Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3 Data Breaches Disclosed This Week: J.Crew, T-Mobile, and Carnival

The separate incidents show how data theft knows no market-based limits.



A series of enterprise data breaches disclosed this week underscores how criminals target various industries to steal and monetize data. The breaches at J.Crew, T-Mobile, and two units of cruise-line operator Carnival Corp., show that millions of customers can feel the effect of even the simplest exploit.

In its disclosure letter to customers, J.Crew said that customers' email addresses and passwords were obtained by an unauthorized third party and that significant additional personal information could have been accessed in the April 2019 incident. No information was provided on the number of customers affected, but the notification noted that the breached accounts had been de-activated pending a customer telephone call and password re-set.

T-Mobile disclosed a breach affecting an unknown number of customers, though gaining that information is complicated because of the path taken to the customer information: Employee data was breached, some of which contained customer information. In a notification document, the wireless carrier said, "Information accessed illegally may have included names and addresses, phone numbers, account numbers, rate plans and features, and billing information."

Finally, Holland America Line and Princess Cruises, two units of Carnival Corp, disclosed a breach from May 2019 in which personal information including mail accounts, names, Social Security numbers, and credit card information of some employees and customers were illegally accessed. While no numbers were given regarding victims, a notice with the California Attorney General's office indicates that more than 500 individuals were affected. Carnival said that when the breach was discovered, it acted quickly to shut down the unauthorized access.

For more, read here, here, and here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "The Perfect Travel Security Policy for a Globe-Trotting Laptop."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
boholuxe
0%
100%
boholuxe,
User Rank: Apprentice
3/6/2020 | 5:08:14 AM
OMG
OMG, these breaches are so huge....
leo5121472313
50%
50%
leo5121472313,
User Rank: Apprentice
3/12/2020 | 4:10:29 AM
PJ Masks For pc
I will carefully read the issues you just shared, I find there are some places that are not very clear

PJ Masks For pc
Jeremmy11
50%
50%
Jeremmy11,
User Rank: Apprentice
3/24/2020 | 11:29:45 AM
oh..no
This is really scary..=((
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8004
PUBLISHED: 2020-04-06
STMicroelectronics STM32F1 devices have Incorrect Access Control.
CVE-2020-7631
PUBLISHED: 2020-04-06
diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument.
CVE-2020-7632
PUBLISHED: 2020-04-06
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.
CVE-2020-7633
PUBLISHED: 2020-04-06
apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument.
CVE-2020-7634
PUBLISHED: 2020-04-06
heroku-addonpool through 0.1.15 is vulnerable to Command Injection.