Security News 

FBI Informant Sabu Tied to International Cyber Attacks

Hector Xavier Monsegur coordinated hundreds of attacks on foreign government Web sites while he was working as an informant for the FBI.

Kaspersky Warns of Surge in Bitcoin Cybercrime

Cyber attacks targeting Bitcoin accounted for a total of 8.3 million incidents in 2013.

Miami Resident Gets 81 Months in Prison for Identity Theft, Tax Fraud

Brandon James used at least 121 stolen identities to file fraudulent tax returns seeking more than $862,000 in refunds.

New Malware Targets Jailbroken iPhones, iPads

The malware is designed to steal victims' Apple IDs and passwords.

Maricopa Community Colleges Sued Over Data Breach

The lawsuit claims that MCCCD 'failed to notify victims of the data breach in a reasonable or timely manner.'

Two Alleged Anonymous Hackers Arrested in Cambodia

Both suspects are 21-year-old students at Phnom Penh's SETEC Institute.

Iowa State University Hacked

Five university servers were used to mine Bitcoins.

NCO Financial Acknowledges Data Breach

Customer names, addresses, Social Security numbers and account numbers were mistakenly exposed.

Cyber War News Shuts Down Following DOJ Request

'Site n email contacts all gone for good,' the publisher tweeted earlier this week.

Google Issues Refunds for Fake Anti-Virus App

'This app made the false claim that it provided one-click virus protection; in reality, it did not,' the company wrote in an e-mail to purchasers.

Number of Mobile Banking Trojans Nearly Doubled in Q1 2014

During the same period, the total number of mobile malware samples surged from 189,626 to 299,950, according to Kaspersky Lab.

Florida Man Gets Five Years in Prison for Identity Theft

Andrew Ware was involved in a stolen identity tax refund scheme claiming a total of $137,132 in fraudulent refunds.

Parallon Business Solutions Acknowledges Insider Breach

A former employee inappropriately accessed names, Social Security numbers, home addresses and health insurance information.

Three Self-Described Anonymous Hackers Arrested in South Korea

The three have been charged with threatening to launch cyber attacks against the Korean government.

UPMC Data Breach Affects 27,000 Employees

At least 788 UPMC employees have already been victims of tax fraud.

Data Breach at Michaels Stores Exposes 3 Million Credit Cards

Approximately 2.6 million payment cards used at Michaels locations were accessed, along with 400,000 cards used at Aaron Brothers.

Two Thirds of U.S. Companies Were Breached by SQL Injection Attacks in 2013

The average SQL injection breach took almost 140 days to discover, according to the Ponemon Institute.

Phishing Campaign Targets World of Warcraft Players

The e-mails ask recipients for their user names, passwords, and answers to security questions.

Alleged Heartbleed Hacker Arrested in Canada

Stephen Solis-Reyes, 19, is a second-year student at Western University.

University Urology Acknowledges Insider Breach

An administrative assistant provided patient names and addresses to a competing healthcare provider.

88 Percent of U.S. Consumers Are Worried About Data Privacy

One third of consumers have been directly impacted by the misuse of personal data in the past year, according to GfK.

Texas Cardiology Clinic Hacked

More than 1,400 patients' names, addresses, phone numbers, Social Security numbers and medical records were exposed.

Nine Charged with Using Zeus Malware to Steal Millions

The defendants allegedly told banks they were employees of the victims and were authorized to make transfers from their accounts.

Heartbleed Bug Exposes 900 Canadian Taxpayers' Data

The Canada Revenue Agency says some data 'that may related to businesses' was also accessed.

Plastic Surgery Provider Hacked, 480,000 People's Data Exposed

Potential clients' names, addresses, e-mail addresses, phone numbers and birthdates were exposed, along with the surgeries they were considering.

Mumsnet Resets 1.5 Million Passwords Following Data Breach

The Heartbleed bug was leveraged to access user names, e-mail addresses and passwords.

Bulgarian Credit Card Fraud Gang Dismantled

25 people were arrested, and 250 skimming devices, 2,000 blank credit cards and more than 50,000 Euros in cash were seized.

Hacker Weev's Conviction Overturned

Key to the court's decision was the question of whether Andrew Auernheimer should have been charged in New Jersey.

LaCie Acknowledges Year-Long Data Breach

Customers who made online purchases between March 2013 and March 2014 are affected.

