Category Archives: breach

String of big data breaches continues with hack on health insurer Anthem

Over the past 18 months, hackers have struck again and again, with incursions on Target, Staples, JPMorgan Chase, and Sony Pictures, as well as a raft of smaller companies. Now, one of the largest US health insurers, Anthem, says it suffered a breach that exposed Social Security Numbers and other personal information for tens of millions of people, including its CEO.

In all, Anthem said the compromised database included 80 million records related to current and former customers and employees. The intruders accessed names, Social Security numbers, birthdays, addresses, e-mail, income data and other employment information. At this early stage, company officials don't think credit card details and medical information such as insurance claims and test results were taken. Company officials have hired security firm Mandiant to determine how the hackers got in and what information they accessed. The FBI is also investigating.

Anthem operates under a variety of health insurance brands, including Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, and Empire Blue Cross and Blue Shield. The breach was discovered on January 29. The company plans to notify affected customers and employees in the coming weeks. It has also published this list of frequently asked questions and this statement from CEO and President Joseph R. Swedish apologizing for the data theft.

Read 2 remaining paragraphs | Comments

Sony hackers could have slipped past 90% of defenses, FBI director says

The malware that thoroughly penetrated Sony Pictures Entertainment was so sophisticated it likely would have worked against nine out of 10 security defenses available to companies, a top FBI official told members of Congress.

The comments, made under oath Wednesday by Joseph Demarest, assistant director of the FBI's cyber division, are the latest to largely let Sony officials off the hook. Last month's rooting of servers operated by Sony's movie division is believed to have exposed more than 100 gigabytes of data, including not only unreleased movies but, more importantly, personal details on tens of thousands of employees. Speaking before the Senate Banking, Housing, and Urban Affairs Committee, Demarest's apologist comments closely resembled those reported earlier this week from the CEO of Mandiant, the security firm investigating the breach on behalf of Sony.

"The level of sophistication is extremely high and we can tell...that [the hackers] are organized and certainly persistent," Demarest said, according to IDG News. "In speaking with Sony and separately, the Mandiant security provider, the malware that was used would have slipped or probably gotten past 90% of Net defenses that are out there today in private industry and [likely] challenged even state government."

Read 1 remaining paragraphs | Comments

Hacked payment card service transmitted some data in plaintext

Charge Anywhere, a company that routes payment transactions between merchants and payment card processors, said that malicious software planted on its network may have accessed unencrypted sensitive cardholder data for almost five years.

In a statement, the company warned that some of the card data it sends or receives appears in plaintext, allowing attackers to copy it and use it in fraudulent transactions. Details including names, account numbers, expiration dates, and verification codes are known to be exposed for transactions that occurred this year from August 17 through September 24, although it's possible transactions dating back to November 5, 2009 may also have been accessed, the statement said. The disclosure came after company officials hired an unidentified security firm to investigate the breach.

"The investigation revealed that an unauthorized person initially gained access to the network and installed sophisticated malware that was then used to create the ability to capture segments of outbound network traffic," the release stated. "Much of the outbound traffic was encrypted. However, the format and method of connection for certain outbound messages enabled the unauthorized person to capture and ultimately then gain access to plain text payment card transaction authorization requests."

Read 2 remaining paragraphs | Comments

1.2 billion stolen login details put a spotlight on the broken password system

Russian cybercrime group stole user names and passwords from 420,000 sites. Perhaps it’s time to move on from the password.

Copyright © 1995 - 2015. Kashif Ali.