Malware
Razer Launches Urgent Investigation into Data Breach Allegations, Implements Immediate User Session Resets
Razer, the gaming hardware manufacturer, is actively investigating alleged data breach claims. As a precautionary measure, the company has reset user sessions to enhance security. Razer ensures that no sensitive information has been compromised, and they are working diligently to resolve the matter. Stay tuned for updates on this ongoing investigation to protect your gaming experience.
Razer Investigates Data Breach Claims and Resets User Sessions
Gaming gear company Razer has responded to recent rumors of a significant data breach with a brief statement on Twitter, informing users that they have initiated an investigation into the matter.
About Razer
Razer is a well-known American-Singaporean tech firm that specializes in gaming hardware. They offer high-quality peripherals, powerful laptops, and apparel to gaming enthusiasts.
In addition, Razer provides services that grant registered account holders access to extensive game collections, special in-game item offers, exclusive rewards, and more through their Razer Gold payment system.
Potential Data Breach
Reports of a potential data breach at Razer emerged on Saturday, when an individual posted on a hacker forum claiming to have stolen the source code, database, encryption keys, and backend access logins for Razer.com, the company’s main website.
The hacker offered to sell the stolen data for $100,000 worth of Monero (XMR) cryptocurrency and encouraged interested parties to contact them directly to finalize the transaction.
The individual did not impose any limitations or exclusivity, meaning that anyone willing to pay the requested amount would receive the entire data set.
Screenshots shared as proof of the breach displayed file lists and trees, email addresses, source code supposedly for anti-cheat and reward systems, API details, Razer Gold balances, and more.
Cybersecurity analysts at FalconFeedsio discovered the announcement on the hacker forum and made it public. Razer responded to the tweet, stating that they have initiated an investigation into the potential incident.
BleepingComputer reached out to Razer for confirmation regarding the authenticity of the data samples posted on the hacker forum. However, as of the time of publishing, we have not received a response.
Nevertheless, we have independently verified that the leaked accounts are indeed valid and belong to legitimate users of the website.
Furthermore, BleepingComputer has discovered that Razer has taken measures to address the breach by resetting all member accounts, thereby invalidating active sessions and prompting users to reset their passwords.
Prior Security Incident
In 2020, researcher Bob Diachenko discovered an unprotected Razer database containing sensitive information such as full names, email addresses, phone numbers, customer IDs, order details, and billing and shipping addresses of 100,000 customers.
This database was exposed between August 18, 2020, and September 9, 2020. However, it remains unclear whether anyone other than the researcher accessed or copied Razer’s data during that period.
What Measures are Being Taken to Protect the Pediatric Mental Health Patients’ Data After the Brightline Data Breach?
After the Brightline data breach, concerns arose regarding the safety of pediatric mental health patients’ data. To ensure their protection, stringent measures are being implemented. These include strengthening encryption protocols, conducting regular security audits, employing multi-factor authentication, and training staff on cybersecurity best practices. These efforts aim to safeguard sensitive information and prevent pediatric mental health patients at risk from falling victim to future data breaches.
Current Data Breach
Based on the leaked data samples this time, it appears that the information is more recent, dating back to at least December 2022. Therefore, it is highly likely that the two incidents are unrelated.
Malware
Avis Reveals Massive Data Breach: Customer Information Compromised in Car Rental Empire
Car rental company Avis recently disclosed a data breach affecting customer data. The breach exposed sensitive information such as names, addresses, and phone numbers. Protect your personal information by staying vigilant and monitoring your accounts for any suspicious activity.
Image removed
Did you hear the news? American car rental giant Avis recently informed customers that cybercriminals breached one of its business applications last month and stole some of their personal information.
According to data breach notification letters sent to impacted customers and filed with California’s Office of the Attorney General, Avis took action to stop the unauthorized access and launched an investigation with the help of external cybersecurity experts after learning of the breach on August 5th.
What did the investigation uncover?
The investigation revealed that the attacker had access to Avis’s business application from August 3rd to 6th. The company managed to evict the malicious actor from its systems and blocked its access on August 6th. On August 14th, it also discovered that the attacker stole some customers’ personal information, including their names and other undisclosed sensitive data.
Since the breach, Avis says it has worked with outside experts to strengthen security measures for the affected application and implemented additional safeguards across its systems.
What has Avis done to protect its customers?
Avis has been actively reviewing security monitoring and controls to bolster security defenses and warned customers of identity theft and fraud risks following the data breach. The company advised those whose personal information was stolen to remain vigilant against threats of identity theft or fraud. They suggested customers do this by regularly reviewing and monitoring their account statements and credit history for any signs of unauthorized transactions or activity and contacting credit reporting agencies if they suspect any unauthorized activity.
Moreover, Avis offered those affected a free one-year membership to Equifax’s credit monitoring service, which provides assistance with identity theft detection and resolution.
About Avis and its global presence
Avis is a subsidiary of Avis Budget Group, a leading global mobility solutions provider that also owns Zipcar, the world’s leading car-sharing network. Its Avis and Budget car rental brands operate over 10,000 rental locations in 180 countries across North America, Europe, and Australasia. Avis Budget Group has reported more than $3.0 billion in revenues for the second quarter of 2024.
We reached out to Avis for more information about the attack’s nature, the number of affected customers, and the other personal information stolen in the breach, but the company has not responded yet.
Stay informed and protected
Cybersecurity is more important than ever, and we at IT Services are dedicated to helping you stay informed and protected. We encourage you to keep coming back to learn more about the latest cybersecurity news and trends. Together, we can make the digital world a safer place for everyone. If you have any questions or concerns, don’t hesitate to contact us!
