Twilio and Mailchimp Breaches Tie to Massive Phishing Effort
Source: Data Breach Today
'Subject X' Suspected in Theft of Nearly 10,000 credentials at 130 Organizations. An ongoing phishing campaign that compromised more than 130 organizations is a reminder that even with multi-factor authentication and other defenses in place, attackers will try to trick employees into helping to circumvent them.
California Fines Sephora $1.2 Million for Privacy Violations
Source: Data Breach Today
Retailer Accused of Selling Customer Data While Failing to Honor Opt-Out Requests. As part of a settlement agreement, Sephora has also agreed to make a range of changes, including making it clear that it sells customers' data to others, as well as honoring customers' requests to opt-out of that.
The settlement resolves allegations by the state's Department of Justice that Sephora violated the California Consumer Privacy Act, or CCPA, which went into effect in July 2020.
Scripting Attacks on E-Commerce Sites Hit Ally Bank Accounts
Source: Data Breach Today
BIN Attack, Not Data Breach, Likely Culprit Behind Spike in Fraudulent Charges. A flurry of fraudulent online transactions made using Ally Bank debit card accounts is the result of script-based cyberattacks rather than a data breach, a source close to the fraud detection tells Information Security Media Group.
Hacker Steals Source Code, Proprietary Data from LastPass
Source: Data Breach Today
Security Experts Continue to Recommend Password Managers As Security Best Practice. A threat actor gained unauthorized access to the source code and proprietary technical information of password manager LastPass, the company told its customers on Thursday.