Lucian Constantin reports: A grey hat hacker has found a critical SQL injection weakness on the official Kaspersky Lab websites in Malaysia and Singapore. Exploiting the vulnerability leads to full compromise of the underlying database, which contains customer information, product keys and other sensitive data. The attack has been documented by a Romanian hacker calling…
Category: Breach Incidents
Businesses still plagued by data breaches
An article by Jackie Noblett includes references to some recent breach notifications affecting Massachusetts residents that I do not recall ever seeing covered in the media: Three separate breaches at State Street Corp. affecting 42 Massachusetts residents involved State Street employees accidentally sending personal information of a customer to the wrong client or financial adviser…
Microsoft and Danger to blame for Sidekick data loss – lawsuit
Courthouse News has uploaded a copy of a class action lawsuit against Microsoft and Danger Inc. The complaint, filed by Terrence and Katie Teraszcka, Adam Beckelman, and Michael Guerrero in Cook County Court on November 17th, alleges that the defendants negligently failed to back up data before a network upgrade, resulting in Sidekick users losing…
Update: Notre Dame U. breach affected 24,000 (updated)
As an update on a Notre Dame University breach involving exposure of personal information including SSN on the web, Sarah Mervosh of The Observer reports that 24,000 individuals, mostly employees but some students who worked for the university, were affected by the incident. Reactions to the university’s handling of the breach and notification varied, depending…
T-Mobile data scam detected a year ago
Chris Williams reports: The Information Commissioner’s Office (ICO) has been investigating the theft and sale of T-Mobile customers’ personal data for almost a year, it has emerged. News of the security breach, which saw rogue staff at the mobile operator divulge contract details to cold-calling marketeers, was only released to customers last month. According to…
Security Breach at MedSolutions
Steve Keene reports: The NCMS [North Carolina Medical Society] received information today that a significant security breach occurred involving the MedSolutions website. MedSolutions is the vendor for NC Medicaid that administers the high-tech diagnostic imaging pre-authorization program. For a period of time that has not been clearly defined the name, address, email, and taxpayer ID…