Bob Diachenko reports: On Feb 22 2019, I found a copy of the Dow Jones Watchlist dataset, sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look (hint: any public IoT search engine, such as BinaryEdge). “Used by eight of the world’s ten largest,…
Category: Business Sector
Axa staff sentenced for data theft in 2015 “Wolf of Manchester” case
Sian Barton reports: Four people have been sentenced for their part in a scam which saw 100 pieces of data a week stolen from Axa Insurance between July and December in 2015. The City of London Police’s Insurance Fraud Enforcement Department (IFED), which worked closely with Axa during the investigation, discovered that between 15 July…
Payroll Provider Gives Extortionists a Payday
Brian Krebs reports: Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company’s customers for nearly three days. Faced with the threat of an extended outage, Apex chose to pay the ransom demand and begin the process of restoring service to customers….
Tax Returns Exposed in TurboTax Credential Stuffing Attacks
Sergiu Gatlan reports: Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack. A credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and…
California CPA firm notifies clients after falling for a tech support scam
I’ve been told that at times, I can be tough on those who have had breaches. But I actually do feel sympathy for some victims. Read this notification from Martin Hutchison & Hohman, a firm of certified public accountants in Eureka, California. I found it actually painful to read. When conscientious people fall for scams,…
Privacy Commissioner Publishes Investigation Report on the 2018 Incident of Intrusion into Hong Kong Broadband Network’s Customer Database Affecting 380,000 Customers
February 21 – The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner) Mr Stephen Kai-yi WONG published an investigation report in accordance with section 48(2) of the Personal Data (Privacy) Ordinance (the Ordinance) on the incident of Hong Kong Broadband Network Limited (HKBN)’s inactive database having been intruded in mid-April 2018 (the incident) that…