Data Breaches - W/E - 9/6/19
Breached Data from Hy-Vee Exposure Up for Sale in Hacker Underground (08/27/2019)
A data breach has affected payment cards used at fuel pumps, drive-thru coffee shops, and restaurants owned by supermarket chain Hy-Vee. The company's payment processing systems used at these locations were targeted by unauthorized activity from a third party, the company said in an August 14 statement regarding the incident. Hy-Vee's grocery stores, drugstores and the inside of its convenience stores have not been impacted as they use a different type of payment system. Two anonymous sources, including one with a US financial organization, told KrebsOnSecurity that the stolen payment data is being sold in an underground marketplace called Joker's Stash under the code name "Solar Energy." The Joker's Stash claims to have over 5.3 million payment card numbers from the Hy-Vee breach.
A data breach has affected payment cards used at fuel pumps, drive-thru coffee shops, and restaurants owned by supermarket chain Hy-Vee. The company's payment processing systems used at these locations were targeted by unauthorized activity from a third party, the company said in an August 14 statement regarding the incident. Hy-Vee's grocery stores, drugstores and the inside of its convenience stores have not been impacted as they use a different type of payment system. Two anonymous sources, including one with a US financial organization, told KrebsOnSecurity that the stolen payment data is being sold in an underground marketplace called Joker's Stash under the code name "Solar Energy." The Joker's Stash claims to have over 5.3 million payment card numbers from the Hy-Vee breach.
Certain Imperva Cloud WAF Customers Impacted by Data Incident (08/27/2019)
A security incident at Imperva has resulted in a data exposure impacting the vendor's Cloud Web Application Firewall (WAF) product, formerly known as Incapsula. According to a statement, the vendor learned of a data incident that impacted a subset of Cloud WAF customers who had accounts through September 15, 2017. Elements of the Incapsula customer database, including email addresses and hashed and salted passwords, were exposed.
A security incident at Imperva has resulted in a data exposure impacting the vendor's Cloud Web Application Firewall (WAF) product, formerly known as Incapsula. According to a statement, the vendor learned of a data incident that impacted a subset of Cloud WAF customers who had accounts through September 15, 2017. Elements of the Incapsula customer database, including email addresses and hashed and salted passwords, were exposed.
Free Credit Monitoring Available to Disaster Survivors Affected by FEMA Breach (09/04/2019)
FEMA will provide 18 months of free credit monitoring to disaster survivors following a breach incident that first came to light in March. The Inspector General of the Department of Homeland Security (DHS) reported that FEMA had unnecessarily overshared sensitive, personally identifiable information of some disaster survivors with its contractor that supports its Transitional Sheltering Assistance program. In response to this incident, FEMA acted quickly to ensure that overshared information was quarantined, protected, and permanently removed from the contractor's system.
FEMA will provide 18 months of free credit monitoring to disaster survivors following a breach incident that first came to light in March. The Inspector General of the Department of Homeland Security (DHS) reported that FEMA had unnecessarily overshared sensitive, personally identifiable information of some disaster survivors with its contractor that supports its Transitional Sheltering Assistance program. In response to this incident, FEMA acted quickly to ensure that overshared information was quarantined, protected, and permanently removed from the contractor's system.