John Leyden reports: Basic design flaws on a Labour party members forum exposed the email addresses of users to harvesting. Surfers who register through the site http://members.labour.org.uk were invited to confirm their membership, and activate their account, by clicking on the link in an email sent to a specified account. The email follows the form…
Category: Breach Incidents
Ie: Data breach at RecruitIreland.com
Aoife Carr reports that Gardai are investigating a security breach involving the recruitment website RecruitIreland.com: It is thought that names and e-mail addresses of those registered with the site were accessed for spamming purposes. The site was shut down yesterday afternoon when the breach was noticed….. CVs, usernames and passwords are not thought to have…
UK: Councils fined for unencrypted laptop theft
The Information Commissioner’s Office (ICO) today served Ealing Council and Hounslow Council with monetary penalties for serious breaches of the Data Protection Act after the loss of two unencrypted laptops containing sensitive personal information. Ealing Council provides an out of hours service on behalf of both councils, which is operated by nine staff who work…
Marriott Vacation Club Intl reports data loss involving paper records
On December 27, Marriott Ownership Resorts (d/b/a Marriott Vacation Club International) learned that _____ timeshare maintenance fee payment slips that had been processed by _____________ Bank were in a box that had been damaged in transit to Marriott’s corporate offices by major overnight shipping service, ________ and that some of the payment slips had been…
Anonymous Hacks into Security Firm’s Network and Steals Confidential Data
Another hactivist incident. Lucian Constantin reports: Members of the Anonymous collective have broken into the network of a security firm and exposed its internal communications, after it claimed to know the identity of the group’s founders. Last week, Aaron Barr, the head of an information security firm called HBGary Federal, told the Financial Times that…
Follow-up to RBS Breach: Russian hacker admits guilt in $10 million cyber theft x
Reuters reports: A Russian man has pleaded guilty in court to stealing $10 million from former Royal Bank of Scotland division World Pay in 2008 by hacking into accounts, RIA News reported on Monday. Investigators said 27-year-old Yevgeny Anikin was a member of an international hacking ring that copied client account information and boosted the…