A Japanese energy giant has apologised after losing a physical storage drive containing the data on millions of its clients.
Workers for Kyushu Electric Power Co. apparently mislaid the drive, which had been left in an unlocked cabinet, the company explained in an official announcement.
The drive allegedly contained information on up to 10.9 million accounts, including customer names, electricity usage data, and telephone numbers – although the company said no bank account information or credit card data was stored.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Misconfigured security command exposes 250 million Microsoft customer records
January 23, 2020
Microsoft has revealed a misconfigured security command was the culprit behind a leak of one of Microsoft’s internal customer support databases that exposed some 250 million customer records. “Our investigation has determined that a change made to the database’s network security group on December 5, 2019 contained misconfigured security rules that enabled exposure of the data,” explained the Microsoft Security ...
- Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
January 20, 2020
A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) “smart” devices. The list, which was published on a popular hacking forum, includes each device’s IP address, along with a username and password for the Telnet service, a remote access protocol that can ...
- Macy’s Suffers Data Breach by Magecart Cybercriminals
November 19, 2019
The department store Macy’s is warning that web skimmer malware was discovered on Macys.com collecting customers’ payment card information. The attack has been linked to Magecart, a notorious umbrella group made up of various cybercriminal affiliates that is known for injecting payment card skimmers into ecommerce websites. According to a data breach notice sent to customers, “an ...
- Equifax failed to take even the most basic precautions, alleges lawsuit
October 21, 2019
A lawsuit on the 2017 data breach allege that Equifax staffers used the default – ‘admin’ – as the username and password to secure customer information portal How would you secure a portal containing valuable, personal finance information of 148 million accounts of customers spread across the US, Canada and the UK? Equifax employees chose default and ...
- Imperva: Data Breach Caused by Cloud Misconfiguration
October 11, 2019
Imperva, the security vendor, said this week that a misconfiguration of an Amazon Web Services (AWS) cloud instance allowed hackers to exfiltrate information on customers using its Cloud Web Application Firewall (WAF) product. Formerly known as Incapsula, the Cloud WAF analyzes requests coming into applications, and flags or blocks suspicious and malicious activity. The company announced the breach in ...
- IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador’s History
September 18, 2019
Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country’s history. Personal records of more than 20 million adults and children, both dead and ...