VFW Hacked

A hacker believed to be from China accessed 55,000 VFW members' names, addresses and Social Security numbers.

Majority of Employees Don't Receive Security Awareness Training

A recent survey found that 56 percent of respondents have not been provided with training by their employers.

Hackers Steal $35,000 in Club Carlson Gold Points

The company says about 650 customers are affected.

Canada Stops Accepting Online Tax Returns Due to Heartbleed Bug

The CRA says taxpayers will not be penalized for filing their returns late.

70 People Arrested for Airline Ticket Fraud

According to Europol, the arrests took place in 23 countries, in connection with 265 fraudulent ticket purchases.

Southern California Hospital Acknowledges Insider Breach

Patients' Social Security numbers, driver's license numbers, addresses, birthdates and limited medical information were accessed more than a year ago.

Deltek Hacked

The passwords of 80,000 employees of federal contractors may have been accessed, along with credit card data for 25,000 of those employees.

Fake Anti-Virus App Gets 10,000 Downloads on Google Play

The app was briefly the top new paid app on Google Play, but it did nothing at all.

Hacked Gmail Account Exposes 1,256 Patients' Data

Patients' names, birthdates, surgical descriptions or codes, surgical dates and special surgical instructions may have been exposed.

European Cyber Army Hacker Targets Syria

Over 60,000 full names, user names, phone numbers and home addresses were leaked, along with several encrypted passwords and several in clear text.

School Loses $1.7 Million to Phishing Scam

The finance staff at St. Aldhelm's Academy replied to an e-mail asking for their banking information.

Florida School District Publishes Employees' Social Security Numbers Online

The data was included in a document that was inadvertently made available online for two years.

Kaiser Permanente Acknowledges Three-Year Data Breach

A company server was infected with malware in the fall of 2011, but the infection wasn't detected until two months ago.

Codenomicon Researchers Warn of Heartbleed OpenSSL Security Flaw

The vulnerability 'allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.' Hacked

Hacker ProbablyOnion leaked 36,802 names, addresses, phone numbers, e-mail addresses and plain text passwords.

Anonymous' Barrett Brown Signs Plea Deal

While the plea deal is sealed, a separate document indicates that Brown now faces just two charges, with a greatly reduced potential prison sentence.

Stolen Flash Drive Exposes 2,595 Michigan Residents' Data

The flash drive contained names, addresses and some birthdates, along with 1,539 Social Security numbers or Medicaid identification numbers.

Xbox Live Hacked by Five-Year-Old Boy

To thank him for finding the security flaw, Microsoft gave Kristoffer Von Hassel four games, $50, and a year-long subscription to Xbox Live.

Kansas State Assessments Hit by DDoS Attacks

'We don't know if it was two bored teenagers or an anti-testing attack,' Center for Education Testing and Evaluation co-director Marianne Perie says.

LewisGale Regional Health System Suffers Insider Breach

An employee of LewisGale's billing service accessed 40 patients' names, Social Security numbers, home addresses and health insurance information.

18 Million E-mail Account Passwords Stolen in Germany

The breach is the second major theft of e-mail account information reported in Germany this year.

Computer Theft Exposes 2,394 Texas Children's Personal Data

Names, addresses, birthdates, Social Security numbers, Medicaid numbers, photos and/or health information may have been accessed.

Man Arrested for Breach of South Korean Web Portal

The man, surnamed Seo, allegedly purchased 25 million Naver users' account information.

Boxee Hacked

158,128 e-mail addresses and encrypted passwords were leaked online.

Stolen Flash Drives Expose 5,000 Palomar Health Patients' Data

The unencrypted drives held the patients' names, birthdates, diagnoses, treatment information and insurance information.

Stolen Laptop Exposes UK HealthCare Patient Data

1,079 patients' protected health information may have been exposed.

SendGrid Hit by Social Engineering Attack

A hacker was able to convince the company over the phone to change a customer's e-mail address.

Phishing Attack Exposes Franciscan Medical Group Patients' Data

Approximately 8,300 patients' personal and medical information may have been exposed.

Spec's Hacked

The company says 'an estimated fewer than 550,000' people's credit card or bank information may have been accessed.

Survey Finds Most Companies Aren't Ready for a Data Breach

71 percent of IT decision makers say they're either 'not confident' in their security or 'not at all prepared' to manage a security breach.

Malware Exposes Rosenthal Wine Shop Customer Data

Customers' names, addresses, payment card account numbers, expiration dates and security codes may have been exposed.

