2018 - Information Management Today

Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

Krebs on Security

OCTOBER 28, 2021

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.

Phishing

Phishing Information Security Security IT

Twitter Fined $547,000 Under GDPR for 2018 Data Breach

Data Breach Today

DECEMBER 15, 2020

Penalty Marks First Time US Tech Firm Penalized Under EU's Privacy Regulation For the first time, a U.S. technology firm has been fined under the European Union's General Data Protection Regulation.

Data breaches

Data breaches GDPR Privacy

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

JUNE 25, 2021

” Western Digital’s brief advisory includes a link to an entry in the National Vulnerability Database for CVE-2018-18472. Examine the CVE attached to this flaw and you’ll notice it was issued in 2018. We are actively investigating the issue and will provide an updated advisory when we have more information.”

Access

Access Marketing IT

6 Russians Indicted for Destructive NotPeyta Attacks

Data Breach Today

OCTOBER 20, 2020

DOJ: Russian GRU Officers Targeted 2018 Olympics, French Elections and More The U.S.

Military

New Study: 2018 State of Embedded Analytics Report

Why do some embedded analytics projects succeed while others fail? We surveyed 500+ application teams embedding analytics to find out which analytics features actually move the needle. Read the 6th annual State of Embedded Analytics Report to discover new best practices. Brought to you by Logi Analytics.

Analytics

Medical Group Pays $240K Fine for 3 Ransomware Attacks

Data Breach Today

OCTOBER 4, 2024

Nonprofit Group Hit 3 Times in 3 Weeks in 2018, Affecting PHI of 85,000 Patients Federal regulators have hit a California physician services organization with a $240,000 HIPAA civil penalty following an investigation into three ransomware attacks that occurred within a three-week span in early 2018, compromising the sensitive information of 85,000 (..)

Ransomware

Probing Marriott's Mega-Breach: 9 Cybersecurity Takeaways

Data Breach Today

NOVEMBER 10, 2020

Investigators Find Encryption, Monitoring, Logging and Whitelisting Failures Inadequate database and privileged account monitoring, incomplete multi-factor authentication and insufficient use of encryption: Britain's privacy regulator has cited a raft of failures that contributed to the four-year breach of the Starwood guest reservation system discovered (..)

Cybersecurity

Cybersecurity Encryption Authentication Privacy

6 Russians Indicted for NotPeyta Campaign, Other Attacks

Data Breach Today

OCTOBER 19, 2020

DOJ: Russian GRU Officers Targeted 2018 Olympics, French Elections and More The U.S.

Military

Military Ransomware

Marriott Hit With Class-Action Data Breach Lawsuit

Data Breach Today

AUGUST 19, 2020

The breach ran from 2014 to 2018 - Marriott acquired Starwood in 2016 - and exposed personal information for an estimated 7 million customers in the U.K.

Data breaches

Data breaches GDPR IT

5 Early Indicators Your Embedded Analytics Will Fail

Many application teams leave embedded analytics to languish until something—an unhappy customer, plummeting revenue, a spike in customer churn—demands change. But by then, it may be too late. In this White Paper, Logi Analytics has identified 5 tell-tale signs your project is moving from “nice to have” to “needed yesterday.".

Analytics

Co-Creator of Site That Sold Payment Card Data Pleads Guilty

Data Breach Today

JUNE 29, 2020

Infraud Organization's Site, Shuttered in 2018, Tied to $530 Million in Fraud A Russian national charged in connection with co-creating the Infraud Organization's online cybercrime forum that sold stolen payment card data and was tied to $530 million in fraud losses has pleaded guilty.

Amazon Appeals Privacy Fine of 746 Million Euros

Data Breach Today

JANUARY 12, 2024

The fine of 746 million euros stems from a 2018 complaint by French privacy group La Quadrature du Net.

Privacy

Privacy IT

Security Firm COO Hacked Hospitals to Drum Up Business

Data Breach Today

NOVEMBER 17, 2023

Atlanta Man Pleads Guilty, Is Ordered to Pay $818,000 Restitution, May Avoid Prison The chief operating officer of an Atlanta-based cybersecurity firm has pleaded guilty and agreed to pay restitution of more than $818,000 in a federal criminal case in which he admitted hacking a Georgia medical center in 2018 in an effort to drum up business for his (..)

