Names, Social Security numbers exposed in Moss Adams breach

December 27, 2019

The accounting, consulting and wealth management firm Moss Adams has posted a cybersecurity incident notice centered on an employee email account that was accessed by an unauthorized person compromising PII.

In the statement, which appeared on the California Attorney General’s data breach website, Moss Adams stated that on October 10, 2019 a staffer’s email account was accessed by an unknown third party. Some of the information contained in the breached account included names and Social Security numbers of an undisclosed number of customer or employees.

Only information contained in the email account was exposed, the malicious actor did not obtain access to the company’s general computer network.

The company is in the process of notifying those affected, has started an internal investigation and is offering a year of free account monitoring.

Moss Adams has not yet responded to an SC Media request for additional information.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Learn More

Doug Olenick

Today’s columnist, Sebastian Gierlinger of Storyblok, offers nine tips for integrating a content management system with an ecommerce platform. (Credit: Getty Images Stock Photo)

Vulnerability Management

Millions of WordPress sites potentially hijackable due to critical plugin bug

SC StaffNovember 18, 2024

Malicious actors could leverage the vulnerability, which stems from improper user check error management in the two-factor REST API action, to facilitate high-privileged account breaches that could then be used for additional attacks, according to Defiant, a WordPress security provider.

Vulnerability Management

WhatsApp zero-day exploited by NSO Group post lawsuit

SC StaffNovember 18, 2024

While WhatsApp proceeded to disable the "Eden" exploit leveraged by NSO Group, the Israeli firm proceeded to create the "Erised" vector to target the app's users until May 2020, noted a court filing from Meta, which also noted that NSO Group, and not its customers, was primarily behind the spyware attacks.

Vulnerability Management

Impersonation attacks possible with novel Microsoft Bookings bug

SC StaffNovember 13, 2024

Such an issue stems from Microsoft Bookings enabling the creation of Shared Booking Pages by default for users with proper Microsoft 365 licenses and automated Booking Page name-based email address generation, which could be exploited to create legitimate-looking email addresses for malicious activity, according to a report from Cyberis.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Names, Social Security numbers exposed in Moss Adams breach

An In-Depth Guide to Application Security

Related

Millions of WordPress sites potentially hijackable due to critical plugin bug

WhatsApp zero-day exploited by NSO Group post lawsuit

Impersonation attacks possible with novel Microsoft Bookings bug

Related Events

Rooting Out Overlooked Risks in the Data and AI Supply Chain: Introducing a New Approach

A More Ironclad AppSec: Forecast and Guidance Late 2024 and Early 2025

Apiiro’s Integrated Application Security Posture Management (ASPM) + Software Supply Chain Security (SSCS) Solution

Get daily email updates