A Round-up of Data Breaches in November 2019

Massive data breach exposes personal information of 1.2 billion people

In what could be one of the biggest data breaches till date, personal information of about 1.2 billion users were exposed on an unsecured server. The discovery was made by dark web researcher Vinny Troia who found the data included phone numbers, email addresses and profiles of hundreds of millions of people that include home and cell phone numbers, associated social media profiles like Facebook, Twitter, LinkedIn, and Github. What’s more shocking is the fact that such a sheer volume of information was available on a publicly accessible server, and no proper security measure was adopted to protect the data online.


T-Mobile data breach affects more than 1 million customers

1 million T-Mobile prepaid account users were affected in a breach that left names, billing addresses, phone numbers, account numbers, rate plans and other details exposed. The breach was a result of unauthorized access to the T-Mobile systems and effective measures were taken by T-Mobile’s cybersecurity team to shut down any malicious access. While the attackers didn’t get their hands on very sensitive customer data such as social security numbers and passwords, this incident further highlights the increasing threat of SIM hijacking by cybercriminals getting access to customer’s personal information.


CapitalOne CISO being replaced, following the breach in July

Following the Capital One data breach reported in July, the organization has taken a decision to replace the bank’s CISO Michael Johnson and move him into an outside advisory role. The highly publicized breach impacted 106 million customers, exposed 140,000 social security numbers and 80,000 linked bank account numbers to credit card customers.


Website hack at Macy’s leads to leaking of customer payment information

American departmental store giant Macy’s has reported a breach in its e-commerce site that exposed the personal records of its customers, including payment details. The breach, known as Magecart attack, was executed through malicious JavaScript code inserted on two pages on the departmental store’s website between October 7 and October 15 – Checkout and My Wallet pages. Any personal information submitted by the customers in the checkout and the wallet page got captured by cybercriminals. The customer information that got breached includes name, address, phone number, email address, payment card number, security code and card month/year of expiration. The count of impacted customers is yet to be revealed by Macy’s, but steps have been taken to notify the victims.

The post A Round-up of Data Breaches in November 2019 appeared first on CipherCloud.

*** This is a Security Bloggers Network syndicated blog from CipherCloud authored by CipherCloud. Read the original post at: https://www.ciphercloud.com/a-round-up-of-data-breaches-in-november-2019/