More than 1-in-10 Ransomware Attacks Involve Threat of Releasing Consumer or Client Data

Turning ransomware attacks into data breaches if the ransom isn’t paid, what’s being called exfiltration+encryption attacks, can be damaging on multiple levels. In the first half of this year 11 percent of ransomware attacks have adopted this tactic.

ID Ransomware, a website and free tool that allows ransomware victims to upload a ransom note or sample encrypted file to identify the ransomware used against them, had over 100,000 submissions between January 1 and June 30, 2020.

Read More

Massive Wawa Data Breach Puts Unknown Number of Cards in Hands of Fraudsters

Wawa announced a large-scale malware compromise breaching payment cards processed at the pump or inside between March 4 and December 12, 2019, also admitting that the company “does not have sufficient information to determine” how many payment cards were exposed. The gas station and convenience store has more than 850 locations along the east coast with $10.6 billion in annual revenue.

Read More

FTC Chair Nominee and New Federal Reserve Chairman Each Mention Data Breaches as a Critical Concern

As the FTC considers and confirms nominees to fill vacant commission seats, those interviewed speak to the still growing threat of data breaches and say this is a top priority for the government agency. Meanwhile, the House Financial Services Committee asks new Fed Chairman Jerome Powell what approach he will take to secure data, following more than 50 data breaches involving the Federal Reserve in the last seven years.

In a Senate confirmation hearing with Joseph Simmons, one of three people recently nominated to chair the Federal Trade Commission (FTC), the anti-trust lawyer spoke to the threat of data breaches that has continued to increase. “They’re becoming much more significant, much more frequent, and I think that’s a real serious concern for us and I think we need to pay much more attention to it,” he said.

Read More

Uber Sat on Data Breach Affecting 57 Million Users for Over 1 Year

Uber, one of the latest companies to suffer a data breach, is suffering backlash not just for the 57 million user accounts compromised following the breach, but the company’s failure to disclose the breach until more than one year after it occurred. The company is now facing scrutiny from Congress and potential legal repercussions.

The data breach occurred in October, 2016 when two hackers stole data from a third party server. The data included names, phone numbers and email addresses of 57 million riders and drivers, where driver’s license information was compromised for many Uber drivers as well.

Read More

Over 700 Million Compromised Email and Password Combinations Used to Send Spam

Lists of email addresses with password and other information used to send phishing emails and spam were hosted on an open server and available to copy or download.  More than one-fourth of the email and password combinations were identified from previous data breaches and this collection of 711 million email address account credentials shows the scale of data breaches and consumers who are ripe for account takeover.

Having access to active or legitimate consumer email accounts for sending spam is a major asset in the fraudster world and black market. Email providers and third-party email security vendors constantly update blacklists of bad servers known for sending spam. Using real email accounts circumvents many of these filters.

Read More