ParkMobile, a vehicle parking app which is used in several major cities in the U.S. under various names, has released details for a security incident with its vehicle parking app in March of 2021. License plate numbers and some email addresses and/or phone numbers were included in this incident, but not credit cards or drivers license numbers.
Facebook has released a response to recent reports of 530 million user accounts made publicly available in an unsecured database. Facebook states that their systems were not hacked, but user data was scraped from its platform prior to September 2019. Facebook also states that the issue was corrected at that time and should not happen again.
Microsoft released several urgent security updates for Exchange Server based on cyber attacks believed to be from HAFNIUM and other groups starting March 2, 2021. This includes Microsoft Exchange Server 2019, 2016, 2013 and 2010, but not Exchange Online. Microsoft recommends installation of security updates and running tests to see if Exchange servers have already been compromised.
The U.S. Justice Department has also executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers in the United States in relation to this security issue. The FBI will attempting to provide notice of the court-authorized operation to all owners or operators of these computers.
SolarWinds issued a security advisory in December 2020 regarding recent cyberattacks on its Orion Platform of products and an FAQ page. Microsoft has also created a list of resources regarding this security incident.
Marriott Hotels has reported a data breach in 2020 that affected the data for approximately 5.2 million guests. Customers can request more information at mysupport.marriott.com
Convenience store chain Wawa has disclosed a data breach that occurred from March 2019 to December 2019. Malware was detected and then removed from its payment processing servers by their information security team. Payment information, including credit and debit card numbers, expiration dates, and cardholder names were included in this breach. Wawa is offering one year of identity theft protection for affected cardholders.
Meal delivery service DoorDash has reported a data breach of about 4.9 million customer, delivery driver, and merchant user accounts. Users who registered after April 5, 2018 should not be affected. DoorDash has also set up a phone help line regarding this data breach that can be reached at 855-646-4683.
Capital One has reported that there was unauthorized account access for about 100 million individuals in the United States and 6 million in Canada. This data included approximately 140,000 Social Security numbers of credit card customers. Capital One will notify these customers according to their FAQ press release.
The Federal Trade Commission (FTC) has released more details about the pending settlement regarding the 2017 Equifax data breach. Consumers will be able to file for a claim with an online tool once the settlement is finalized.
More information is available at www.equifaxbreachsettlement.com.
Update: the FTC is now recommending that consumers affected by this data breach choose the credit monitoring option instead of the payment option, which is expected to be smaller due to the large amount of claims filed.