Hertz data breach caused by CL0P ransomware attack on vendor

The Hertz Corporation, on behalf of Hertz, Dollar, and Thrifty brands, is sending breach notifications to customers who may have had their name, contact information, driver's license, and—in rare cases—Social Security Number exposed in a data breach. The car rental giant’s data was stolen in a...

CVE-2024-13208

creationtimestamp| type| source ---|---|--- 2025-02-15 06:05:43+00:00| seen| https://infosec.exchange/users/cve/statuses/114006395679188174 2025-02-15 06:15:59+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li72wrpebe2o 2025-02-15 07:11:13+00:00| seen|...

E.O. Would Strengthen Federal Cyber Requirements

The U.S. federal government is mulling changes to up its cybersecurity software game in the wake of the sprawling SolarWinds cyberattacks that came to light in December, including requiring data-breach notifications. In a draft executive order from President Joe Biden, software companies would be...

Password Changing After a Breach

This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other...

Reference: TaoSecurity Research

I started publishing my thoughts and findings on digital security in 1999. I used to provide this information on my Web site, but since I don't keep that page up-to-date anymore, I decided to publish it here. 2015 and later: Please visit Academia.edu for Mr. Bejtlich's most recent research. 2014...

Exposed: Instagram, OKCupid, Mumsnet All Face Data Concerns

It has once again been busy on the data privacy/exposure front as the week kicks off, with Instagram, dating site OKCupid and the UK’s powerhouse discussion site, Mumsnet, all making recent news. A report on GDPR breach notifications rounds out the latest. First up, Instagram users are apparently...

Cybersecurity Vulnerabilities Identified in Banking Vendors

In hopes of bolstering security, banks in New York over the next several weeks want to enact new regulations for any third party vendors they do business with. A report released last week pointed out that one in three N.Y. banks don’t require their vendors to notify them in the event they...

BlueCross BlueShield to Pay $1.5m for HIPAA Violation

Blue Cross Blue Shield of Tennessee agreed to pony up $1.5 million to the U.S. Department of Health and Human Services HHS for a HIPAA violation in 2009, according to a ComputerWorld report. This payment is the settlement of a violation of the Health Insurance Portability and Accountability Act...

California Bill Ups the Ante on Breach Notifications

The new bill requires that the company include the type of personal information exposed in the breach; the date or estimated date of the breach; a general description of the incident itself; and toll-free numbers and addresses for credit reporting agencies if the breach included social security...