Breach

2022 - 10 - 14

Post cover
Image courtesy of "Reuters"

Plaintiffs' 'incentive' awards slashed in U.S. data breach deal (Reuters)

A federal judge on Friday said she will slash thousands of dollars in proposed "incentive" awards for plaintiffs who settled data-breach claims against the ...

District Court for the District of Columbia, No. The case is In re: Office of Personnel Management Data Security Breach Litigation, U.S. Such "awards cannot categorically be rejected or approved," Circuit Judge Jacqueline Nguyen wrote for the 9th Circuit panel in the Apple case. (Reuters) - A federal judge on Friday said she will slash thousands of dollars in proposed "incentive" awards for plaintiffs who settled data-breach claims against the U.S. Jackson said the plaintiffs in the OPM data breach litigation had not been deposed or required to attend numerous court hearings. A federal appeals court in 2020 said a winning plaintiff suing on behalf of a class can recover legal fees and expenses but nothing more.

Post cover
Image courtesy of "CNN"

CNN Exclusive: Trump operative seen on video in Georgia voting ... (CNN)

A pro-Trump operative who was caught on tape participating in a Georgia voting system breach after the 2020 election has testified before the special grand ...

I know him,” David Shafer, the Georgia Republican Party chairman wrote on November 20, 2020, to Robert Sinners, the head of Trump’s Georgia election day operations. [ was effectively sidelined](http://www.cnn.com/2020/11/14/politics/rudy-giuliani-trump-lawsuits-2020-election/index.html) as leader of the Trump campaign’s litigation push just a few weeks after Election Day, according to Bob Woodward and Robert Costa’s book “Peril,” he remains a prominent member of the Republican Party, having served as the GOP national committeeman for Maryland. [has been informed he is a target](http://www.cnn.com/2022/07/28/politics/david-shafer-georgia-gop-chair-election-probe-trump/index.html) in the Fulton County DA’s criminal investigation. [criminal investigation](http://www.cnn.com/2022/10/06/politics/fani-willis-georgia-prosecutor-trump-indictments-december/index.html) recently expanded to include the breach of voting systems in the deeply-red Coffee County by operatives working for Powell. [spent hours inside](https://www.cnn.com/2022/09/20/politics/surveillance-footage-coffee-county-georgia-fake-trump-elector) a restricted area of the Coffee County elections office, where they set up computers near election equipment and appeared to access voting data. [who was captured on surveillance video the same day the breach happened](http://www.cnn.com/2022/09/20/politics/surveillance-footage-coffee-county-georgia-fake-trump-elector/index.html) and acknowledged he gained access to a voting machine, testified as a witness for over three hours last week in the state-level probe overseen by Fulton County District Attorney Fani Willis, the sources said.

Post cover
Image courtesy of "Federal News Network"

Federal judge finalizes $63M settlement for OPM data breach victims (Federal News Network)

Victims of one of the largest data breaches to ever hit the federal government are one step closer to a payout, more than seven years later.

Download the revamped Federal News Network app 23 to submit a claim to join the class-action lawsuit. District Judge Amy Berman Jackson, in a fairness hearing at the U.S. Jackson said it “makes sense” that the credit monitoring services should eventually lapse, and that the federal government has done its due diligence in providing these services as long as it has, given the prevalence of data breaches in and out of government since 2015. A federal judge on Friday finalized the Office of Personnel Management’s settlement agreement with current and former federal employees, as well as federal job applicants, impacted by a major data breach in 2015. The 2015 breach compromised the personally identifiable information (PII) of approximately 22 million current and former federal employees and job applicants. Eligible individuals must demonstrate they had their personal information compromised in the data breaches of OPM’s IT system in 2014 and 2015, or the breach of its contractor Peraton’s electronic information systems in 2013 and 2014. Attorney Daniel Girard told Federal News Network in an email that the settlement will pay anyone who suffered an out-of-pocket loss tied to the data breach up to $10,000. Additionally, plaintiffs have created targeted ads for current and former federal employees on social media, as well as print and radio ads to make them aware of the class-action lawsuit. Victims of one of the largest data breaches to ever hit the federal government are one step closer to a payout, more than seven years later. Everett Kelley, national president of the American Federation of Government Employees, a plaintiff in the lawsuit, called Friday’s court ruling a “significant victory for rank-and-file federal employees.” District Court for the District of Columbia, said the $63 million settlement for breach victims was “fair, reasonable and adequate.”

