Data Breaches – December 2016

Below are the breaches for December 2016 that were made public. If you have accounts with any of there services/companies make sure you change your passwords and ensure you are monitoring your credit for anomalies.

ORGANIZATION: Yahoo
DATE OF BREACH: August 2013
DATE MADE PUBLIC: December 14, 2016
RECORDS AFFECTED: 1 Billion
DATA COMPROMISED:

Back in September of this year, Yahoo disclosed that 500 million of their user accounts had been breached. Now, a separate incident dating back to August 2013 has been uncovered which has doubled the records affected to 1 Billion.
The two attacks are the largest known security breaches to date. Compromised information includes names, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions that could be used to reset a password.

Yahoo is notifying users who may have been affected by the breach and making them change their passwords. They also invalidated unencrypted security questions and answers so that they cannot be used to access an account. For more information, visit Yahoo’s official FAQ page relating to this breach.

—————————————————————————

ORGANIZATION: Dailymotion
DATE OF BREACH: October 20, 2016
DATE MADE PUBLIC: December 5, 2016
RECORDS AFFECTED: 85.2 Million Emails
DATA COMPROMISED:

Popular video sharing platform Dailymotion has allegedly been hacked and tens of millions of user’s information have been stolen. The stolen data consists of 85.2 Million unique email addresses and usernames and as many as 18 Million hashed passwords were also taken.
Dailymotion is strongly advising all partners and users to reset their passwords.

—————————————————————————

ORGANIZATION: Lynda
DATE OF BREACH: Unknown
DATE MADE PUBLIC: December 17, 2016
RECORDS AFFECTED: 9.5 Million
DATA COMPROMISED:

Lynda.com‘s user database was accessed by unauthorized parties, compromising 55,000 passwords. The online training company notified all 9.5 million of its users that their contact information and courses viewed may also have been accessed. The company reset all logins as a precaution.

—————————————————————————

ORGANIZATION: KFC Colonel Club
DATE OF BREACH: Unknown
DATE MADE PUBLIC: December 12, 2016
RECORDS AFFECTED: 1.2 Million
DATA COMPROMISED:

The KFC Colonel’s Club loyalty program is exclusive to the U.K. and Ireland and consists of a mobile app and rewards card. A hack on their website may have released names, addresses, e-mail addresses of their members. KFC advised all Colonel’s Club members to change their passwords
as a precaution.

—————————————————————————

ORGANIZATION: Los Angeles County
DATE OF BREACH: May 2016
DATE MADE PUBLIC: December 19, 2016
RECORDS AFFECTED: 756,000
DATA COMPROMISED:

A Nigerian national hacked the Los Angeles County email system which resulted in the compromise of 756,000 accounts. More than 100 county employees fell victim to a phishing email which then gave the hacker usernames and passwords. Compromised information includes names, dates of birth, Social Security numbers, driver’s license or state identification numbers, payment card information, bank account information, home addresses, phone numbers,
and/or medical information.

—————————————————————————

ORGANIZATION: Shiseido Co.
DATE OF BREACH: December 14, 2011 – November 4, 2016
DATE MADE PUBLIC: December 2, 2016
RECORDS AFFECTED: 420,000
DATA COMPROMISED:

Japanese cosmetics maker Shiseido Co. has suffered illegal access to their online store and personal information on about 420,000 customers may have leaked as a result. The stolen records include customers’ names and addresses. The company also confirmed that credit card information on up to
56,000 of the customers may also have leaked.

—————————————————————————

ORGANIZATION: PayAsUGym
DATE OF BREACH: December 15,2016
DATE MADE PUBLIC: December 16, 2016
RECORDS AFFECTED: 305,000
DATA COMPROMISED:

PayAsUGym, which sells passes to gyms around the country, has confirmed that one of its servers has been a victim of a cyber-attack. Email addresses and passwords of its 305,000 users had been stolen. Those customers have now all been emailed and advised to change their password. The company has also migrated to a new server after it sought advice from cyber-security experts.

—————————————————————————

ORGANIZATION: Ameriprise
DATE OF BREACH: Unknown
DATE MADE PUBLIC: December 20, 2016
RECORDS AFFECTED: 350 Clients
DATA COMPROMISED:

An advisor working for financial planning giant Ameriprise has inadvertently exposed hundreds of investment portfolios, worth tens of millions of dollars from his unsecured Internet-connected backup drive. On the drive was Social Security, bank account, and financial planning data on about 350
high-value clients. It also contained personal files belonging to the advisor, including a backup of his password manager’s data, which contained his hashed credentials for the company’s internal network.