Jan 162019

Sergiu Gatlan reports:

Potential attackers could view and change private information in flight bookings made by millions of customers of major international airlines because of a security issue in the Amadeus online booking system found by Safety Detective’s Noam Rotem.

Currently, the Amadeus ticket booking system is being used by 141 international airlines which gives it control over 44% of the global online reservation market, with United Airlines, Lufthansa, and Air Canada being some of its clients.

Read more on BleepingComputer.

See also The Register‘s coverage from yesterday.

Jan 152019

Ian Hughes reports:

A hacker has been ordered to pay £20,000 compensation to a Warwickshire company he used to work for.

Samir Desai, of Grange Drive, Sutton Coldfield, caused ‘significant disruption and financial loss’ to the firm which was not named.

The 41 year-old was arrested as part of an investigation by the Regional Cyber Crime Unit (RCCU) for the West Midlands area.

Read more on Leamington Observer.

Jan 152019

Viraj Shah reports:

Cryptopia, a cryptocurrency exchange based in New Zealand recently announced that it had been hacked and suffered significant losses.

The exact details of the hack and how much the exchange has lost remain vague at this point with just a few tweets from the exchange providing a small amount of information.

Read more on blokt. Not surprisingly, there is much speculation, including conspiracy theories.

Here is a copy of their fully tweet from earlier today:

Jan 132019

Tatsuya Sudo reports:

A Chinese group that has been accused by the U.S. government in a series of cybertheft cases around the world is now suspected in the 2016 hacking of the computer system used by Keidanren (Japan Business Federation).

Keidanren officials announced in November 2016 that 23 computers used in the federation’s system had been infected with a virus. However, no details were released about what hacking group might have been behind the cyberattack.

Read more about the suspected connection on Asahi.com. As you get deeper into the story, it really is impressive how slowly and patiently the attack was developed over years.

Jan 132019

Craig A. Newman of Patterson Belknap writes:

Yesterday, a Superior Court judge in Santa Clara, California approved what is believed to be the first monetary award to a company in a data breach-related derivative lawsuit. Until now, such breach-related derivative cases have settled through a combination of governance changes and modest awards of attorney’s fees.

But the former officers and directors of Yahoo! Inc. agreed to pay $29 million to settle charges that they breached their fiduciary duties in the handling of customer data during a series of cyberattacks from 2013 until 2016. Three billion Yahoo user accounts were compromised in the attacks, making it one of the largest reported hacks in U.S. history. The settlement puts an end to three derivative lawsuits filed in Delaware and California against the company’s former leadership team and board including ex-CEO Marissa Mayer.

Read more on Data Security Law Blog.