Apr 172019

Another day, another press release….

ASHEBORO, N.C., April 05, 2019 (GLOBE NEWSWIRE) — Klaussner Furniture Industries, Inc. (“Klaussner”) recently became aware that a data security incident that affected its operations could also have affected the personal information of certain current and former employees, as well as some of their dependents.  However, after a thorough investigation conducted by a forensics firm, Klaussner found no evidence that any personal information was accessed or taken. Klaussner is informing potentially affected individuals of the incident as a precaution and sharing steps that they can take to help protect themselves and their dependents.

Upon discovery of the incident in February 2019, Klaussner took immediate action that included initiating an internal investigation, retaining a top forensic firm and notifying law enforcement of the incident.  As part of its investigation, Klaussner recently learned that an unauthorized third party gained access to two computers on its network that contained certain personal information about a limited number of current or former employees, and some of their dependents.  At this time, Klaussner is not aware of any fraud or identity theft as a result of this event.

The information stored in the affected computers varies by individual, but may include first and last names, addresses, Social Security numbers, financial account information, dates of birth, health information, and health benefit election(s).  Based on the investigation, the data stored on the computers included information relating to a limited number of Klaussner employees in 1998, as well as employees from 2004- February 25, 2019 and some of their dependents (if they were listed on a Klaussner employees’ health benefit election form during the 2004-2019 period).

To help protect potentially affected individuals’ identities, Klaussner is offering one year of complimentary identity protection services from a leading identity monitoring services company.  Individuals who may have been impacted can obtain information to enroll in these services by contacting a dedicated call center established to answer questions about this incident.

Klaussner takes the privacy of personal information seriously and deeply regrets any concern this may cause.  Klaussner has taken steps to bolster its information and data security practices and procedures, including rebuilding affected systems, installing additional security measures, and exploring additional security changes in order to help prevent this type of incident from reoccurring in the future.

For more information about this incident, individuals may contact the call center at 855-571-5865 between the hours of 9 AM to 9 PM Eastern Time, Monday through Friday.

According to their report to HHS, 9,352 individuals were notified.

DataBreaches.net e-mailed an inquiry as to when the intrusion first occurred and how it occurred, but did not receive an immediate response.

Update:  This site did receive a response that the entity has no further information to share about the incident at this time.

Apr 172019

In December, 2018, Citrix forced a password reset for some of its clients due to what appeared to be a credential stuffing attack against ShareFile. But did some customers first find out about it March?  On April 16, external counsel for LD Evans, CPA provided notification that began;

On March 4, 2019, LD Evans learned from Citrix that individuals’ personal information may have been obtained by an unknown, unauthorized third party as the result of a security issue related to its use of Citrix ShareFile, a third-party filesharing service. LD Evans took immediate action to enhance security protocols and confirm that the issue could not lead to further unauthorized access.

LD Evans also conducted an internal investigation, which determined that an unknown, unauthorized third party could have gained access to individuals’ personal information stored within its Citrix ShareFile environment, including the names, addresses, dates of birth, Social Security numbers and bank account information of affected individuals.

Approximately 631 California residents were affected in this potential incident. The total number of LD Evans clients was not disclosed.

Update: this post was corrected post-publication because I had erroneously linked to a subsequent Citrix issue involving their internal network instead of the ShareFile incident. Thanks to the alert reader who questioned my connection between the events.

Apr 162019

Brian Krebs reports:

Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [NYSE:WIT] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident.

Read more on KrebsOnSecurity.com.  Note that post-publication, Brian added an update:

Update, April 16, 9:11 a.m. ET: Not sure why it did not share this statement with me, but Wipro just confirmed to the India Times that it discovered an intrusion and has hired an outside security firm to investigate.


Apr 162019

Sebastian McCarthy reports:

Morrisons has been granted permission to appeal to the Supreme Court after losing a major court case over a data leak.

In October the UK’s fourth-biggest supermarket lost an appeal against a High Court ruling that concluded the firm was legally liable for a former employee leaking personal information about 100,000 staff members, meaning it could face a mass payout to staff.

However, today the Bradford-based chain won approval to appeal the judgment at Britain’s highest court.

Read more on City A.M.

Apr 152019

U Sudhakar Reddy reports:

The IT Grids case may not be the first FIR filed on basis of a complaint by the Unique Identification Authority of India (UIDAI) but the magnitude of the case is huge according to data security researchers.

The case pertaining to the Sevamitra app designed by the company for the Telugu Desam Party (TDP) alleges that the app contained the Aadhaar data of 7.8 crore citizens.

Read more on Times of India.