Cory Doctorow reports: Comcast Xfininty’s login page had an easily found bug that allowed anyone to gain access to the Social Security Numbers and partial home addresses of over 26.5 million customers. Comcast spokesapologist David McGuire says the company patched the bug quickly after being notified of its existence by security researcher Ryan Stevenson, and…
Category: Business Sector
Ransomware Strikes Computer Servers of Golfers’ Association
David Bisson reports: Digital attackers targeted the computer servers of a golfers’ association with ransomware and encrypted files stored on those assets. Staff at the Professional Golfers’ Association of America (PGA) discovered the attack on 7 August. When they attempted to access certain work files that morning, those documents generated a ransom note informing them…
Unixiz Agrees to Shutter “i-Dressup” Site and Pay Penalty to Settle Charges Under COPPA and the New Jersey Consumer Fraud Act
From Hunton Andrews Kurth: On August 3, 2018, California-based Unixiz Inc.(“Unixiz”) agreed to shut downits “i-Dressup” website pursuant to a consent order with the New Jersey Attorney General, which the company entered into to settle charges that it violated the Children’s Online Privacy Protection Act (“COPPA”) and the New Jersey Consumer Fraud Act. The consent orderalso…
SEC Fines Mizuho for Failing to Protect Customer Data
Peter A. Kurtz and Craig A. Newman write: It is not enough for companies to establish policies and procedures designed to prevent the misuse of material nonpublic information. Companies must also enforce those policies and procedures. That’s the lesson from the U.S. Securities and Exchange Commission’s recent settlement with Mizuho Securities USA LLC (“Mizuho”), a broker-dealer,…
Salesforce API error may have caused data leak
Tom Allen reports: Cloud computing firm Salesforce has warned customers that their information may have been shared with other customers’ accounts, due to an API error. In a security advisory, the CRM company says it became aware of the issue on the 18th July. The error impacted ‘a subset’ of Marketing Cloud customers using the…
Fashion Nexus reports 650k affected by hack by “white hat hacker” or “ethical hacker”
Tim Clark reports: Details including the email and home addresses of around 650,000 fashion shoppers were stolen following a security breach at ecommerce platform provider Fashion Nexus. The data breach allowed hackers to access customer details from fashion brands including Elle Belle Attire, AX Paris and Traffic People. Online fashion retailers Perfect Handbags and DLSB…