Today’s episode of Incident Response Fail involves a cybersecurity professional/bug bounty hunter, Mohamed Suwaiz, and a driver training company in Texas, Smith System, that seemed to stubbornly resist his efforts to alert them to a data leak. Although Suwaiz (@Msuwaiz on Twitter) describes himself as being motivated by bug bounties, when there’s no bounty to…
Category: Breach Incidents
Six months after TheDarkOverlord attacked their district, School District 6 sends breach notification letters to parents
More than six months after the hacker or hackers known as TheDarkOverlord hacked and terrorized School District 6 in Columbia Falls, Montana, the district has sent parents breach notification letters revealing what they were able – and not able – to determine. Three versions of the March 19th letter, marked “Draft” and signed by Superintendent…
Former nursing home employee admits stealing residents’ credit card numbers
Sam Clancy reports: A 29-year-old woman who worked for a St. Louis County nursing home pleaded guilty to stealing credit card numbers from the home’s residents. Shaniece Borney pleaded guilty to a credit card fraud scheme while she worked at NHC Health Care in 2016 and 2017, a press release from the Department of Justice…
Here’s what you didn’t know about health data breaches in February
Protenus, Inc. has released its February Breach Barometer, with its analysis of 39 health data incidents compiled for them by this site. As I have done in companion posts to their previous reports, I am providing a list, below, of the incidents upon which their report is based. Where additional details are available, I have…
‘Mera Aadhaar Meri Pehchan Filetype pdf’ Scare! UIDAI Warns, Precautions Must While Sharing Aadhaar Number Online
The media in India seem to have fueled anxiety over Aadhaar security when the problem wasn’t with the security of the Aadhaar database itself. Stories sounding alarms about how Aadhaar data are easily found on third party sites are only confusing a lot of people, it seems. Yes, the data should not be exposed like…
Did Columbia Falls Schools treat an extortion payment made to TheDarkOverlord as a dirty little secret?
Update of March 12: After this story appeared on March 9, DataBreaches.net received a call from Superintendent Bradshaw, who had been out of town when my email had arrived. This story has been updated – and corrected occasionally – to incorporate his answers. If students are at risk of significant emotional damage because highly sensitive…