All news with #third-party breach tag

Comcast to Pay $1.5M After Vendor Breach Affects 273,703

🔒 Comcast will pay $1.5 million to settle an FCC investigation after a February 2024 vendor breach at Financial Business and Consumer Solutions (FBCS) exposed the personal data of 273,703 current and former Xfinity customers. Under the consent decree Comcast must implement a compliance plan with enhanced vendor oversight, biennial risk assessments, and biannual reporting. Comcast says its network was not breached and has not conceded wrongdoing.

Harrods Supply Chain Breach Affects E-commerce Customers

🔒 Harrods has disclosed that some e-commerce customer data was stolen via a breach at a third-party provider, with the retailer notifying affected customers on Friday. The company says the exposed information is limited to basic personal identifiers such as names and contact details and does not include account passwords, payment details or order history. Harrods also said it was contacted by a threat actor but refused to engage, and that this incident is separate from attempts to access Harrods systems in May. Reports indicate as many as 430,000 customer records may have been impacted, in a broader environment of rising retail ransomware and supply-chain risk linked to groups such as Scattered Spider.