T-Mobile suffered the second data breach in 2023
T-Mobile suffered the second data breach of 2023, threat actors had access to the personal information of hundreds of customers starting in late February 2023. The security breach impacted a limited number of customers, only 836 individuals. The carrier states that personal financial account information and call records were not affected by the security breach….
San Fran’s BART Investigates Vice Society Data Breach Claims
The San Francisco Bay Area Rapid Transit System (BART) was listed this week by ransomware group Vice Society as being among its latest victims. Brett Callow, threat analyst with Emsisoft, flagged the Vice Society BART brag on Jan. 6. However, BART’s spokesperson Alicia Trost told Dark Reading there haven’t been any service disruptions as a…
Personal Information of 123K Individuals Exposed in City of Tucson Data Breach
The incident was identified at the end of May 2022, but the city concluded its investigation only last month. In a data breach notice on its website, the city says that the incident was the result of compromised network account credentials that allowed the attackers to access files containing the personal information of some individuals….
A Fintech Horror Story: How One Company Prioritizes Cybersecurity
Editor’s Note: Dark Reading was able to verify that the issue Cerrudo found was present as of June 24, when we created an account on Veem and confirmed that the personal information and partial bank account information was visible to anyone else. We also confirmed that even after deleting the account, most of the information…
Java deserialization vulnerabilities explained and how to defend against them
The Java programming language offers a seamless and elegant way to store and retrieve data. However, without proper input validation and safeguards in place, your application can be vulnerable to unsafe deserialization vulnerabilities. In a best-case scenario, deserialization vulnerabilities may simply cause data corruption or application crashes, leading to a denial of service (DoS) condition….
University Medical Center Says Hackers Breached Data Server
The Las Vegas Review-Journal reported that University Medical Center issued a statement confirming that cybercriminals in mid-June accessed a hospital server used to store data and that law enforcement was investigating. The nonprofit public hospital said there is no evidence that any clinical systems were breached. UMC said it was notifying patients and employees that…
Cruise Giant Carnival Says Customers Affected by Breach
In a letter to customers, the company indicated that outsiders might have gained access to Social Security numbers, passport numbers, dates of birth, addresses and health information of people. The company declined to say how many people’s information was exposed. The breach comes after Carnival was hit twice last year by ransomware attacks. Carnival spokesman…
University of California Victim of Nationwide Hack Attack
A cybersecurity attack targeted a vulnerability in Accellion, a third-party vendor that is used to securely transfer files, the university said in a statement Wednesday. “We understand those behind this attack have published online screenshots of personal information, and we will notify members of the UC community if we believe their data was leaked in…
New Social Security Scam Spoofs Government Badges
Social Security Administration officials warn there is a new scam making the rounds that involves fake government identification badges. Gail S. Ennis, inspector general for the Social Security Administration (SSA), issued a fraud alert this week that describes the new tactic. Imposters use images of the fake badges in phone scams to deceive people into…
Over 1 Million Impacted by Data Breach at Washington State Auditor
At the heart of the incident, SAO says, was Accellion software used for file transfers. Hackers exploited a security flaw in the file sharing service and gained access to restricted files. Called FTA (File Transfer Application), Accellion’s service in mid-December received a patch for a critical vulnerability impacting less than 50 customers. The fix was…