Post cover
Image courtesy of "Infosecurity Magazine"

Shein Holding Company Fined $1.9m For Not Disclosing Data Breach (Infosecurity Magazine)

The data breach saw Zoetop allegedly trying to keep the real impact of the leak quiet.

The data breach reportedly affected 39 million Shein and seven million Romwe accounts, more than 800,000 of which belonged to New Yorkers. "[They] must button up their cybersecurity measures to protect consumers from fraud and identity theft. "If customers find out that their data was stolen and the company tried to hide the fact, then they will be much less likely to use that company in the future due to trust," Wragg said. [duo of data breaches](https://www.infosecurity-magazine.com/news/singtel-dialog-suffers-data-breach/) in Australia that affected subsidiaries of the telecommunication giant Singtel. "Companies/partners will [also] be less likely to do business with a company that has purposely not disclosed a breach because they don't want to get caught in the 'black hole' of negative reception." Zoetop, the holding company behind retailer giant Romwe and Shein, has been fined $1.9m after it failed to properly inform customers of a data breach that reportedly affected millions of users.

Post cover
Image courtesy of "HealthITSecurity.com"

United Health Centers of the San Joaquin Valley Reaches Proposed ... (HealthITSecurity.com)

United Health Centers of the San Joaquin Valley reached a proposed settlement to resolve allegations relating to an August 2021 data breach.

Additionally, class members may submit a claim for up to $500 for non-economic losses traceable to the data security incident. - United Health Centers (UHC) of the San Joaquin Valley reached a proposed class-action settlement agreement to resolve allegations surrounding an August 2021 data breach. United Health Centers of the San Joaquin Valley reached a proposed settlement to resolve allegations relating to an August 2021 data breach.

Post cover
Image courtesy of "BBC News"

Shein owner Zoetop fined $1.9m over data breach response (BBC News)

New York Attorney General Letitia James accuses Zoetop of lying about the extent of the 2018 attack.

A spokesperson for Shein said: "We have fully co-operated with the New York attorney general and are pleased to have resolved this matter. "While New Yorkers were shopping for the latest trends on Shein and Romwe, their personal data was stolen and Zoetop tried to cover it up," Ms James said. The attorney general said the companies needed to "button up their cyber-security measures" to protect customers. But Ms James said the brands had weak cyber-security, making it "easy for hackers to shoplift consumers' personal data". The New York Attorney General's office said Zoetop had failed to safeguard customer data and to inform millions of account holders their personal information had been exposed. New York Attorney General Letitia James said Zoetop had lied about the extent of the breach and had notified "only a fraction" of affected customers.

Post cover
Image courtesy of "Dark Reading"

Fast Fashion Retailer Data Breach Draws $1.9M Fine (Dark Reading)

New York AG fines Shein and Romwe parent company for failure to protect customer data and downplaying the 2018 compromise of 46 million shopper records.

This agreement should send a clear warning to companies that they must strengthen their digital security measures and be transparent with consumers; anything less will not be tolerated.” "Shein and Romwe must button up their cybersecurity measures to protect consumers from fraud and identity theft. Of those victims, James' office estimates 800,000 are New York residents.

Post cover
Image courtesy of "Cyber Security Hub"

SHEIN fined US$1.9mn over data breach affecting 39 million ... (Cyber Security Hub)

The fast fashion brand failed to disclose a data breach in 2018 that saw hackers access customer's payment details.

[cyber security incident](https://www.cshub.com/attacks/news/iotw-capital-one-hacker-given-probation-following-cyber-attack) which took place in July 2018 saw a malicious third party gain unauthorized access to SHEIN’s payment systems. This included claims that only 6.4 million customers were affected in the breach and that there was “no evidence that [customer] credit card information was taken from [its] systems”, despite being previously informed that An investigation by the New York Attorney General’s (AG) office found that Zoetop did not force any of the 39 million people affected to reset their account passwords. The data accessed included “names, city/province information, email addresses and hashed account passwords”. The firm employed by Zoetop found that during the cyber-attack malicious actors had Separate to this issue, the issuing bank for the cards had issued a fraud alert after linking fraud for several customers to payments made to SHEIN.

