“Bad news for home gardeners: criminals might have your credit card data. AeroGrow, the maker of the at-home garden kit AeroGarden, said in a letter to customers that its website had credit card scraping malware for more than four months. The company said anyone who bought something through its website between October 29, 2018 and March 4, 2019 had their credit card number, expiration date and card verification value — also known as a security code — stolen by the malware.”

“Mark the latest data breach as another conquest for hackers. Earl Enterprises, owner of the Buca di Beppo, Bertucci’s, Planet Hollywood, and the Earl of Sandwich restaurant chains, among others, said point-of-sale malware captured credit and debit card information from May 23, 2018, through March 18, 2019, at a variety of its locations. Restaurants potentially affected include Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy! Mixology, and Tequila Taqueria. In addition to capturing credit and debit card numbers, the malware may have collected expiration dates and cardholder names, Earl Enterprises said in a statement released March 29.”

“Iranian-backed hackers have stolen vast amounts of data from a major software company that handles sensitive computer projects for the White House communications agency, the U.S. military, the FBI and many American corporations, a cybersecurity firm told NBC News. Citrix Systems Inc. came under attack twice, once in December and again Monday, according to Resecurity, which notified the firm and law enforcement authorities.”

“But as the investigations continue, a consensus is starting to emerge to explain why the data has disappeared from sight. Most experts familiar with the case now believe that the thieves were working for a foreign government and are using the information not for financial gain, but to try to identify and recruit spies.”

“Sample account records from the multi-gigabyte databases seen by The Register appear to be legit: they consist mainly of account holder names, email addresses, and passwords. These passwords are hashed, or one-way encrypted, and must therefore be cracked before they can be used.”

“The San Diego-based non-profit and partner CyberScout LLC, a data-security services provider, say 2018 saw 1,244 data breaches compared with 1,632 the year before. But 446.5 million business, education, payment card, financial, health-care, and other records with personally identifying information were compromised, a 126% increase from 197.6 million in 2017.”

“A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server security lapse. The server, running an Elasticsearch database, had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life.”

“If you thought you’d heard this story before, you’re not wrong. Back in November, another telecoms company, Voxox, exposed a database containing millions of text messages — including password resets and two-factor codes. This time around, it’s a different company: Voipo, a Lake Forest, Calif. communications provider, exposed tens of gigabytes worth of customer data.”

“Marriott International Inc. said fewer customers were affected in a massive data breach than initially feared but confirmed that hackers had compromised the passport numbers of millions of people in what security analysts have described as a potential foreign-intelligence gold mine. Marriott, the world’s largest hotel company, disclosed in November that a hack in the reservation database for its Starwood properties may have exposed the personal information of up to 500 million guests.”

“Paying parking tickets or municipal water taxes is never fun—and it’s even worse when hackers have compromised your town’s payment system. Yet, that’s what happened in dozens of towns across the U.S. where cyber crooks have made off with the personal data of nearly 300,000 people.”

“It seems like every week, a new company has to notify its customers that their data may have been compromised, and personal information may have been affected. Data breaches can happen for a variety of reasons. Some companies are hacked. Data can be mishandled or sold to third parties. Holes in a website’s security system can leave information unprotected. One of the latest victims was Marriott hotels, which recently revealed that hackers had accessed the information of an estimated 500 million customers.”

“Compromised information includes cryptographically protected passwords, full names, email addresses, data imported from linked networks, and a variety of non-public content and actions, including direct messages, answer requests, and downvotes. The breached data also included public content and actions, such as questions, answers, comments, and upvotes.”

“HSBC Bank is warning some of its U.S. customers that their personal data was compromised in a breach, although it says it’s detected no signs of fraud. The data breach affects only the U.S. operations of London-based HSBC, which is the world’s seventh largest bank and the biggest in Europe. HSBC says the breach appeared to run from Oct. 4 to Oct. 14. After spotting the breach, the bank says in a notification announcement, it “suspended online access to prevent further unauthorized entry” to affected accounts.”

“Hackers appear to have compromised and published private messages from at least 81,000 Facebook users’ accounts. The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be skeptical about that figure.”

“Facebook Inc. said intimate information, including search results, recent locations and hometowns, were stolen from 14 million users by attackers in a major hack of the social network disclosed two weeks ago.”

“Google is about to have its Cambridge Analytica moment. A security bug allowed third-party developers to access Google+ user profile data since 2015 until Google discovered and patched it in March, but decided not to inform the world.”

“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.”

“Hackers injected 15 lines of card skimming code on the online retailer’s payments page which remained for more than a month between August 14 and September 18, Yonathan Klijnsma, a threat researcher at RiskIQ, told TechCrunch. The code siphoned off credit card data from unsuspecting customers to a server controlled by the hackers with a similar domain name — likely to avoid detection. The server even used an HTTPS certificate to blend in.”

“Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card.”

“This would allow any customer of the bank to spy on the daily transaction activity of other customers, and perhaps even target customers who signed up for high minimum balance alerts (e.g., “alert me when the available balance goes below $5,000”).”