Subcontractor Error Exposes 3,100 Alabama Patients' Medical Data

A billing vendor's IT subcontractor mistakenly stored files on an unsecured server.

Bank Drops Out of Target Data Breach Lawsuit

It's not clear why Trustmark dropped out of the suit, but Trustwave says it was incorrectly identified as Target's security services provider.

Lost USB Drive Exposes Sensitive Data from Wolf and Company

Names and Social Security numbers may have been exposed when the unencrypted drive was lost in the mail.

Researcher Warns of Tesla Model S Security Flaws

A relatively vulnerable six-character password can be leveraged to unlock the car and view its location.

Australian Hacker May See All Charges Dropped

'It's a travesty, and it's taken nearly a year to get to this point,' said Matthew Flannery's solicitor Manny Conditsis.

Payroll Data Breach Impacts Sorenson Communications Employees

Employees' names, birthdates, addresses, income history, Social Security numbers, W-2 information and emergency contact data may have been exposed.

University of Wisconsin Hacked

15,000 students' names, addresses, phone numbers, e-mail addresses and Social Security numbers may have been exposed.

Cerberus Hacked

96,564 user names and encrypted passwords were accessed.

Data Breach Exposes Firefighters' Personal Information

Names and Social Security numbers were mistakenly exposed to all department personnel.

Lookout Warns of Litecoin-Mining Android Malware

The malware leverages infected devices to mine for Litecoin, Dogecoin and Casinocoin.

Europol Dismantles Online Fraud Gang

Hundreds of victims in more than 15 countries were affected by the scam.

Shelburne Country Store Hacked

Customer names, addresses, credit or debit card numbers, expiration dates and verification numbers may have been accessed.

Banks Sue Target, Trustwave Over Data Breach

The lawsuit alleges that vulnerabilities in Target's systems were 'either undetected or ignored by Trustwave.'

Lost Flash Drive Exposes Florida Children's Medical Data

Last names, medical record numbers, birthdates, gestational ages, birth weights and dates of hospitalizations may have been exposed.

Stolen Computers Expose Greenleaf Book Group Vendor, Customer Data

Names, credit card information, e-mail addresses and some mailing addresses may have been exposed.

Laptop Theft Exposes Digia Employee Data

Employee names, addresses, birthdates, Social Security numbers, driver's license numbers and/or banking data may have been exposed.

Alleged Hacker Arrested for Attack on U.S. Gaming Company

The man allegedly sold players' IP address in order to allow customers to launch denial of service attacks.

Stanford Hospital, Contractor to Pay $4.1 Million for 2010 Data Breach

The breach exposed 20,000 emergency room patients' medical information.

Auburn University Hacked

Almost 14,000 names and Social Security numbers may have been accessed.

Basecamp Hit by Cyber Attack, Blackmail

Company co-founder David Heinemeir Hansson says the attackers demanded money to make the DDoS attack stop.

California DMV Admits Credit Card Breach

A breach at the DMV's credit card processor may have exposed customers' card numbers, expiration dates and security codes.

Valley View Hospital Hacked

5,400 patients' personal information may have been exposed after hospital computers were infected with a virus.

Arcadia Home Care Acknowledges Insider Breach

The company says an independent contractor used his database access to steal employees' personal information.

Data Breach Exposes 6,000 High School Students' Personal Data

The students' names, birthdates, genders, final grades, learning skills and work habit assessment scores were mistakenly made available online.

Laptop Theft Exposes 1,700 Arizona Patients' Info

Patients' names, birthdates, prescription information and medical record numbers were exposed.

Cancer E-mails Deliver Malware

The e-mail claims that the recipient has cancer -- but an attachment delivers the ZeuS Trojan.

Bitcoin Exchange CoinEX Hacked

Site operator Vitaly A. Sorokin says he plans to cover the losses himself.

EA Games Hacked

An EA Games server was used to host a phishing page designed to steal Apple login credentials.

Hacker Diabl0 Arrested in Bangkok

Farid Essebar will be extradited to Switzerland, where he's accused of causing more than $4 billion in damages in 2011.

Researchers Develop Google Glass Spyware

The malware takes and uploads a photo every 10 seconds without notifying the user.

IRS Acknowledges Insider Data Breach

Approximately 20,000 current and former employees' names, addresses and Social Security numbers may have been exposed.

