Page 2 - Data Breach

EPFO data breach in 2018 linked to Chinese cyber agency, probe reveals

When news of the purported breach initially surfaced in 2018, the EPFO denied that its systems were compromised

Govt pension portal for defence personnel SPARSH suffers data breach

The digitised pension processing system, SPARSH, offers online pension-related facilities to over 3 million pensioners from 50 organisations

Threat actor breaches BSNL server database, puts up dataset on dark web

State-owned telecom operator BSNL suffered a data breach as a threat actor released a dataset containing 32,000 lines of data, including sensitive details of landline users, on a dark web forum

Probing data breach claim, no current security issue detected: Tata's IHCL

Tata group hospitality firm Indian Hotels Company Ltd on Thursday said it is investigating claims of a data breach, but asserted there is no suggestion of any current or ongoing security issue. According to a media report, there has been a personal data breach of 15 lakh users from the Taj Hotel database, which is available on the dark web for purchase at USD 5,000. "We have been made aware of someone claiming possession of a limited customer data set which is of non-sensitive nature," Indian Hotels Company Ltd (IHCL) spokesperson said in a statement. Asserting that safety and security of customers' data is of paramount importance to the company, the spokesperson said, "We are investigating this claim and have notified the relevant authorities." The spokesperson further said, "We continue to monitor our systems and there is no suggestion of any current or ongoing security issue or impact on business operations." IHCL runs a number of hospitality properties under the Taj, SeleQtion

Breach alert: Key steps to verify if your data has been compromised

Lock up Aadhaar biometric; in future keep a close tab on SMS inbox, financial statements, credit report

In a first, Morgan Stanley fined for UK Energy trading WhatsApp breach

The fine is the first issued by Ofgem under legal requirements to archive communications linked to wholesale energy trading, the regulator said

Indian organisations' cost of data breach at record high: Report

Cost of detecting and fixing cyberattacks has increased 45% sine 2020, it says

Data protection bill could cap penalty for data breach at Rs 250 crore

The earlier draft has stipulated that in the case of non-compliance, a penalty of up to Rs 500 crore could be imposed

HCA Healthcare says data breach may affect 11 mn patients in 20 states

Medical giant HCA Healthcare, which operates 180 hospitals in the U.S. and Britain, says the personal data of about 11 million patients in 20 states may have been stolen in a data breach. Samples of the data, including addresses, phone numbers, emails and birth dates, were posted to an online forum popular with cybercrooks by a hacker trying to sell them. The Nashville, Tennessee-based provider said the stolen data was not believed to include Social Security numbers, payment information or clinical info such as diagnoses. However, the data did include information on scheduled appointments and medical departments involved. A file dumped online by the hacker on Monday following what appeared to be a failed attempt to extort HCA includes nearly 1 million records from the company's San Antonio division. If 11 million patients are affected, the breach would rank in the top five as reported by health care institutions to the Department of Health and Human Services Office of Civil Rights.

India needs better defences to be a digital superpower after data breach

I suspect the government is right and CoWIN is not currently being accessed by hackers. Even so, it seems likely that outsiders have penetrated some aspect of India's digital public infrastructure

Threat actors don't have access to entire CoWIN portal, database: Report

After the Union health ministry dismissed reports of a data breach on the CoWIN platform, cyber security firm CloudSEK has said that threat actors do not have access to the entire portal nor the backend database. "Based on matching fields from Telegram data and previously reported incidents affecting health workers of a region, we assume the information was scraped through these compromised credentials," CloudSEK said in a report on Monday after an independent analysis. On March 13, a threat actor on a Russian cybercrime forum advertised for compromised access on the CoWIN portal of Tamil Nadu region, it said. After an analysis, CloudSEK said, it was discovered the breach was that of a health worker and not really of the infrastructure. The content displayed on the screenshot matches with the Telegram bot mentioned in the media as follows -- name of the individual, mobile number, identity proof, identification number and number of doses completed. "Furthermore, there are numerous .

