Tag Archives: Data Breach

There are strange events swirling around LastPass. LastPass is a popular password safe and identity protection service.

Recently Twitter exploded with reports from around the world of people who received a notification from LastPass regarding a string of suspicious login attempts. Most of them came from countries other than the ones the impacted users lived in.

Naturally this led to speculation that LastPass had been hacked and some portion of the passwords stored by their massive user base were stolen. This created something of a panic because LastPass and similar sites are considered one of the last safe refuges where passwords are concerned.

The company responded that there was no evidence that LastPass servers had been breached but questions persisted.  If that was the case, then why did the company send out notifications to users regarding suspicious login attempts? The company’s investigation into the matter continued.

Recently LastPass issued another update which reads as follows:

“As previously stated, LastPass is aware of and has been investigating recent reports of users receiving e-mails alerting them to blocked login attempts.

We quickly worked to investigate this activity and at this time we have no indication that any LastPass accounts were compromised by an unauthorized third-party as a result of this credential stuffing, nor have we found any indication that user’s LastPass credentials were harvested by malware, rogue browser extensions or phishing campaigns.

However out of an abundance of caution, we continued to investigate in an effort to determine what was causing the automated security alert e-mails to be triggered from our systems.

Our investigation has since found that some of these security alerts, which were sent to a limited subset of LastPass users, were likely triggered in error. As a result, we have adjusted our security alert systems and this issue has since been resolved.

These alerts were triggered due to LastPass’s ongoing efforts to defend its customers from bad actors and credential stuffing attempts. It is also important to reiterate that LastPass’ zero-knowledge security model means that at no time does LastPass store, have knowledge of, or have access to a users’ Master Password(s).

We will continue to regularly monitor for unusual or malicious activity and will, as necessary, continue to take steps designed to ensure that LastPass, its users and their data remain protected and secure.”

It seems that it was a false alarm.  Even though it was a false alarm, if you are LastPass user you should enable two-factor authentication as soon as possible to minimize your risk.

Cox Communications is a major provider of cable, internet, and phone service in the United States.  The company is the latest in a seemingly unending parade of companies to fall victim to a hacking attack. In this case, the hacker gained access to company servers by impersonating a member of Cox Communication’s Customer Support team.  At this point details are sketchy as the investigation into the matter is ongoing.

The company’s breach notification statement reads:

“On October 11, 2021, Cox learned that an unknown person(s) had impersonated a Cox agent and gained access to a small number of customer accounts. We immediately launched an internal investigation, took steps to secure the affected customer accounts, and notified law enforcement of the incident.

After further investigation, we discover that the unknown person(s) may have viewed certain types of information that are maintained in your Cox customer account, including your name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that you receive from Cox.”

At this point the exact number of records the hacker gained access to is not known. However given the above if you are a Cox customer you should change your password and security question(s) at a minimum.

Although payment card information associated with impacted accounts was not specifically mentioned it pays to closely monitor whatever payment cards you have tied to your Cox account just to be safe.

It is also worth mentioning that the company is in the process of contacting impacted customers and has offered one free year of Experian Identity Works. The program can help monitor credit reports and detect signs of fraudulent activity.

We wish we could say that this will be the last major breach of the year but sadly it almost certainly won’t be.  Stay vigilant.  It’s dangerous out there.

The Japanese electronics juggernaut Panasonic is the latest company to fall victim to relentless hackers.

In a recent press release the company indicated their servers had been successfully attacked on November 11^th, 2021.

The statement reads in part as follows:

“As the result of an internal investigation, it was determined that some data on a file server had been accessed during the intrusion…

In addition to conducting its own investigation, Panasonic is currently working with a specialist third-party organization to investigate the leak and determine if the breach involved customers’ personal information and/or sensitive information related to social infrastructure.”

The company added  that it understands how important their customer data is and they apologized for any inconvenience to their customers.

With the investigation only just getting underway few additional details are available.  We don’t yet know exactly how many customers were impacted or what data may have been compromised. We expect that as that information becomes clear the company will be getting in contact with impacted users.

If you are a Panasonic customer and you’ve purchased anything via the company’s website be aware that the hack did occur and that it’s possible some or all of the information in your profile may have been compromised.

At a minimum it would be prudent to change your password right away and monitor whatever debit or credit cards you had saved and associated with that account. That is in case the card details were compromised.

This has been a tough year for Japanese companies which seem to have entered the crosshairs relatively more frequently than companies based in other parts of the world for reasons not yet fully understood.  Here’s hoping we get through the rest of 2021 without too many more of these high-profile hacks and that 2022 will be a better year all around.

Have you had your DNA tested by DDC (DNA Diagnostic Center)? If so be advised that the company was recently hacked and that the attackers were able to make off with data impacting 2,102,436 people.  According to the company’s disclosure statement the breach occurred between May 24th and July 28th 2021 and the company’s internal investigation into the matter was concluded on October 29^th.

The hackers were able to exfiltrate the following data belonging to impacted customers:

• Full Name
• Account Password
• Debit Card Number + CVV number
• Credit Card Number + CVV number
• And Financial Account Number

As bad as that sounds there is still a silver lining. The database that was compromised contained older backups spanning dates from 2004 through 2012 and none of the company’s systems are making active use of that data. So the odds are very good that the account information is out of date.

In all probability the credit and debit card information are out of date too. So to be safe if you have used the service in the past it’s best to review your account and closely monitor whatever credit/debit cards you had attached to your account with the company.

DDC has issued the standard apology to their customers along with a note outlining how much they value the privacy of their customers. That is all well and good.  It is small consolation for anyone whose data was compromised and it doesn’t matter whether that data is current or not.

No doubt the company will follow the security recommendations that arise as a consequence of the investigation they’re conducting with a third-party cyber security company. One would hope that at some point we’d start seeing fewer apologies after the fact and better security before. That is especially for a company involved with DNA testing. Here’s hoping.