A DataBreaches.net exclusive: It is not uncommon for a firm to deny allegations that they have been breached. It is not uncommon for a firm to acknowledge that there has been a breach but claim that it is not as dramatic as a researcher might claim. And it is not uncommon for researchers to receive…
Author: Dissent
MN: RCTC students birthdates released in data breach
Erich Fisher reports that Rochester Community Technical College discovered it had twice made errors in responding to semi-annual public records requests from LexisNexis: A data breach at Rochester Community Technical College was identified and remedied on March 31 after it was discovered that a third-party company had received the birthdates of 5,392 students. No other…
Peloton’s leaky API let anyone grab rider’s private account data
Zack Whittaker reports: Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data. My Peloton profile is set to private and my friend’s list is deliberately zero, so nobody can view my profile, age, city, or workout history. But a bug allowed…
Florida girl, 18, faces 16-year jail for hacking ‘homecoming queen’ contest with mom’s help
There’s an update on a hacking case first reported in March. Unlike high school students who hack to change grades, Emily Grover and her mother stand accused of hacking to rig the homecoming queen election in her favor. Now it appears that she will be charged as an adult to face multiple felony charges.
Worldwide phishing attacks deliver three new malware strains
Sergiu Gatlan reports: A global-scale phishing campaign targeted worldwide organizations across an extensive array of industries with never-before-seen malware strains delivered via specially-tailored lures. The attacks hit at least 50 orgs from a wide variety of industries in two waves, on December 2nd and between December 11th and 18th, according to a Mandiant report published today. UNC2529,…
Circuit Split No More: 2nd Circuit Clarifies Article III Standing in Data Breach Cases
Lissette C. Payne of Bradley writes: While more states push forward on new privacy legislation statutorily granting consumers the right to litigate control of their personal information, federal courts continue to ponder how data breach injury fits traditional standing requirements. Previous to McMorris v. Carlos Lopez, McMorris v. Carlos Lopez & Assocs., LLC, many have argued there was a circuit split…