An Indictment charging Gholamreza Rafatnejad, 38; Ehsan Mohammadi, 37; Abdollah Karima, aka Vahid Karima, 39; Mostafa Sadeghi, 28; Seyed Ali Mirkarimi, 34; Mohammed Reza Sabahi, 26; Roozbeh Sabahi, 24; Abuzar Gohari Moqadam, 37; and Sajjad Tahmasebi, 30, all citizens and residents of Iran, was unsealed today. The defendants were each leaders, contractors, associates, hackers-for-hire or…
Month: March 2018
SAMBA Federal Employee Benefit Association programming error resulted in mismailed information
From their press release: SAMBA Federal Employee Benefit Association (“SAMBA”) recently learned of an incident that may affect information related to eligible family members of subscribers (“family members”) covered by the SAMBA Federal Employees Health Benefits Plan in 2017. “We take this incident, and member privacy, very seriously,” Walter E. Wilson, SAMBA’s Executive Director stated….
Class action suit vs. CenturyLink and DirecTV alleges customer data can be accessed via internet search
Nat Levy reports: A lawsuit against internet provider CenturyLink and AT&T-owned DirecTV alleges the companies fail to adequately protect personal customer data — to the point that it can be found through a simple internet search. The suit was filed Monday in U.S. District Court in Seattle and seeks class action status. The plaintiff, James Jantos,…
How “Hacker Search Engine” Shodan Caught Leakage of 750MB Worth Of Server Passwords
Update: I missed the original credit/source for this story when I posted it, but do see Dan Goodin’s article on Ars Technica. Original post: Remember Memcached servers? Now, we have another case of servers exposed online and fulfilling evil intentions of the hackers. This time, thousands of etcd servers maintained by corporates and organizations are…
360,000 current and former Pennsylvania teachers notified of breach
So that breach in February affecting Pennsylvania teachers affected approximately 360,000 current and former teachers. A 30-minute exposure leads to so much cost and anxiety. Ouch.
Southeast Clinical Pathology Laboratories Notifies Patients of Stolen Laptop
From the notice on their web site: March 21, 2018 – Clinical Pathology Laboratories Southeast, Inc. (“CPLSE”) has become aware of a data security incident that may have involved the personal and protected health information of its patients and their payment guarantors. On September 20, 2017, a laptop issued to a CPLSE employee was stolen….