Bleeping Computer: U-Haul discloses data breach exposing customer driver licenses

Bleeping Computer: U-Haul discloses data breach exposing customer driver licenses. “Moving and storage giant U-Haul International (U-Haul) disclosed a data breach after a customer contract search tool was hacked to access customers’ names and driver’s license information. Following an incident investigation started on July 12 after discovering the breach, the company found on August 1 that attackers accessed some customers’ rental contracts between November 5, 2021, and April 5, 2022.”

Krebs on Security: It Might Be Our Data, But It’s Not Our Breach

Krebs on Security: It Might Be Our Data, But It’s Not Our Breach. “A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm’s analysis of the data suggests it corresponds to current and former customers of AT&T. The telecommunications giant stopped short of saying the data wasn’t theirs, but it maintains the records do not appear to have come from its systems and may be tied to a previous data incident at another company.”

Krebs on Security: A Retrospective on the 2015 Ashley Madison Breach

Krebs on Security: A Retrospective on the 2015 Ashley Madison Breach. “The leak led to the public shaming and extortion of many Ashley Madison users, and to at least two suicides. To date, little is publicly known about the perpetrators or the true motivation for the attack. But a recent review of Ashley Madison mentions across Russian cybercrime forums and far-right websites in the months leading up to the hack revealed some previously unreported details that may deserve further scrutiny.”

Engadget: T-Mobile will pay $350 million to settle lawsuits over massive data breach

Engadget: T-Mobile will pay $350 million to settle lawsuits over massive data breach. “If you were a T-Mobile customer in August 2021, you may get a few dollars from the carrier in the near future. It has agreed to settle a consolidated class action lawsuit filed against the company over a data breach that exposed the personal information of 76.6 million ‘current, former and prospective customers.’”

The Register: Marriott Hotels admits to third data breach in 4 years

The Register: Marriott Hotels admits to third data breach in 4 years. “Crooks have reportedly made off with 20GB of data from Marriott Hotels, which apparently included credit card info and internal company documents. The unnamed crew behind the theft told DataBreaches it broke into a server at the Marriott hotel at Baltimore-Washington International Airport in Maryland late last month.”

CNET: Social Security Numbers Stolen in Flagstar Bank Data Breach

CNET: Social Security Numbers Stolen in Flagstar Bank Data Breach. “The personal information, including Social Security numbers, of more than 1.5 million Flagstar Bank customers was compromised in a data breach late last year, the company said. The Michigan-based bank, which operates 150 branches and is one of the country’s largest mortgage lenders, said in a disclosure to the state of Maine that its systems were hacked between Dec. 3 and 4 of last year but that the breach wasn’t discovered until earlier this month.”

A Chilling Russian Cyber Aim in Ukraine: Digital Dossiers (Associated Press)

Associated Press: A Chilling Russian Cyber Aim in Ukraine: Digital Dossiers. “Ukrainian agencies breached on the eve of the Feb. 24 invasion include the Ministry of Internal Affairs, which oversees the police, national guard and border patrol. A month earlier, a national database of automobile insurance policies was raided during a diversionary cyberattack that defaced Ukrainian websites. The hacks, paired with prewar data theft, likely armed Russia with extensive details on much of Ukraine’s population, cybersecurity and military intelligence analysts say. It’s information Russia can use to identify and locate Ukrainians most likely to resist an occupation, and potentially target them for internment or worse.”

Vox: Companies lose your data and then nothing happens

Vox: Companies lose your data and then nothing happens. “There’s a simple reason companies collect so much of our data — money — but why they get to collect so much, keep it, and monetize it is more complicated. There are some laws around data privacy and security, but they’re scattershot and generally handled state by state, and they could be better. Companies keep screwing up with our data, and there are no good answers on what to do about it.”

Bleeping Computer: Lapsus$ hackers leak 37GB of Microsoft’s alleged source code

Bleeping Computer: Lapsus$ hackers leak 37GB of Microsoft’s alleged source code. “The Lapsus$ hacking group claims to have leaked the source code for Bing, Cortana, and other projects stolen from Microsoft’s internal Azure DevOps server. Early Sunday morning, the Lapsus$ gang posted a screenshot to their Telegram channel indicating that they hacked Microsoft’s Azure DevOps server containing source code for Bing, Cortana, and various other internal projects.”