Remember when it seemed like every day we were reading about ID theft and tax refund fraud schemes involving rogue employees of tax preparation firms? Yeah, well it’s still a thing. Here’s a story about a former rogue employee at Jackson Hewitt in McKinney, Texas. If you or someone you know may have used that…
Category: Business Sector
Mumsnet reports itself to regulator over data breach
Alex Hern reports: Mumsnet has reported itself to the information commissioner after a data breach resulted in users accidentally logging into the accounts of strangers. A botched upgrade to the software the forum runs on meant that for three days, if two users tried to log in at the same time, there was the possibility…
Is your airline’s e-ticketing system putting your data at risk?
Liarna LaPorta of Wandera reports: Wandera’s threat research team has discovered a vulnerability affecting a number of airline e-ticketing systems that can expose passengers’ personally identifiable information (PII). This vulnerability can expose passenger data by using links that are easily intercepted by hackers. The intercepted and unencrypted links enable unauthorized third parties to view, and…
NZ: Landlord’s ‘blacklist’ of tenant’s criminal convictions hacked and leaked online
Samesh Mohanlall reports: A woman was shocked to discover her decades-old criminal record had been published online, part of a blacklist of compromising information compiled by a property investor group and sold to landlords about prospective tenants. Jessica Cross was one of hundreds of Timaru residents to have their sensitive information posted online, including a…
Pharmaca notifies customers of payment card breach affecting brick-and-mortar stores
Those of us who read breach notifications to state attorneys general (yes, we have no life), likely all spotted a notification in mid-January involving Pharmaca. The notification stated that in December, 2018, Pharmaca started receiving reports of payment card fraud. Their investigation, with help from security experts, revealed that malware may have captured customer payment…
Indecent disclosure: Gay dating app left “private” images, data exposed to Web
Sean Gallagher reports on yet another exposed Amazon bucket: Jack’d, a “gay dating and chat” application with more than 1 million downloads from the Google Play store, has been leaving images posted by users and marked as “private” in chat sessions open to browsing on the Internet, potentially exposing the privacy of thousands of users….