CyberSecurity Blog

  • Steven Mains

    Uber Facing $13.5M Lawsuit for Data Breach. Courts are increasingly considering damages for loss of personal data. 13,500 Uber drivers claim to be affected by Uber's 2016 breach, that they covered up for over a year.

    This case covers a small portion of the 57M customers and drivers whose data was stolen. Should Uber be found negligent in handling personal data, the awards will likely cripple the company. Equifax faces similar lawsuits filed after their 2017 loss of 145M financial records.

    Read More at TechCrunch

  • Steven Mains

    Last week Under Armour lost 150M personal records. This week Saks 5th Avenue announced the loss of 5M credit card records.

    Retailer Hudson’s Bay Co (owner of Saks and Lord & Taylor) reported the breach to the public after it was leaked on a security blog. These CC numbers have already shown up for sale on the Dark Web. HB Co did not disclose when the breach occurred or how long they were aware of the data loss.

    Hudson Bay customers should carefully monitor their credit card charges, be extra vigilant for phishing attacks, and place a 90-day fraud alert on their Experian/Equifax/Transunion accounts -- that prevents any accounts being opened without verification by the customer.

    Although it is unclear whether login/password information was compromised, changing the password would be a good precaution -- that includes any other accounts where that same password was used.

  • Steven Mains

    MyFitnessPal Leads to Digital Loss as Well as Weight Loss -- 150M users of UnderArmour's mobile app and website to track fitness and calories suffered loss of their personal data in their user accounts.

    All should change their logins and passwords, but loss of PII is becoming all too common. At some point, the courts have to exact meaningful judgements against companies who fail to safeguard data they are entrusted with.

    To UA's credit, they reported the breach almost immediately. The bad news is that the breach had occurred almost 45 days before they detected it. Time enough for the stolen personal data and credentials to make their way across the Dark Web.