Cell phone carrier T-Mobile reported in January 2023 that there was unauthorized access to some customer data for a certain time period. T-Mobile is in the process of contacting those customers.
LastPass issued a security advisory to its customers regarding an incident where there was unauthorized access to customer data. LastPass states that their products are functional and they will continue to investigate the issue.
Rackspace reported a ransomware incident for Hosted Exchange environment in December 2022 which is causing service disruptions. Rackspace has contained the issue and is investigating the incident. More information is available at their status page.
Twitter revealed that an earlier security vulnerability that allowed someone to enter a phone number or email address to verify if that information was tied to an existing Twitter account. The Twitter user account name was returned if a match was found. Twitter fixed this issue and is in the process of contacting only those users that were affected by this incident.
The Apache Software Foundation has released a security advisory for Java logging library Apache Log4j. This vulnerability may be exploited over a network without the need for a username and password. This is logged in the National Vulnerability Database (NVD) as CVE-2021-44228. Multiple server and cloud software vendors will be releasing security updates.
Robinhood has reported that some of its financial app’s customer data was leaked in November 2021. This includes at least two million full names and 5 million email addresses. A much smaller amount of customers had additional data leaked. Social security numbers and bank account numbers were not affected.
T-Mobile has notified its customers that there was unauthorized access to some of its company data in August of 2021, and that the entry point for the intrusion was closed. The company is still researching this event.
Update: T-Mobile has released more details as well as recommendations for its customers, as well as former and prospective customers.
ParkMobile, a vehicle parking app which is used in several major cities in the U.S. under various names, has released details for a security incident with its vehicle parking app in March of 2021. License plate numbers and some email addresses and/or phone numbers were included in this incident, but not credit cards or drivers license numbers.