OK, here’s a W-2 phishing attack from 2016 that I never covered on this site but has apparently resulted in a class action lawsuit settlement. Christina Davis reports: TIMCO Aviation Services has agreed to pay more than $300,000 to settle a class action lawsuit alleging the company violated Class Members’ privacy rights by compromising tax data…
Category: Business Sector
NZ: Vector shuts down app after privacy breach
RNZ reports: The Vector power company has shut down its outage app after thousands of customers unwittingly had their data shared. The information has been available due to a vulnerability on its outage app. The app is used so customers can report and be informed about power outages. Vector chief digital officer Nikhil Ravishankar said…
Hackers built a ‘master key’ for millions of hotel rooms
Zack Whittaker reports: Security researchers have built a master key that exploits a design flaw in a popular and widely used hotel electronic lock system, allowing unfettered access to every room in the building. The electronic lock system, known as Vision by VingCard and built by Swedish lock manufacturer Assa Abloy, is used in more…
Access Group notifies borrowers of data security incident
It’s not just edtech vendors students need to watch out for when it comes to privacy and data security. Vendors that help process student loans may also put you at risk, as this notification from AccessLex Institute (dba Access Group) reminds us. The nonprofit organization, which provides financial education resources and services, writes: Dear [Name]:…
Altaba, Formerly Known as Yahoo!, Charged With Failing to Disclose Massive Cybersecurity Breach; Agrees To Pay $35 Million
From the SEC: The Securities and Exchange Commission today announced that the entity formerly known as Yahoo! Inc. has agreed to pay a $35 million penalty to settle charges that it misled investors by failing to disclose one of the world’s largest data breaches in which hackers stole personal data relating to hundreds of millions…
Careem knew – or should have known – that they had a serious problem last year: researcher
Mark Sutton has some follow-up commentary on the Careem breach reported on this site yesterday: Gregg Petersen of Veeam Software said that not alerting customers to the breach for so long “isn’t acceptable”, and that organisations need to work faster to maintain the trust of their customers. Jordanian cybersecurity expert Raed Nesheiwat also said that…