Post cover
Image courtesy of "BankInfoSecurity.com"

Not So Fast: Retailer Shein Fined $1.9M for Breach Cover-Up (BankInfoSecurity.com)

Fast-fashion clothing giant Shein has been fined $1.9 million by the New York state attorney general for multiple failings tied to a massive 2018 data ...

In September 2020, having reevaluated the apparent severity of the 2018 attack, Zoetop forced password resets on all affected Shein accounts, although it didn't notify customers about what had happened, according to the New York attorney general. Zoetop also hired third-party cybersecurity investigators to probe the breach, and they determined that it was aimed at stealing payment card data, according to details of the investigation included in the assurance agreement. The breach of Romwe data didn't come to light until June 2020, when plaintext credentials for Romwe.com users were found for sale on a cybercrime forum. But that left the owners of 32.5 million accounts worldwide that had also been affected by the breach unaware. While the passwords had been hashed by Zoetop, the New York attorney general's office reports that at the time, the company was using the MD5 cryptographic hash function, but with only a two-digit salt. But the attorney general says that wasn't true. The attorney general says Zoetop didn't give the PCI-qualified forensic investigator sufficient access to conduct a thorough investigation. After a restructuring, both brands affected by the breach are now run by a company called Shein Distribution Corp. The processor required Zoetop to engage a digital forensic investigator approved by the Payment Card Industry Security Standards Council to investigate. He adds: "Protecting our customers' data and maintaining their trust is a top priority, especially with ongoing cyberthreats posed to businesses around the world. Per the agreement, the company will provide regular updates to state officials about its security program for the next five years, as well as offer prepaid identity theft services to all breach victims. "Failing to protect consumers' personal data and lying about it is not trendy."

Post cover
Image courtesy of "Daily Mail"

Shein parent company fined $1.9 MILLION by New York officials for ... (Daily Mail)

New York officials say Zoetop only told a fraction of the 39 million data breach victims that their accounts had been compromised. Hundreds of thousands of ...

Shein's parent company, Zoetop, will pay a $1.9 million to New York state for failing to notify all 39 million users of a data breach in 2018 - Shein's parent company, Zoetop, is set to pay a $1.9 million fine to New York state for failing to notify all 39 million users of a data breach in 2018 The parent company of the widely popular clothing brand Shein has been fined $1.9 million by New York state for failing to notify all 39 million users of a massive data breach in 2018 that compromised login credentials, allowing bad actors to steal credit card information. Chinese fast fashion titan Shein was hit by data massive data breach and FAILED to tell customers their credit card info may have been stolen: New York regulators fine parent company $1.9 MILLION

Post cover
Image courtesy of "JD Supra"

VisionWeb Holdings, LLC Reports Recent Data Breach with the ... (JD Supra)

According to VisionWeb, the breach resulted in the names, Social Security numbers, government-issued identification numbers, medical information and health ...

Department of Health and Human Services Office for Civil Rights and the Texas Attorney General. However, the company has not yet released a narrative description of what led to the incident. On October 3, 2022, VisionWeb Holdings, LLC filed an official notice of a data breach with the U.S.

Post cover
Image courtesy of "KAKE"

Trump operative seen on video in Georgia voting system breach ... (KAKE)

A pro-Trump operative who was caught on tape participating in a Georgia voting system breach after the 2020 election has testified before the special grand ...

OAIC statement on MyDeal data breach (OAIC)

Following a breach, individuals need to be alert to scams and any suspicious or unexpected activity on their personal accounts or devices. Check the Scamwatch website for information. Under the NDB scheme, organisations covered by the Privacy Act 1988 must ...

Under the Privacy Act, organisations have obligations to protect against unauthorised access, unauthorised disclosure or loss of personal information. Following a breach, individuals need to be alert to scams and any suspicious or unexpected activity on their personal accounts or devices. The initial focus is on ensuring that MyDeal customers are notified and have information and resources available to take steps to protect themselves from any further risk to their personal information.

