Several weeks ago, I reported that some researchers had contacted me anonymously to give me a slew of vulnerabilities they had uncovered in their research. As a result of the FBI’s over-the-top raid on Justin Shafer, they had become scared of trying to notify entities of what they had found. They left it up to me to decide…
Month: June 2016
Equifax service remains mum about client reports of tax refund fraud
Back in April, DataBreaches.net noted that Stanford University was notifying its employees about tax refund fraud. The fraud appeared to result from perpetrators downloading employees’ W-2 information from the university’s vendor, W-2 Express, and then using the info to file fraudulent returns. W-2 information typically includes an employee’s name and address, their wage and salary information, as well…
IE: Civil Service payroll system to be audited following data breach
Elaine Edwards reports that PeoplePoint, the payroll service for about 31,000 Irish civil servants, is being audited in the wake of two breaches and other complaints. A November, 2015 breach was previously reported on DataBreaches.net, as was a more recent one in April. Edwards reports: Since PeoplePoint’s introduction [in 2013], there have also been reports…
FEMA Mishandles Sensitive Information at Disaster Sites: IG Report
Jack Moore reports: After a wildfire tears through your community, the last thing you may be worried about is having your identity stolen or your personal information breached. But maybe you should be. A new inspector general report finds the Federal Emergency Management Agency still struggles to properly handle the safeguarding of personally identifiable information,…
Note claiming to be from DAO cryptocurrency hacker says stolen $53 million is legally his
You may feel like you’re entering the Twilight Zone after reading this report from Russell Brandom: One day after $53 million abruptly disappeared from an experimental cryptocurrency project, a note claiming to be from the attacker has surfaced on PasteBin, claiming that the money drained from the system is now legally his. The attacker withdrew the money by exploiting a…
Quebec Liberals’ strategy meetings were leaking…
Yet another security incident linked to failure to change default passwords. CJAD in Canada reports that the Quebec Liberals’ failure to change the default password on their videoconferencing system allowed anyone to gain access to strategy meetings. The user who found the flaw showed off the unlimited access to the Journal de Montreal. Published screenshots show archived videos…