Malware
Massive Data Breach Exposed: Business Powerhouse CBIZ Reveals Customer Information Compromised
CBIZ, a leading provider of business services, has disclosed a data breach affecting customer information. The breach occurred when an unauthorized third party accessed an employee’s email account, potentially compromising clients’ names, addresses, and Social Security numbers. CBIZ is offering free credit monitoring services to affected clients and has implemented additional security measures.
Imagine waking up one day to find out that your personal information has been stolen by hackers. Your name, contact details, social security number, date of birth, and even your health information are now in the hands of cybercriminals. This nightmare scenario recently became a reality for thousands of people when a major U.S. company fell victim to a data breach.
CBIZ: A Cybersecurity Wake-up Call
CBIZ Benefits & Insurance Services (CBIZ), one of the largest professional services companies in the United States, recently disclosed a significant data breach involving unauthorized access to client information stored in specific databases. This management consulting company, which provides financial and benefits and insurance services to various organizations and individual customers, reported that a threat actor exploited a vulnerability in one of its web pages and stole customer data between June 2 and June 21.
Upon discovering the intrusion on June 24, CBIZ launched an investigation with the help of cybersecurity professionals. They found that an unauthorized party was able to exploit a vulnerability associated with one of its web pages and acquire information from certain databases during the three-week period. To put things in perspective, CBIZ operates 120 offices across the country, employs 6,700 people, and recorded a revenue of $1.59 billion in 2023.
What Was Stolen?
Hackers managed to steal information belonging to nearly 36,000 individuals. The compromised data includes:
- Name
- Contact details
- Social Security number
- Date of birth/death
- Retiree health information
- Welfare plan information
Protecting Yourself and Your Data
CBIZ began sending personalized notifications to impacted clients on August 28, informing them of the breach. While the company has no evidence that the stolen data has been misused, they are offering guidance on how to enroll in a two-year credit monitoring and identity theft protection service to reduce potential risk. Additionally, impacted clients are advised to consider placing a credit/security freeze and adding a fraud alert to their credit report.
This incident serves as a stark reminder of the importance of cybersecurity and the need to protect our personal information. Cyberattacks are becoming more frequent and sophisticated, and businesses of all sizes must take the necessary precautions to safeguard their customers’ data. As individuals, we must also stay informed and vigilant to protect ourselves from the consequences of data breaches.
Don’t Be a Victim: Stay Informed and Take Action
Here at IT Services, our mission is to help you stay ahead of cyber threats. We provide the latest news, updates, and resources on cybersecurity to help you protect your digital footprint. Whether you’re a business owner or an individual user, knowledge is power when it comes to defending against cyberattacks. So don’t wait for a wake-up call like CBIZ – take action now to secure your digital life.
Stay informed and keep coming back to learn more. And remember, if you have any concerns or questions about cybersecurity, we’re here to help. Don’t hesitate to contact us for expert advice and support.
Malware
DICK’S Sporting Goods Halts Email & Locks Employee Accounts Following Intense Cyberattack
US retailer Dick’s Sporting Goods suffered a cyberattack, prompting the company to shut down employee email accounts and reset passwords. Discover how the attack unfolded and what measures the company is taking to prevent future incidents.
Last Wednesday, DICK’S Sporting Goods, the largest chain of sporting goods retail stores in the United States, discovered a cyberattack that exposed confidential information. With $12.98 billion in revenue in 2023 and over 857 stores across the country, this breach impacts a significant number of people.
Responding to the Cyberattack
In a filing with the U.S. Securities and Exchange Commission (SEC), DICK’S has hired outside cybersecurity experts to help contain the security breach and assess the impact. The company stated, “On August 21, 2024, the Company discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information.”
As soon as the incident was detected, DICK’S activated its cybersecurity response plan and engaged external cybersecurity experts to investigate, isolate, and contain the threat.
Keeping Information Under Wraps
According to an anonymous source, the company has been tight-lipped about the breach and has instructed employees not to discuss it publicly or put any information in writing. The same source revealed that email systems had been shut down, likely to isolate the attack, and all employees were locked out of their accounts. IT staff is now manually validating employees’ identities on camera before granting access to internal systems.
In an internal memo, DICK’S informed employees that most of them no longer have access to their systems due to a “planned activity” and that team leaders will contact them via personal email or text for further instructions.
Business Operations Unaffected
Phone lines at local stores are currently down due to the incident, but the company has reported no disruption to their business operations to date. In their SEC filing, DICK’S stated, “The Company has also notified federal law enforcement. The Company has no knowledge that this incident has disrupted business operations. The Company’s investigation of the incident remains ongoing.”
Although the company believes the incident is not material at this point, the investigation is still in progress, and the full impact remains to be seen.
What You Can Do
Cybersecurity is a critical concern for businesses and individuals alike. We at IT Services are committed to keeping you informed and protected. Stay tuned for updates on this situation, and don’t hesitate to reach out to us for advice and assistance in safeguarding your personal and professional information. Let’s work together to stay one step ahead of cyber threats.
-
Malware11 months ago
Flagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
-
Malware11 months ago
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
-
Data Protection Regulations10 months ago
Top Data Protection Officer Certification Courses Reviewed
-
Security Audits and Assessments10 months ago
Mastering Healthcare Data Security: 5 Essential Audit Tips
-
Data Protection Regulations10 months ago
Top 11 Data Protection Training Programs for Compliance
-
Data Protection Regulations10 months ago
Navigating Data Protection Laws for Nonprofits
-
Data Protection Regulations10 months ago
9 Best Insights: CCPA’s Influence on Data Security
-
Security Audits and Assessments10 months ago
HIPAA Security Risk Assessment: Essential Steps Checklist