Category: Breach Incidents

Consulting Firm Accidentally Doxxed Thousands of Employees at America’s Top Defense Contractor

Posted on by Dissent

Lachlan Markay reports: A prominent Washington, D.C.-area consulting firm inadvertently published the names, phone numbers, home addresses, and email addresses of thousands of employees of America’s top aerospace and defense contractor. Publicly available files maintained by the digital consultancy IMGE included extensive personal information on more than 6,000 Boeing employees, from senior executives to program…

Read more

Another Click2Gov victim is revealed in Texas

Posted on by Dissent

Add Sugarland, Texas to any list you are keeping of Click2Gov breach victims.  As with other entities in the second wave of attacks, those residents who used the payment portal to make one-time payments seem to have fallen prey to the attackers.  And as with a number of other CentralSquare Technologies Click2Gov customers, Sugarland will…

Read more

Unsecured backup devices continue to be a hot mess

Posted on by Lee J

After a few years of headlines blaring mega-numbers of records exposed by misconfigured RSYNC backups, we might hope that we would be seeing fewer errors by now. But it seems that RSYNC errors continue at a high rate, exposing massive amounts of data. This month, part of what I did was look at RSYNC errors…

Read more

On the notification warpath, Friday edition

Posted on by Dissent

In 2006, I started advocating that there needs to be a law or regulation that requires businesses to have a method to receive notifications of security alerts. A number of people I respect offered explanations as to why that wasn’t a great idea. But 13 years later, I’m more convinced than ever that we need…

Read more