Security

Security Cybersecurity

T-Mobile Probes Attack, Confirms Systems Were Breached

Data Breach Today

AUGUST 17, 2021

Cybercrime experts say the attackers apparently involved have been tied to previous telecommunications-targeting crime since at least 2018.

Personal data

Personal data Communications Access IT

Security Firm COO Charged in Attack on Medical Center

Data Breach Today

JUNE 11, 2021

Experts Say Odd Case Offers Forewarning to Others The chief operating officer of a network security firm serving the healthcare sector has been charged by federal prosecutors with crimes stemming from an alleged cyberattack on an Atlanta, Georgia-area medical center in 2018.

Security

GAO: CISA Has Many Unfinished Tasks

Data Breach Today

MARCH 12, 2021

Audit Stresses Need for Better Communication With Companies Although CISA has made significant strides since it was established in 2018, the agency still has important work to do to fulfill its cybersecurity and national security obligations, the GAO finds.

Communications

Communications Cybersecurity Security IT

Feds Warn Health Sector of TimisoaraHackerTeam Threats

Data Breach Today

JUNE 19, 2023

HHS says the group was discovered by security researchers in 2018. HHS Says 'Obscure' Group Has Resurfaced, Hitting a Cancer Center Federal authorities are warning healthcare and public health sector entities of an apparent resurgence of TimisoaraHackerTeam after an attack in recent weeks by the obscure ransomware group on a U.S.

Ransomware

Ransomware Security

MIT Researchers: Online Voting App Has Security Flaws

Data Breach Today

FEBRUARY 14, 2020

Voatz Smartphone App Used in 2018 Vulnerable to Hacking, Report Alleges MIT security researchers have published a paper that describes several security flaws in Voatz, a smartphone app used for limited online voting during the 2018 midterm elections. But the maker of the app contends the research is flawed.

Security

Security Paper

US Indicts 4 Chinese Nationals for Lengthy Hacking Campaign

Data Breach Today

JULY 19, 2021

has indicted four Chinese nationals working with the nation's Ministry of State Security in connection with an alleged hacking campaign conducted from 2011 to 2018 that targeted universities and government entities to obtain trade secrets, medical research and other intellectual property.

Government

Government Security

New Version of ZLoader Banking Malware Resurfaces

Data Breach Today

MAY 25, 2020

Researchers Observe Over 100 Campaigns Since Start of 2020 Two years after it was last seen in February 2018, a new version of the ZLoader banking malware has resurfaced, with cybercriminals distributing the malware through email campaigns, according to security firm Proofpoint.

Security

Security IT

Chinese APT Actors Target WeChat Users

Data Breach Today

OCTOBER 3, 2023

APT 41 Used Android, iOS Surveillance Malware to Target APAC Victims Since 2018 Security researchers linked a surveillance toolkit called LightSpy to Chinese threat group APT41, which has a history of using surveillance malware on iOS and Android devices.

Security

India Calls for Stricter Actions Against Cybercriminals

Data Breach Today

JULY 12, 2022

Crime statistics collected by New Delhi show reported cybercrimes nearly doubling from 2018 to 2020.

Government

Government Security

US DOJ Indicts Foreign Nationals for Defrauding $48 Million

Data Breach Today

NOVEMBER 7, 2023

The alleged reshipping scheme operated between 2013 and 2018 while the three defendants lived in Russia. Alleged Operators of Russian Cyber Fraud Scheme Are Indicted U.S. federal prosecutors unsealed an indictment against three foreign nationals for allegedly participating in a $48 million fraud scheme.

Microsoft Put Off Fixing Zero Day for 2 Years

Krebs on Security

AUGUST 16, 2020

In fact, CVE-2020-1464 was first spotted in attacks used in the wild back in August 2018. The last time that August 2018 file was scanned at VirusTotal (Aug 14, 2020), it was detected as a malicious Java trojan by 28 of 59 antivirus programs. And several researchers informed Microsoft about the weakness over the past 18 months.

Security

Security IT

FastPOS Malware Creator Pleads Guilty to Federal Charges

Data Breach Today

AUGUST 1, 2020

Valerian Chiochiu assisted other cybercriminals through the Infraud site before authorities shuttered it in 2018.

IT

T-Mobile Says Systems Illegally Accessed As Probe Continues

Data Breach Today

AUGUST 17, 2021

Cybercrime experts say actors tangent to the breach have been involved in telco-related hijinks going back to at least 2018.