Post cover
Image courtesy of "Reuters"

Woolworths says data of online unit's 2.2 mln users breached (Reuters)

Australia's Woolworths Group Ltd said on Friday its majority-owned online retailer MyDeal identified that a "compromised user credential" was used to access ...

If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you are a California consumer, you have the right, at any time, to direct a business that sells your personal information to third parties to not sell your personal information. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. For more information about your rights as a California consumer and to learn more about our use of interest-based advertising and additional opt-out choices, please see our Privacy Statement.

Post cover
Image courtesy of "7NEWS.com.au"

More than 2 million Woolworths Group's MyDeal customers affected ... (7NEWS.com.au)

More than 2 million customers have had their personal details compromised in a data breach identified by MyDeal, a subsidiary of the Woolworths Group.

“We have acted quickly to identify and mitigate unauthorised access and have increased the monitoring of networks. The group announced the breach in a notification to the ASX on Friday. “We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updated impacting them.” About 1.2 million people involved in the breach only had their email addresses exposed. More than 2 million customers have had their personal details compromised in a data breach identified by MyDeal, a subsidiary of the [Woolworths](https://7news.com.au/lifestyle/woolworths) Group.

Woolworths says 2.2 million MyDeal customers' details exposed in ... (The Guardian)

Millions of customers' details have been exposed in a major data breach at an online shopping site owned by the retail giant Woolworths.

The company said MyDeal’s systems operated on a different platform to the broader group and no Woolworths customer details had been exposed in the breach. MyDeal was in the process of contacting an estimated 2.2 million customers who were affected in the breach, the Woolworths Group said in a statement. The company says a compromised user credential was used to get access to customer information from the MyDeal website.

Post cover
Image courtesy of "iTWire"

iTWire - Woolworths subsidiary MyDeal suffers data breach, 2.2m ... (iTWire)

MyDeal, a subsidiary of supermarket giant Woolworths Group, has suffered a data breach, with compromised user credentials being used to gain access to...

MyDeal founder and chief executive Sean Senvirtne said: “We apologise for the considerable concern that this will cause our affected customers. [own site](https://dotnet.microsoft.com/en-us/apps/aspnet), "ASP.NET is a free, cross-platform, open source framework for building Web apps and services with .NET and C#." [announced](https://itwire.com/security/optus-hit-by-huge-data-breach,-up-to-9m-customers-claimed-affected.html) on 22 September that its systems had been breached, followed by [Telstra](https://itwire.com/security/telstra-gets-in-on-data-leak-action,-staff-data-posted-online.html), [G4S](https://itwire.com/security/data-of-5000-australian-employees-of-security-firm-g4s-leaked-after-ransomware-attack.html), [Costa Group](https://itwire.com/security/leading-fruit,-veg-grower-costa-group-leaks-data-after-phishing-attack.html), [Dialog](https://itwire.com/security/singtel-owned-it-services-provider-dialog-hit-by-windows-ransomware.html) and [Medibank Group](https://itwire.com/security/medibank-group-latest-to-feel-icy-hand-of-network-attackers.html). [directly](https://help.mydeal.com.au/hc/en-us/requests/new) or through the company's [help centre](https://help.mydeal.com.au/hc/en-us). [says](https://www.mydeal.com.au/aboutus): "MyDeal is a leading Australian online retail marketplace that provides customers with quality products from a curated selection of trusted retailers. Woolworths completed its acquisition of about 80% of MyDeal.com.au on 23 September. "We will continue to work with relevant authorities as we investigate the incident and we will keep our customers fully informed of any further updates impacting them.” Woolworths said the data was accessed within the CRM system and the MyDeal Web site and app were not affected. "MyDeal does not store payment, drivers licence or passport details and no customer account passwords or payment details have been compromised in this breach," the statement said. The statement said data that had been accessed included customer names, email addresses, phone numbers, delivery addresses, and, in some cases, the date of birth of customers. "There has been no compromise of any other Woolworths Group platforms or the Woolworths Group customer or Everyday Rewards records," the statement added. Is the facial recognition data of that— Sally Rugg (@sallyrugg)

Explore the last week