At a glance.
- Update on the Bed Bath & Beyond breach.
- Vodafone Italia reports third-party data breach.
- More on the Royal Mail customer data leak.
Update on the Bed Bath & Beyond breach.
We continue to follow the data breach at US home goods retailer Bed Bath & Beyond in which an intruder, equipped with credentials stolen in a phishing scam, gained access to a hard drive and employee shared drives. In the latest development, Reuters reports that Bed Bath & Beyond’s customer and technology chief, Rafeh Masood, will be resigning. The company has stated in a regulatory filing that Masood’s resignation is not the result of any disagreement with the company on any matter related to its operations, practices, or financial statements. An investigation to determine the scope of the breach is ongoing.
Vodafone Italia reports third-party data breach.
Telephone company Vodafone Italia has disclosed that one of its commercial partners, FourB S.p.A., suffered a September cyberattack that resulted in the breach of Vodafone subscriber data. According to a notice sent out to Vodafone customers, the exposed data includes subscription details, subscriber identity documents, and contact information, but no account passwords or network traffic data were compromised. FourB S.p.A., which operates as a reseller of telecommunications services in Italy, has shut down access to the breached servers and beefed up its system security to prevent future attacks. Though it’s unclear whether the incident is connected to this breach, Bleeping Computer notes that in early September a threat group called KelvinSecurity claimed responsibility for an attack and attempted to sell 95,000 files totaling 310 GB of data allegedly stolen from Vodafone Italia. At the time Vodafone said they had no evidence that the data was connected to a breach of their systems.
More on the Royal Mail customer data leak.
As we noted yesterday, British postal service Royal Mail reported a “technical issue” with its "Click & Drop" service that temporarily allowed customers access to parcel data that was not their own. The Register reports that yesterday afternoon Royal Mail shut down the service, which allows customers to print labels and pay for postage online, in order to allow engineers to work on a remedy, and suggested users resort to actual paper "emergency" order forms instead of the online option. A few hours later, the postal service announced the issue had been resolved and that the service was now operational, though an investigation to determine the cause of the incident was still ongoing. However, some customers posted on Twitter that they were still experiencing difficulties using the service and had been overcharged for postage they had still not received. It’s still unclear how many customers were impacted in the breach and whether the cause was merely a technical snafu or a malicious act.