Access

Access IT

Ransomware Hit: Tulsa Promises Recovery, Not Ransom Paying

Data Breach Today

MAY 24, 2021

Mayor Says 2018 Atlanta Ransom Attack Served Notice 'That We Needed to Up Our Game' Ransomware attacks are stuck on repeat: Criminal syndicates have found an extremely profitable business model, and they're milking it for all it's worth.

Ransomware

Ransomware IT

Privacy Fines: Total GDPR Sanctions Reach $331 Million

Data Breach Today

JANUARY 19, 2021

But Across Europe, Total Fines and Breach Reports Continue to Vary Widely by Country Privacy watchdogs in Europe have imposed fines totaling more than $330 million since the EU's General Data Protection Regulation went into full effect in May 2018, according to law firm DLA Piper.

Privacy

Privacy GDPR Data breaches

Hackers Were Inside Citrix for Five Months

Krebs on Security

FEBRUARY 19, 2020

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. 13, 2018 and Mar. 28, 2018, a claim Citrix initially denied but later acknowledged.

Passwords

Passwords Access Insurance Government

Premium Hikes Spur Improved US Cyber Insurance Loss Ratios

Data Breach Today

APRIL 15, 2022

The loss ratio declined for the first time since 2018 despite the frequency and severity of claims filed for cyberattacks increasing again in 2021.

Insurance

Marriott Suffers Another Massive Data Breach

Data Breach Today

APRIL 1, 2020

Million Customers' Personal Details Hotel giant Marriott, which in 2018 disclosed that it had suffered one of the worst data breaches in history, is now warning that it suffered a new breach earlier this year that exposed personal details - although not payment card information - for 5.2 Employees' Credentials Used to Steal 5.2

Data breaches

Data breaches IT

Patients Blackmailed 2 Years After a Breach

Data Breach Today

OCTOBER 29, 2020

Finnish Mental Health Provider's Clients Threated With Data Exposure Hackers are threatening patients of a Finnish mental health provider with the public release of their sensitive data exposed in a 2018 data breach if they do not pay a ransom.

Data breaches

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

Worse still, the DFS found, the vulnerability was discovered in a penetration test First American conducted on its own in December 2018. But in Wednesday’s filing, the DFS said First American was unable to determine whether records were accessed prior to Jun 2018.

Insurance

Insurance Financial Services Mining Access

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

Data Breach Today

MAY 16, 2019

$63 Million in Fines Imposed Since Privacy Law Went Into Full Effect European privacy authorities have received nearly 65,000 data breach notifications since the EU's General Data Protection Regulation went into full effect in May 2018. Privacy regulators have also imposed at least $63 million in GDPR fines.

Data breaches

Data breaches GDPR Privacy

Not So Fast: Retailer Shein Fined $1.9M for Breach Cover-Up

Data Breach Today

OCTOBER 14, 2022

million by the New York state attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security as well as failing to alert users or force password resets in a timely manner.

Retail

Retail Passwords Data breaches Personal data

Debt Collection Firm Reaches Breach Settlement With States

Data Breach Today

MARCH 12, 2021

AMCA, Which Had Filed for Bankruptcy, Agrees to Bolster Its Security A coalition of 41 state attorneys general has reached a settlement with American Medical Collection Agency in the wake of a 2018 data breach that compromised the data of 21 million individuals and pushed the company to file for bankruptcy.

Data breaches

Data breaches Security IT

British Airways' GDPR Fine Dramatically Reduced

Data Breach Today

OCTOBER 16, 2020

Fined $26 Million in Connection With 2018 Breach Britain's Information Commissioner's Office announced this week a dramatic reduction in its fine against British Airways for violating the EU's General Data Protection Regulation. The company will pay a $26 million fine instead of $238 million in a case tied to a 2018 breach.

GDPR

GDPR IT

Fresh Ransomware Targets Android Devices

Data Breach Today

APRIL 29, 2020

The malware, which dates back to 2018, originally was designed as a malware-as-a-service botnet and dropper for other malicious code.

Ransomware

ZLoader Banking Malware Resurfaces

Data Breach Today

MAY 26, 2020

Researchers Tracking More Than 100 Campaigns Since Start of 2020 Two years after it was last seen in February 2018, ZLoader banking malware has resurfaced, with cybercriminals wielding a new version that gets distributed via email campaigns, security firm Proofpoint warns.

