Another day, another SQLinjection attack by JM511 (@JM511 on Twitter). This time, it’s U.K. site, jobsatteam.com. TEAM describes themselves as the largest network of independent job recruiters. JM511 dumped the administrator’s table with 12 individuals’ email addresses, usernames, passwords, full names, and telephone numbers. There’s also a dump of 2,590 members’ names, usernames, passwords (some unencrypted),…
Category: Business Sector
Wattpad users: change your Wattpad and Tumblr passwords
Wattpad‘s site claims More than 40 million people have joined Wattpad, making it the world’s largest community of readers and writers. People use Wattpad to connect with each other while they discover and share millions of free stories. Wattpad stories are available in more than 50 languages and can be read or written from any…
American Airlines, Sabre Said to Be Hit in Hacks Backed by China (UPDATED)
Update: American Airlines subsequently denied having been attacked. SCMagazine reports: “There is no indication or evidence of an attack or that any customer data has been compromised,” said American spokesman Casey Norton, adding that, “Because of a threat to a close partner that we work closely with on reservations we are looking closely at our…
Costco Data Breach a Bigger-Than-Expected Problem
Investopedia reports: Warehouse membership club Costco says it needs more time to secure its photo processing website. Third-party photo service provider PNI Digital Media was hacked last month, causing retailers Costco, CVS Health, and Wal-Mart to take down their respective photo processing websites and post cautionary notes in their place. Costco had notified its customers at the time that…
Advanced Data Processing/Intermedix sued over 2012 insider breach
Remember the Advanced Data Processing/Intermedix insider breach of 2012 where a rogue employee provided ambulance patient identity information to others involved in a tax refund fraud scheme? I had covered it on PHIprivacy.net (cf here and here for just two of the posts) and also on this site (cf, this post). In reporting on the breach, one of the…
UK: ICO issues £180,000 civil monetary penalty in wake of data breaches
The Information Commissioner’s Office (ICO) has issued civil monetary penalty (CMP) of £180,000 to the Money Shop in the wake of two incidents in 2014 that led to a fuller investigation of the Money Shop’s data protection policies and procedures. As described in the notice, on April 16, 2014, a Money Shop store in Lurgan, Northern Ireland was…