KDRV reports: Oregon’s Department of Human Services (DHS) revealed on Thursday that the private data of more than 350,000 clients may have been accessed in a massive data breach that began earlier this year. The agency said that the breach stemmed from a phishing scam that infected the emails of nine separate employees after they…
Month: March 2019
NZ: Privacy Bill avoids notification fatigue
Tim Murphy reports: MPs have revised privacy legislation to avoid a risk of ‘notification fatigue’ in which holders of data would be forced to advise the public of even minor data breaches. Parliament’s justice select committee has raised the threshold in the Privacy Bill for when mandatory notifications to the Privacy Commissioner and affected individuals would…
OH: 13-year-old student accused of hacking teacher’s account, making hit list of fellow students
WSYX/WTTE reports: A 13-year-old student at the Columbus City Preparatory School for Boys is under investigation after he reportedly used a teacher’s credentials to get into the district’s system, created a website with information about his fellow students, and made threats. Columbus Police say they received a report on March 15th that the student had…
Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years
Brian Krebs reports: Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data. Read…
Tesla sues former staff for data theft
Reuters reports: Tesla filed a lawsuit on Thursday against a former engineer at the company, claiming he copied the source code for its Autopilot technology before joining a Chinese self-driving car startup in January. The engineer, Guangzhi Cao, copied more than 300,000 files related to Autopilot source code as he prepared to join China’s Xiaopeng…
Spanish Gym Franchise Database Exposed By Partner’s Data Breach
Bob Diachenko reports: On March 8th, 2019, I have identified a passwordless MongoDB database that was exposing sensitive information of an estimated 6,608 VivaGym job candidates and other business related data. VivaGym is a Spanish low-cost gym franchise operating in Spain and Portugal. At the moment of the discovery, database already had a ‘WARN’ collection,…