Two major data breaches recently exposed more than 10 million people’s personal information.
The online training company Lynda.com, which was acquired by LinkedIn last spring, acknowledged that an unauthorized third party accessed 55,000 users’ “cryptographically salted and hashed” passwords, Graham Cluley reports.
Another 9.5 million users were notified that while their passwords weren’t exposed, their contact information and details of viewed courses may have been accessed.
“[W]hile we have no evidence that your specific account was accessed or that any data has been made publicly available, we wanted to notify you as a precautionary measure,” the company told users by email.
Noting that the breach took place as Microsoft is wrapping up its acquisition of LinkedIn, RiskVision CEO Joe Fantuzzi told eSecurity Planet by email that the breach underscores the importance of taking extra precautions around risk during any acquisition process. “In addition to adding new talent, technology and innovation, acquisitions can also sometimes add unintentional risk,” he said.
As a result, Fantuzzi said, organizations need to be highly aware of the risk posture of the acquired organization as well as their own. “This requires that they put especially strong efforts into aligning the two sets of security policies and detecting hidden vulnerabilities in the newly acquired systems that can easily fall through the cracks and expose the parent organization to damaging breaches and attacks before any value from their purchase can be realized,” he said.
In a separate breach, 756,000 people’s confidential health data or personal information may have been accessed when a May 2016 phishing email successfully tricked 108 Los Angeles County employees into providing user names and passwords to their accounts, the L.A. Times reports.
Most of the people whose information was accessed had contact with the Department of Health Services, though a dozen other county departments were also affected.
The data potentially accessed includes names, addresses, birthdates, Social Security numbers, financial information and medical records.
Last week, an arrest warrant was issued for Austin Kelvin Onaghinor, 37, charging him with nine felony counts including unauthorized computer access and identity theft. “My office will work aggressively to bring this criminal hackers and others to Los Angeles County where they will be prosecuted to the fullest extent of the law,” District Attorney Jackie Lacey said in a statement.
Spirion CEO Jo Webber told eSecurity Planet that it’s no surprise to learn that the breach was caused by a phishing email. “We expect this type of breach to continue to accelerate through 2017, and corporations must focus on securing sensitive data and informing all employees of what phishing emails look like and how convincing they often are,” she said.
According to the results of a recent Alertsec survey of more than 1,000 U.S. adults, 25 percent of respondents said recent high-profile hacks have prompted them to get more strategic about their online security. Forty-eight percent of respondents worry about hacker groups, particularly Russian hackers and Anonymous.