare

Carlos Gomez spent two weeks in jail and seven months under house arrest after a bank employee stole his identity and used it to launder stolen money.

University of Maryland Hacked

309,079 names, Social Security numbers, birthdates and university ID numbers were exposed.

2,239 Tesco Customers' Info Leaked Online

The company says the data was compiled using information stolen from other sites, not from Tesco itself.

Study Finds Use of Encryption Growing Steadily Worldwide

The primary driver for deploying encryption is to lessen the impact of data breaches, according to Thales' 2013 Global Encryption Trends Study.

Australian Government Data Breach Exposes Info on 10,000 Asylum Seekers

Names, nationalities, locations, boat arrival information and arrival dates were mistakenly published online.

Iowa Man Fined $111,000 for Joining DDoS Attack for Two Hours

Jacob Allen Wilkens participated in Anonymous' attack on the Angel Soft Web site on March 1, 2011.

Forbes Hackers Exposed 1 Million Users' Info

User names, e-mail addresses and encrypted passwords were published online.