Miss Teen USA Hacker Jailed

Jared James Abrahams was sentenced to 18 months in federal prison.

Hacker Crashes Google Play Twice

Ibrahim Balic uncovered a vulnerability that blocked developers from uploading Android apps to the store.

Maryland Nonprofit SCI Hacked

9,700 names, personal health information and Social Security numbers were exposed.

Ransomware Victim Kills Self, Son

'I apologize to all of you ... I don't want Nicusor to suffer because of me,' Marcel Datcu wrote in a suicide note.

Sally Beauty Supply Confirms Credit Card Breach

The company today stated that 'fewer than 25,000 records containing card-present (track 2) payment card data have been illegally accessed.'

Employee Arrested in Connection with Morrisons Data Breach

The unidentified man faces up to 10 years in prison if convicted.

Syrian Electronic Army Claims Breach of U.S. Central Command

CENTCOM spokesman Oscar Seara called the claims 'totally bogus.'

Stolen Backup Drives Expose Silversage Advisors Data

Customers' names, mailing addresses, Social Security numbers, driver's license numbers and account information may have been exposed.

Insider Breach Exposes 100,000 Morrisons Employees' Payroll Data

The employees' names, addresses and bank account details were posted online.

HealthSource of Ohio Data Breach Exposes 8,800 Patients' Personal Info

Names, addresses and phone numbers were exposed, along with some Social Security numbers and credit card numbers.

Seattle Archdiocese Hacked

As many as 90,000 employees and volunteers may be affected.

UCSF Medical Center Admits Third Data Breach in Four Months

Unencrypted computers containing 9,986 people's personal and health information were stolen in early January.

NYC MTA Data Breach Exposes 15,000 Employees' Info

A CD containing Social Security numbers, birthdates and salary information was found in a refurbished PC sold at a major retailer.

EC-Council Acknowledges, Details February Hacker Attack

In addition to a Web site defacement, some e-mail accounts were compromised.

Skagit County Fined $215,000 for Data Breach

Almost 1,600 patients' names, descriptions of services, and costs and dates of services were mistakenly made available online.

Laptop Theft Exposes 548 Neurology Patients' Information

Patient names, birthdates, physician names and results of nerve conduction tests may have been exposed.

Former TD Bank Employee Admits Identity Theft

Tenisha Francis opened seven fraudulent accounts at the bank, which were used to process stolen U.S. Treasury checks.

Stolen Laptop Exposes Emory Dialysis Patients' Data

826 patients' names, dates of service, and graphs of blood flow tests were exposed.

Timken Company Acknowledges Data Breach

4,987 names, birthdates, genders and Social Security numbers were exposed.

Stolen Laptop Exposes 5,500 Canadian Patients' Data

Patient names, birthdates and diagnostic reports were exposed.

Leader of Identity Theft Ring Gets 12 Years in Prison

Jenaro Blalock used government employees' stolen identities to create fraudulent driver's licenses and open lines of credit.

Data Breach at Statista Affects 50,000 Users

The company says hackers accessed customers' e-mail addresses and encrypted passwords.

Iowa DHS Acknowledges Data Breach

2,042 names, mailing addresses, Social Security numbers, birthdates, health information and abuse incident information may have been exposed.

North Dakota University System Hacked

The names and Social Security numbers of 290,000 students and 780 faculty and staff members may have been accessed.

British Pregnancy Advice Service Fined for Data Breach

Hacker James Jeffery accessed thousands of people's personal information in 2012.

Computer Theft Exposes 168,000 Los Angeles Patients' Data

Eight computers were stolen from Sutherland Healthcare Solutions' Torrance office.

Johns Hopkins University Hacked

The hacker published 1,300 students' names, e-mail addresses and phone numbers.

Stolen Computers, Hard Drives Expose Texas Patients' Personal Data

Names, addresses, phone numbers, Social Security numbers and health insurance provider policy numbers may have been exposed.

Oak Associates Funds Admits Data Breach

Shareholders' names, addresses, e-mail addresses, phone numbers, Social Security numbers and account information may have been exposed.

Two Hackers Arrested for Theft of 12 Million Mobile Customers' Data

The attackers allegedly earned almost $11 million by using the stolen information to sell mobile phones.

Hackers Breach Phishing Site by Mistake

Members of AnonGhost thought they were defacing the Web site for Yorkshire Bank -- but they defaced a well-designed phishing site instead.

