Wu Yujian, Zhang Yuzhe and Han Wei report: Kaola Credit, the credit rating service of leading payment company Lakala Payment, was accused of illegally storing and selling users’ personal data for millions of dollars, a case underscoring concerns about privacy breaches in the country’s booming fintech sector. Beijing-based Kaola Credit was among seven companies caught…
Category: Business Sector
Activist Leaks Files From a Data Broker for Demoing its Software With ICE
Joseph Cox reports: To protest a data broker giving trial accounts of their product to U.S. Immigrations and Customs Enforcement, a source has provided Motherboard with internal files of Sayari, a company that collects and resells access to data on citizens from more than a hundred different countries. Sayari’s data banks include physical addresses, email…
Court approves extradition of young hacker to US
Jonathan Shkurko reports: Joshua Epiphaniou will be the first Cypriot to be extradited to the United States after a Nicosia court ruled he should stand trial there, his lawyer Michael Chambers said. He faces 20 years in prison in two US states – Georgia and Arizona – where he faces several charges including wire and…
Macy’s Customer Payment Info Stolen in Magecart Data Breach
Lawrence Abrams reports: Macy’s has announced that they have suffered a data breach due to their web site being hacked with malicious scripts that steal customer’s payment information. This type of compromise is called MageCart attack and consists of hackers compromising a web site so that they can inject malicious JavaScript scripts into various sections…
TW: Online box office EZding liable for data theft and consequential damages
Arthur Shay of Shay and Partners writes: In September 2019 a landmark appeal court decision found an online information service provider liable for consequential damages of data theft. In April 2017 subscribers and users of one of Taiwan’s most popular box office websites, EZding, reported numerous data theft incidents. EZding rejected the complaints about its…
150 infosec bods now know who they’re up against thanks to BT Security cc/bcc snafu
Gareth Corfield reports: BT Security managed to commit the most basic blunder of all after emailing around 150 infosec professionals who attended a jobs fair – using the “cc” field instead of “bcc”. The email, shown to The Register by a non-trivial number of aggrieved recipients, thanked them for attending the Westminster Cyber Expo and popping by…