Jayed Rahman of the Paterson Times is likely loving work these days, with the Paterson schools giving the paper — and the reporter — lots of imprudent statements to report on. In today’s installment, it sounds like the district’s superintendent is walking back a perceived threat to sue the paper for basically committing journalism. After…
Month: May 2019
Canadian company pleads guilty to peddling vast database of personal information
The Canadian Press reports: The RCMP says a Canadian-based company that peddled an illicit trove of 1.5 billion user names and associated passwords has pleaded guilty to criminal charges. In a news release, the Mounties say Defiant Tech Inc. admitted in court Friday to trafficking in identity information and possession of property obtained by crime…
Over 12,000 MongoDB Databases Deleted by Unistellar Attackers
Sergiu Gatlan reports: Over 12,000 unsecured MongoDB databases have been deleted over the past three weeks, with only a message left behind asking the owners of the databases to contact the cyber-extortionists to have the data restored. Although not on this scale, these types of attacks targeting publicly accessible MongoDB databases have happened since at least early-2017 [1, 2,…
The Total Registration incident– Comments from the K-12 Cybersecurity Resource Center
Doug Levin has a write-up on the Total Registration data security incident first reported by this site. Doug raises a number of important issues and comments, and I hope his commentary gets wider coverage and discussion. I’m still mulling over the fact that a few of the school districts that this site attempted to notify…
Lithuanian watchdog issues first GDPR fine
Sam Clark reports: Lithuania’s data protection authority has fined a payments processing company for breaching three provisions of the GDPR. The State Data Protection Inspectorate has levied a €61,500 fine against fintech company MisterTango for inappropriate data processing, disclosing personal data and failing to report a breach, it said today. The authority said that the…
Oregon Construction Contractors Board reports data breach
KTVZ reports: The Oregon Construction Contractors Board said Friday it has discovered a security breach involving 8,013 online contractor accounts. Unauthorized individuals gained access to some contractors’ usernames and related password information. The incident occurred between Oct. 27 and Oct. 29, 2018, and was discovered on April 12, 2019, during a routine audit conducted by…