Hutton Hotel says it failed to spot that its point-of-sale systems were compromised by malware for over three years. Separately, Noble House is now warning that its breach investigation uncovered 10 malware-infected hotels or restaurants.
Dear customer: "The security and privacy of your systems are our priority." Cue a new breach notification, this time from Lightspeed POS, which sells a cloud-based point-of-sale product used by 38,000 organizations.
To the annals of super-bad historical mega breaches that no one knew about, add two new entries: Dropbox and Last.fm. Hackers reportedly stole tens of millions of usernames and passwords from each in 2012.
Kimpton Hotels & Restaurants is warning that all 62 of its hotels suffered a POS malware infection this year that resulted in the compromise of cardholder data. So far it's unclear if the attack relates to breaches of Oracle MICROS or other POS vendors.
The way the U.S. federal government funds information technology served as a major contributor to last year's breach of computers at the Office of Personnel Management that exposed 21.5 million records, says Federal Chief Information Officer Tony Scott.
Thai police say they have identified all of the suspects allegedly involved in recent "jackpotting" malware attacks against 21 ATMs, leading to the theft of 12 million baht ($350,000). The malware is a new strain called "Ripper," raising concerns for banks worldwide.
A report on an FBI warning to state election officials that their IT systems could be hacked leads the latest edition of the ISMG Security Report. Also, Australian officials mull bitcoin technology to secure elections.
Two hotel chains - Millennium and Noble House - are warning that they've suffered point-of-sale malware infections that compromised customers' payment card data. Both say they were alerted to related card fraud by the U.S. Secret Service. Could the breaches be tied to the Oracle MICROS breach?
If leading intelligence agencies can seemingly hack a wide variety of IT gear, what hope is there for enterprise security? Experts describe how organizations should respond to the recent dump of attack tools from the Equation Group, which is widely believed to be tied to the NSA.
Ashley Madison, the extramarital online hookup service breached by attackers in 2015, has agreed to bolster its information security and data retention practices after regulators in Australia and Canada ruled that the site violated local privacy laws.
Many organizations take months or years to discover they've been victimized by breaches because they lack experienced cybersecurity personnel, says employment researcher David Foote. The "maturing of the workforce" will take considerable time, he says in an interview.
In this video interview, Global Cyber Alliance CEO Phil Reitinger explains how the vastness and complexity of the internet creates cyber vulnerabilities, but one day those same characteristics, if used properly, could mitigate cyber threats.