Brian Krebs of Security Fix reports that Sprint sent letters to several thousand customers to inform them that a former employee sold or otherwise provided their account data without permission between December 2008 and January 2009. Updated Apr. 1: Sprint’s notification (pdf) to the NH Attorney General is now available online.
Category: Breach Incidents
BT rebuts vulnerability claims
(This is a follow-up to a story reported here). Today, John Leyden of The Register reports that BT.com claims that the flaws HackersBlog reported only involved test systems and that no customer data were at risk. Whether BT’s statement was issued before or after HackersBlog published more about the alleged vulnerability and databases they were…
Pentel online store hacked; customer credit card data accessed
Pentel customers who ordered online at www.pentelstore.com were recently notified that hackers accessed their personal information and credit card information. By letter dated March 3 to the New Hampshire Attorney General, the pen manufacturer reported (pdf) that on January 20, its web maintainer and server host notified them that between December 11, 2008, and January…
Minnesota agency accidentally reveals personal info of employees
Politics in Minnesota reports that the Minnesota Management and Budget (MMB) accidentally revealed employees’ home towns instead of “town of duty station” in response to a freedom of information law request that also requested state employees’ name, salary, job title, and agency. The information was posted to a web site by whoever had requested it,…
Coleman campaign donors warned about possible breach
The Associated Press is reporting that Minnesota Republican Norm Coleman has asked for a federal investigation into whether his Senate campaign donors’ confidential data have been breached. The campaign first became aware of the possibility of a breach in January but their investigation at the time did not uncover any unauthorized access to the information….
Lost or Missing in the UK
Brian Meechan of BBC Wales reports that in 2007, a CD with the personal details of more than 2,300 crime victims was lost in the post by Gwent Police, but none of those affected were ever notified because the police decided that the data could not be accessed. The CD had been password-protected, but the…