Kromtech Security has done a follow-up on reports from last year about misconfigured MongoDB installations having their data deleted and replaced by “ransom” messages. The attackers were having a field day back then, but what is happening now? So Kromtech decided to employ a honeypot. It went live on March 1, 2018. And here’s what happened…
Category: Breach Incidents
San Diego City Attorney announces lawsuit against Experian over massive data breach
At first I thought the headline had a typo and that they meant to name Equifax, but they do, indeed, mean Experian. This suit goes back to an incident previously covered on this site that involved Experian acquiring a company, Court Ventures, that had access to another company’s, InfoSearch’s database…. and a bad actor named…
He tried to tell you you’re leaking data. Even after you stupidly blocked him.
Today’s episode of Incident Response Fail involves a cybersecurity professional/bug bounty hunter, Mohamed Suwaiz, and a driver training company in Texas, Smith System, that seemed to stubbornly resist his efforts to alert them to a data leak. Although Suwaiz (@Msuwaiz on Twitter) describes himself as being motivated by bug bounties, when there’s no bounty to…
Six months after TheDarkOverlord attacked their district, School District 6 sends breach notification letters to parents
More than six months after the hacker or hackers known as TheDarkOverlord hacked and terrorized School District 6 in Columbia Falls, Montana, the district has sent parents breach notification letters revealing what they were able – and not able – to determine. Three versions of the March 19th letter, marked “Draft” and signed by Superintendent…
Former nursing home employee admits stealing residents’ credit card numbers
Sam Clancy reports: A 29-year-old woman who worked for a St. Louis County nursing home pleaded guilty to stealing credit card numbers from the home’s residents. Shaniece Borney pleaded guilty to a credit card fraud scheme while she worked at NHC Health Care in 2016 and 2017, a press release from the Department of Justice…
Here’s what you didn’t know about health data breaches in February
Protenus, Inc. has released its February Breach Barometer, with its analysis of 39 health data incidents compiled for them by this site. As I have done in companion posts to their previous reports, I am providing a list, below, of the incidents upon which their report is based. Where additional details are available, I have…