Microsoft released several urgent security updates for Exchange Server based on cyber attacks believed to be from HAFNIUM and other groups starting March 2, 2021. This includes Microsoft Exchange Server 2019, 2016, 2013 and 2010, but not Exchange Online. Microsoft recommends installation of security updates and running tests to see if Exchange servers have already been compromised.
SolarWinds issued a security advisory in December 2020 regarding recent cyberattacks on its Orion Platform of products and an FAQ page. Microsoft has also created a list of resources regarding this security incident.
Marriott Hotels has reported a data breach in 2020 that affected the data for approximately 5.2 million guests. Customers can request more information at mysupport.marriott.com
Convenience store chain Wawa has disclosed a data breach that occurred from March 2019 to December 2019. Malware was detected and then removed from its payment processing servers by their information security team. Payment information, including credit and debit card numbers, expiration dates, and cardholder names were included in this breach. Wawa is offering one year of identity theft protection for affected cardholders.
Meal delivery service DoorDash has reported a data breach of about 4.9 million customer, delivery driver, and merchant user accounts. Users who registered after April 5, 2018 should not be affected. DoorDash has also set up a phone help line regarding this data breach that can be reached at 855-646-4683.
Capital One has reported that there was unauthorized account access for about 100 million individuals in the United States and 6 million in Canada. This data included approximately 140,000 Social Security numbers of credit card customers. Capital One will notify these customers according to their FAQ press release.
The Federal Trade Commission (FTC) has released more details about the pending settlement regarding the 2017 Equifax data breach. Consumers will be able to file for a claim with an online tool once the settlement is finalized.
More information is available at www.equifaxbreachsettlement.com.
Update: the FTC is now recommending that consumers affected by this data breach choose the credit monitoring option instead of the payment option, which is expected to be smaller due to the large amount of claims filed.
Quest Diagnostics issued a statement that billing collections service American Medical Collection Agency (AMCA) had potential unauthorized activity on AMCA’s web payment page, which could have compromised the data of about 11.9 million Quest patients. Lab results were not affected by this incident. Quest Diagnostics is continuing their investigation.
Some of the more comprehensive lists of known data breaches include:
- USA Today list of largest data breaches and hacks
- CNN.com – biggest data breaches in history
- Bloomberg.com – worst corporate hacks list
- Wikipedia data breach list
- State of California data breaches list
Identity theft victims can receive advice from these websites:
- Federal Trade Commission (FTC) – Identity Theft Help
- FTC – Additional resources for identity theft victims
- FTC – Report fraud
- FTC – Guidance on how to avoid fraud
- FTC Complaint Assistant
- Internal Revenue Service (IRS) – report tax fraud activity
- Internal Revenue Service (IRS) – Identity Protection PIN (IP PIN)
- IRS Form 14039 – Identity Theft Affidavit
- U.S. State Dept. – Report a lost or stolen passport
- Better Business Bureau (BBB) – identity theft scams
- FBI Internet Crime Complaint Center (IC3) – report a crime