Hacker Hits Church of Scotland, Church of Cyprus, Lutheran Church of Australia

More than 4,500 user credentials were published on Pastebin.

Assisted Living Concepts Data Breach Exposes 43,600 Employees' Payroll Info

Current and former employees' names, addresses, birthdates, pay information and Social Security numbers were exposed.

Survey Finds 40 Percent of CryptoLocker Malware Victims Have Paid Ransom

Researchers at the University of Kent found that approximately one in 30 people in the U.K. have been hit by the ransomware.

Bitcoin Exchange Poloniex Hacked

The unidentified hacker stole approximately $50,000 in Bitcoins.

Flexcoin Hacked, $600,000 in Bitcoins Stolen

Because it doesn't have the resources to recover from the loss, Flexcoin says, it's shutting its doors immediately.

Smucker's Hacked

Customer names, addresses, e-mail addresses, phone numbers, credit card numbers, expiration dates and verification codes may have been accessed.

Stolen Laptop Exposes AppleCare Customers' Data

Names, birthdates, mailing addresses and Social Security numbers may have been exposed.

Purdue University Student Jailed for Hacking School Computers, Changing Grades

Roy C. Sun changed his grades from nine Fs and one incomplete to straight As.

Fort Benning Employee Charged with $2.2 Million Identity Theft Scheme Targeting Soldiers

Tracy Mitchell allegedly used service members' stolen identities to file more than 1,000 fraudulent tax returns.

L.A. Care Health Plan Acknowledges Data Breach

The breach, the company says, resulted from 'a manual information processing error which we have since corrected.'

Average Enterprise Is Hit by a Cyber Attack Every 1.5 Seconds

That's twice the rate seen in 2012, according to FireEye researchers.

Three Korean Hackers Arrested for Theft of 17 Million People's Personal Data

The three, surnamed Kim, Choi and Lee, allegedly stole the data from 225 different Web sites.

British Man Charged with Hacking U.S. Federal Reserve

Lauri Love allegedly stole names, e-mail addresses and phone numbers from Federal Reserve servers and posted the stolen data online.

Fake WhatsApp Desktop Client Delivers Malware

A spam campaign offers a download of the supposed client, but links instead to banking malware.

Lost USB Drive Exposes Hong Kong Hospital Patients' Data

The unencrypted drive contained 92 patients' personal information, along with data on drug prescriptions.

Alaska Communications Acknowledges Data Breach

Current and former employees' names, addresses, birthdates and Social Security numbers may have been accessed.

University of Maryland Extends Credit Protection for Data Breach Victims

The university is offering  five years of free credit monitoring services to the more than 300,000 people affected.

Bromium Warns of YouTube Ads Serving Malware

Google says it's 'beefing up internal procedures to prevent such events from occurring again,' according to Bromium.

Stolen USB Drive Exposes 2,172 Brooklyn Hospital Patients' Data

The unencrypted drive held limited medical information, including diagnoses and some lab values.

Indiana University Acknowledges Data Breach

146,000 names, addresses and Social Security numbers may have been exposed.

Two Men Jailed for Identity Theft at Medical Lab

Angelo Ponds and Sean Guillaume were sentenced to 48 months and 94 months in prison, respectively.

Majority of SOHO Wireless Routers Use Default IP Address, Outdated Firmware

A Tripwire survey also found that 30 percent of IT professionals haven't changed their wireless routers' default passwords.

Memphis Police Department Acknowledges Year-Old Data Breach

An undisclosed number of Social Security numbers and driver's license numbers were exposed in April of 2013.

Stolen Laptop Exposes 1,100 Indianapolis Hospital Patients' Data

The unencrypted laptop contained patients' names, birthdates, genders, dates of service, types of service and physician names.

CA Aims to Improve API Security

Modern Web and mobile apps tend to use external resources, often called via an API, making the API a critical control point for security. That is why CA is addressing API security with new products.

RiskIQ Reports 388 Percent Increase in Android Malware on Google Play

The company says 12.7 percent of all apps on Google Play in 2013 were malicious, up from just 2.7 percent in 2011.

EC-Council Web Site Hacked, Defaced

A defacement page showed a photo of Edward Snowden's passport, and accused the organization of reusing passwords.

Neiman Marcus Narrows Impact of Recent Data Breach

The company now says 350,000 credit and debit card numbers were exposed, not 1.1 million.