Zack Whittaker reports: FedEx has exposed private information belonging to thousands of its customers after a legacy server was left open without a password. The discovery was made by security researchers at the Kromtech Security Center, which posted details of the exposure alongside ZDNet. The data, hosted on a password-less Amazon S3 storage server, was…
Category: Business Sector
Hacker extracts customer data from Canadian Telecom Firm after rebuttal
Waqas writes: A hacker using the alias NullHumanity claims that they have managed to identify a flaw in the customer login system of Freedom Mobile, a Canadian wireless telecommunications provider and claims to obtain private details of customers including their phone number, address, call history and other information effortlessly. The findings were reported by MobileSyrup. The…
The strange case of the data breach that stayed online for a month
So the headline’s a bit of clickbait as there’s nothing really strange going on, but it’s still a useful reminder situation….. Simon Sharwood and Kat Hall report on a case where someone found a spread sheet exposed/indexed by Google. And although the company believed that they had gotten everything removed, weeks later it was still…
AMP Global Clearing LLC fined for lax security
A monetary penalty resulted from a misconfigured backup uncovered by Chris Vickery, who was then with Kromtech Security. It was reported publicly in April, 2017 by a number of outlets, including The Daily Dot. This was one of those cases where a vendor’s mistake turned out to be costly. The Commodity Futures Trading Commission (CFTC)…
Entergy notifies employees of W-2 breach involving TALX portal
So this is not a W-2 phishing situation, but TALX – a wholly-owned subsidiary of Equifax – is working with Entergy to notify former and current Entergy employees whose 2016 W-2 data may have been acquired by criminals from the TALX portal. In a letter to the New Hampshire Attorney General’s Office, counsel for TALX…
Aperio Group client account data breached by successful phishing attack
On January 30, Aperio informed advisors of a data breach that occurred when two employees’ email accounts were compromised by successful phishing attacks that resulted in auto-forwarding email from those accounts to two external accounts. Aperio discovered the problem on January 11, 2018, and their investigation determined that all emails sent to those two accounts between…