Over on Salted Hash, Steve Ragan has also been compiling data on victims of business email compromise (BEC) W-2 phishing scams. BEC W-2 phishing scams are the scams where someone poses as an executive of your organization and sends you an email from an address that at first glance might appear to be real. Their email…
Category: Breach Incidents
Used government computers bought at auction filled with personal information
The 1980s called…. Scott Noll reports that a KHOU investigation “once again found the City of Houston selling private, personal information through online auctions of used government equipment.” What did they find, you wonder? “On one of the computers, we found a database containing over 100,000 medical records,” explained computer expert Gary Huestis. They do…
Data from 2014 hack of children’s online game Bin Weevils leaked online; hacker claims 20m records
We’ve seen it before – in fact, we seem to be seeing it a lot recently – data from an old hack first being publicly leaked. This time it’s Bin Weevils, a British online children’s game, owned by 55 Pixels. In September 2014, Bin Weevils posted a note on their site that they had discovered a “vulnerability”…
Ca: Victim of arson spree questions ICBC’s handling of privacy breach
There’s a follow-up to a breach that I had described as one of the worst insider breaches at its time – because it put lives at serious risk and some victims were firebombed or shot at. Mi-Jung Lee and Kendra Mangione recently interviewed one of the victims, who continues to have concerns about the handling…
Rewards “R” Us members notified of forced password reset
Toys “R” Us has been notifying members of their Rewards “R” Us program after they obtained evidence of attempts to gain unauthorized access to some accounts. A spokesperson for the retailer tells DataBreaches.net: The vendor responsible for our loyalty program made us aware of unauthorized attempts to access our Rewards member accounts. This appears to be…
Victims of W-2 phishing scams (2017 list)
— The list of entities reporting that employee W-2 data was acquired by phishing.– Last year, this site compiled 145 W-2 phishing incidents before I somewhat waved a white flag in terms of trying to keep up, but as I started working on this year’s list, I found even more cases from 2016, bringing the 2016…