DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

(update) Texas company lays out ‘hacking’ case against Minnesota Public Radio

Posted on December 15, 2009 by Dissent

David Brauer has more on Lookout Services’s allegations against a Minnesota Public Radio reporter, following a breach reported here previously.

[…]

In a Dec. 11 report, [MPR reporter] Aslanian said she was able to see “employee names, birth dates, Social Security numbers and hire dates” on Lookout’s web site “without using a password or encryption software.”

Lookout CEO Elaine Morley says that’s not the whole truth. She contends Aslanian did use a password and ID to penetrate Lookout’s security — and told Morley so during a Dec. 7 phone call. Later, Morley asserts, Aslanian used information from that penetration to view the state data, even though she didn’t need a password or encryption that time.

As you might expect, MPR isn’t willing to debate Lookout’s assertions. News director Mike Edgerly’s two-sentence statement: “We are aware of Lookout Services allegations concerning an investigative report by MPR’s Sasha Aslanian. Sasha’s story exemplified good, solid reporting and we stand by it.”

[…]

Morley says she’s sure Aslanian used a password and ID because the reporter said as much during a Dec. 7 phone call. “She told me ‘I am in your company’s database,’” Morley says. “I told her, ‘In my opinion, your source is hacking, and this is an unauthorized intrusion.’”

Morley says Lookout closed that vulnerability. However, the successful penetration exposed a new web address on which to model future attempts. Morley acknowledges Lookout screwed up by caching credentials on several web pages, rendering that security method effectively useless. The CEO says state and MPR computers added and subtracted things from the web address, finally getting through to the state info.

[…]

In a “demand letter” to MPR asking for an accounting of what was viewed, [Lookout Services’ attorney] Abbott cited the federal Computer Fraud and Abuse Act, which penalizes anyone who “intentionally accesses a computer without authorization or exceeds authorized access and thereby obtains information from any protected computer.”

Criminal liability in such cases? “A fine or imprisonment for not more than 5 years, or both.”

Of course, that assumes MPR did what Lookout alleges it did, a prosecutor decides it’s worth prosecuting, and a court finds guilt. The act also has provisions for civil liability.

James Quinn — a technology lawyer with Bloomington-based Larkin Hoffman who is not involved in the case — calls Lookout’s assertions “not a bullshit claim.”

Read more on Braublog and stay tuned.

Photo credit: “Dave Wants You” by Chris Owens on Flickr, used under Creative Commons License

Related posts:

  • Will embattled state contractor try to get Minnesota Public Radio reporter thrown in jail?
  • FTC Settles Charges Against Ceridian and Lookout Over 2009 Data Breaches
Category: Business SectorOf NoteU.S.

Post navigation

← Personal information stolen from Detroit's health department
Personal information stolen from Detroit’s health department →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.