The data breach that hit blockchain-based lending giant Figure affected nearly a million customers, according to a security researcher. Last week, Figure confirmed a data breach allowed hackers to steal “a limited number of files” from its systems.
The company did not provide specifics on what kind of data was stolen nor say how many customers were affected. On Wednesday, Troy Hunt, a security researcher and creator of the data breach notification site Have I Been Pwned, analyzed the data allegedly taken from Figure and found it contained 967,200 unique email addresses associated with Figure customers.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FBI Investigating Cyber Attack Affecting Connecticut Hospitals
August 4, 2023
“Prospect Medical Holdings Inc. recently experienced a data security incident that has disrupted our operations,” said Nina Kruse, ECHN’s vice president for communications and public affairs. “Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists,” she said. The FBI’s field office in New ...
- Capita boss quits as fine looms for huge hack of confidential data
July 31, 2023
The chief executive of outsourcing firm Capita is to step down as the company reels from a cyber-attack that could result in a hefty fine from the UK’s information and privacy regulator. Capita said Jon Lewis would step down by the end of the year, making way for Adolfo Hernandez, the vice-president of telecommunications at Amazon ...
- CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse
July 27, 2023
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) are releasing a joint Cybersecurity Advisory (CSA), Preventing Web Application Access Control Abuse, to warn vendors, designers, developers, and end-user organizations of web applications about insecure direct object reference (IDOR) vulnerabilities. These vulnerabilities are ...
- New SEC rule requires public companies to disclose cybersecurity breaches in 4 days
July 26, 2023
The Securities and Exchange Commission adopted rules Wednesday to require public companies to disclose within four days all cybersecurity breaches that could affect their bottom lines. Delays will be permitted if immediate disclosure poses serious national security or public safety risks. The new rules, passed by a 3-2 vote, also require publicly traded companies to annually ...
- Victims of Cyberattack on File-Transfer Tool Pile Up
July 19, 2023
The list of companies hit by a cyberattack on a widely used software tool continues to expand and several victims have filed lawsuits alleging mishandling of data. The continued disclosure of new victims affected by hackers exploiting a vulnerability in MoveIt, a common file-transfer tool from Progress Software, underscores how cyberattacks can ripple through supply chains. ...
- Many businesses don’t even know they’ve been hit by a security breach
July 19, 2023
Many businesses don’t know if they have suffered a data breach, and probably wouldn’t be able to spot such an event at all, due to the ever-expanding threat landscape, and notification fatigue among IT staff, new research has claimed. A report from cybersecurity experts Vectra AI surveying more than 2,000 IT security analysts found that nearly ...