Security

Security IT

Bomb Threat, DDoS Purveyor Gets Eight Years

Krebs on Security

DECEMBER 1, 2020

“In early 2018, Vaughn demanded 1.5 Among the Apophis Squad’s targets was encrypted mail service Protonmail, which reached out to this author in 2018 for clues about the identities of the Apophis Squad members after noticing we were both being targeted by them and receiving demands for money in exchange for calling off the attacks.

Encryption

Encryption IT

Evilnum Hacking Group Updates TTPs Targeting Fintech

Data Breach Today

JULY 2, 2022

First seen in 2018, the group mainly targets fintech firms in the U.K. Group Now Uses MS Office Word Documents to Deliver Payload The Evilnum hacking group has updated its tactics, techniques and procedures, now uses MS Office Word documents and leverages document template injection to deliver malicious payloads to its victims' machines.

IT

Police Seize Hacker Bazaar Genesis Market

Data Breach Today

APRIL 5, 2023

Genesis Market since 2018 offered access to more than 1.5 International Operation Led by FBI Results in Hundreds of Arrests The FBI and other national police are touting an operation that dismantled Genesis Market, a marketplace used by ransomware hackers and bank thieves to gain ongoing access to victims' computers.

Marketing

Marketing Ransomware Access

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

Security Affairs

AUGUST 18, 2024

Boffins demonstrated the vulnerability of fingerprint recognition systems to dictionary attacks using ‘MasterPrints, ‘which are fingerprints that can match multiple other prints.

Risk

Risk Security Information Security IT

Privacy Rights: GDPR Enforcement Celebrates Third Birthday

Data Breach Today

MAY 25, 2021

Regulators Increasingly 'Asking the Right Questions' After a Breach, Expert Says Where were you on May 25, 2018? That was the day when the EU's General Data Protection Regulation went into full effect.

GDPR

GDPR Privacy

Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

Twitter Fined $547,000 Under GDPR for 2018 Data Breach

Trending Sources

MyBook Users Urged to Unplug Devices from Internet

6 Russians Indicted for Destructive NotPeyta Attacks

New Study: 2018 State of Embedded Analytics Report

Medical Group Pays $240K Fine for 3 Ransomware Attacks

Probing Marriott's Mega-Breach: 9 Cybersecurity Takeaways

6 Russians Indicted for NotPeyta Campaign, Other Attacks

Marriott Hit With Class-Action Data Breach Lawsuit

5 Early Indicators Your Embedded Analytics Will Fail

Co-Creator of Site That Sold Payment Card Data Pleads Guilty

Amazon Appeals Privacy Fine of 746 Million Euros

Security Firm COO Hacked Hospitals to Drum Up Business

T-Mobile Probes Attack, Confirms Systems Were Breached

Security Firm COO Charged in Attack on Medical Center

GAO: CISA Has Many Unfinished Tasks

Feds Warn Health Sector of TimisoaraHackerTeam Threats

MIT Researchers: Online Voting App Has Security Flaws

US Indicts 4 Chinese Nationals for Lengthy Hacking Campaign

New Version of ZLoader Banking Malware Resurfaces

Chinese APT Actors Target WeChat Users

India Calls for Stricter Actions Against Cybercriminals

US DOJ Indicts Foreign Nationals for Defrauding $48 Million

Microsoft Put Off Fixing Zero Day for 2 Years

FastPOS Malware Creator Pleads Guilty to Federal Charges

T-Mobile Says Systems Illegally Accessed As Probe Continues

Ransomware Hit: Tulsa Promises Recovery, Not Ransom Paying

Privacy Fines: Total GDPR Sanctions Reach $331 Million

Hackers Were Inside Citrix for Five Months

Premium Hikes Spur Improved US Cyber Insurance Loss Ratios

Marriott Suffers Another Massive Data Breach

Patients Blackmailed 2 Years After a Breach

NY Charges First American Financial for Massive Data Leak

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

Not So Fast: Retailer Shein Fined $1.9M for Breach Cover-Up

Debt Collection Firm Reaches Breach Settlement With States

British Airways' GDPR Fine Dramatically Reduced

Fresh Ransomware Targets Android Devices

ZLoader Banking Malware Resurfaces

Bomb Threat, DDoS Purveyor Gets Eight Years

Evilnum Hacking Group Updates TTPs Targeting Fintech

Police Seize Hacker Bazaar Genesis Market

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

Privacy Rights: GDPR Enforcement Celebrates Third Birthday

Stay Connected