Govt unable to protect citizen's detail: Cong slams Centre over data breach

The Congress on Tuesday intensified its attack on the Centre over the alleged data breach on CoWIN platform and accused it of not being able to protect the personal details of crores of people. Asserting that the CoWIN portal was completely safe with adequate safeguards for data privacy, the government has dismissed as "mischievous" the claims of data breach on the platform and said the matter has been reviewed by the country's nodal cyber security agency CERT-In. Congress president Mallikarjun Kharge said neither does the Narendra Modi government care about the right to privacy of citizens nor about national security. "Overall, the situation is clear. The Modi government neither cares about the fundamental right to privacy of 140 crore people nor about national security. Data privacy law has not been made and no national security policy has been implemented on cyber attacks," he said in a tweet in Hindi. "No matter how much an irresponsible Modi government covers up the CoWIN data

Data breach reports from CoWIN without any basis, clarifies Health Ministry

The Union Health Ministry on Monday said reports claiming breach of data of beneficiaries registered on the CoWIN platform were "without any basis", and that it has requested the country's nodal cyber security agency CERT-In to look into the issue and submit a report. While asserting that the CoWIN portal is completely safe with adequate safeguards for data privacy, it said an internal exercise has been initiated to review the existing security measures of CoWIN. There are reports alleging breach of data from the Co-WIN portal of the Union health Ministry, which is repository of all data of beneficiaries who have been vaccinated against COVID19, the health ministry said in a statement. "It is clarified that all such reports are without any basis and mischievous in nature. Co-WIN portal of Health Ministry is completely safe with adequate safeguards for data privacy," it said. The ministry, however, said it has requested the Indian Computer Emergency Response Team (CERT-In) to look

Microsoft to pay $20 mn to settle US charges of 'illegal' children's data

Microsoft will pay a fine of $20 million to settle Federal Trade Commission charges that it illegally collected and retained the data of children who signed up to use its Xbox video game console. The agency charged that Microsoft gathered the data without notifying parents or obtaining their consent, and that it also illegally held onto the data. Those actions violated the Children's Online Privacy Protection Act, the FTC stated. In a blog post, Microsoft corporate vice president for Xbox Dave McCarthy outlined additional steps the company is now taking to improve its age verification systems and to ensure that parents are involved in the creation of child accounts for the service. These mostly concern efforts to improve age verification technology and to educate children and parents about privacy issues. McCarthy also said the company had identified and fixed a technical glitch that failed to delete child accounts in cases where the account creation process never finished. Microsof

British Airways, Boots staff's payroll data compromised by cyberattack

British Airways, owned by IAG, said it had notified affected employees and was providing them with support

Hackers target US dental insurance firm, steals data of 9 mn patients

The personal information of nearly nine million people in the US has been compromised in an apparent ransomware attack on one of the country's largest dental health insurers

Amazon Ring to pay $5.8 mn over unlawfully accessing consumer videos

California-based Ring, which was purchased by Amazon in February 2018, sells internet-connected, video-enabled home security cameras, doorbells, and related accessories and services

Beijing had access to app data: Fired ByteDance executive in law suit

A former executive fired from TikTok's parent company ByteDance made a raft of accusations against the tech giant Friday, including that it stole content from competitors like Instagram and Snapchat, and served as a "propaganda tool" for the Chinese government by suppressing or promoting content favourable to the country's interests. The allegations were made in a complaint Friday by Yintao Yu, the head of engineering for ByteDance's US operations from August 2017 to November 2018, as part of a wrongful termination lawsuit filed earlier this month in San Francisco Superior Court. Yu claims he was fired for disclosing "wrongful conduct" he saw at the company. In the complaint, Yu alleges the Chinese government monitored ByteDance's work from within its Beijing headquarters and provided guidance on advancing "core communist values." Yu said government officials had the ability to turn off the Chinese version of ByteDance's apps, and maintained access to all company data, including ...

Ex-Uber security chief Sullivan sentenced for data-breach cover-up

The former chief security officer for Uber was sentenced to probation Thursday for trying to cover up a 2016 data breach in which hackers accessed tens of millions of customer records from the ride-hailing service. Joseph Sullivan was sentenced to a three-year term of probation and ordered to pay a fine of $50,000, the U.S. attorney's office announced. Sullivan, 54, of Palo Alto was convicted by a federal jury in San Francisco last October of obstructing justice and concealing knowledge that a federal felony had been committed. It was believed to be the first criminal prosecution of a company executive over a data breach. Sullivan was hired as Uber's chief security officer in 2015. In November 2016, Sullivan was emailed by hackers, and employees quickly confirmed that they had stolen records on about 57 million users and also 600,000 driver's license numbers, prosecutors said. After learning of the breach, Sullivan began a scheme to hide it from the public and the Federal Trade ..

Angel One reports data breach, says no impact on client securities, funds

Stock broking firm, which manages 13 million clients, said certain client profile data like name, email, mobile number and client holding data may have been accessed in an unauthorised manner