The Office of Inadequate Security
If you say you always do right, then you should do right, right? Ouch. Over on infosec.exchange, @Jayeltee recently wrote: Professional Probation Services ( www.ppsfamily.com ) exposes almost 500,000 US probationers private data publicly, SSNs included, and when I ask them for their intentions regarding disclosure, they go into hiding mode, removing their management and…
Margi Murphy and Brian Platt report: Canadian authorities have arrested a man suspected of being behind a string of hacks involving as many as 165 customers of Snowflake Inc., according to people familiar with the matter. Following a request from the US, Alexander “Connor” Moucka was taken into custody on a provisional arrest warrant on…
From a notification sent to the New Hampshire Attorney General’s Office by external counsel for LG Electronics U.S.A. (LGEUS): Earlier this month, in the course of investigating certain matters relating to a recent resignation by a (now former) Payroll Manager at LGEUS, the Company determined that the former employee — during the course of their…
Gabrielle Russon reports on your latest reminder of the insider threat: A fired Disney World employee is accused of hacking into an online system and altering Disney World restaurant menus by changing fonts and prices, adding profanity and manipulating the food allergy warnings, according to new federal documents. The cyberattack caused at least $150,000 in damage…
Harvey Cashore, Daniel Leblanc report: At the height of this year’s tax season, the Canada Revenue Agency discovered that hackers had obtained confidential data used by one of the country’s largest tax preparation firms, H&R Block Canada. Imposters used the company’s confidential credentials to get unauthorized access into hundreds of Canadians’ personal CRA accounts, change…
Over on SuspectFile, Marco A. De Felice writes: In August 2023, Postel S.p.A., a leading Italian company in the postal services and digital communications sector, became the victim of a serious cyberattack. The Medusa cybercriminal group exploited unresolved vulnerabilities in the company’s systems, gaining access to a large amount of sensitive data. This breach raised significant…