The US Department of Homeland Security has confirmed an IT breach at FEMA (Federal Emergency Management Agency), with Secretary Kristy Noem blaming FEMA employees for the incident.
Noem’s statement included explicit blame for the attack on FEMA’s IT staff, 23 of which she claims to have fired following the incident. News of the breach and firings came after an open letter of dissent from current and former FEMA employees stating that the inexperience of top appointees could lead to a catastrophe on the level of Hurricane Katrina.
FEMA is currently on a hiring freeze through the end of the year, potentially longer, but assures it is dedicated to “delivering for the American people.”
(–Source: Reuters on MSN
Read More: US Homeland Security chief reports breach at FEMA, fires 23 employees )
The trend of attacks on company Salesforce databases continues with TransUnion being the latest breach of this kind. Sensitive data, including Social Security numbers of 4.4 million people have been exposed in this attack.
The breach occurred in late June and was reportedly contained within hours, but not without sensitive customer data being exposed. The credit bureau confirmed that the incident involved a third-party application, not TransUnion’s core database or credit reports. Law enforcement has been contacted and is involved with the investigation.
(–Source: CNET
Read More: More Than 4.4 Million Exposed in Credit Bureau TransUnion Breach – CNET )
Google has responded to the outpouring of recent news headlines claiming that the company issued an emergency warning to all Gmail users that their accounts are at risk after the recent breach on their Salesforce database.
In the company’s response, they stated, “unfortunately, several inaccurate claims surfaced this week incorrectly claiming we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false.”
While Google’s response does not mean that Gmail users are not at risk of any attacks, as phishing attempts continue to be a favorite among hackers, the company assures that there is no elevated threat to Gmail users following the attack and that their email service’s protections continue to block most phishing attempts. Internet users should always be cautious and on-the-lookout for signs of phishing and malware.
(–Source: Forbes
Read More: Google Confirms Gmail Data Breach Warning Is Fake News )
Staying on the topic of Salesforce-related attacks, three more companies have been hit in the string of attacks targeting the Salesloft Drip OAuth integration with Salesforce. The three affected companies are Palo Alto Networks, ZScaler, and Cloudflare.
Like other organizations that have been targeted by these attacks, Palo Alto and ZScaler confirmed the incident was isolated to their CRM, with none of their products or services being directly impacted. Cloudflare, however, accepted partial blame for their choice of business tools.
Across these 3 vendors, the type of information compromised in the attack may include names, contact information, job titles, region/location details, and other data mostly related to business contact information, internal sales account and basic case data. However, depending on the amount of sensitive information that end users included in recent case notes, some may have had more information stolen than others.
(–Source: CSO
Read More: Palo Alto Networks, Zscaler, Cloudflare hit by the latest data breach | CSO Online )
