Scott Gordon reports: A Fort Worth man who worked for a document shredding company did not destroy bank records and instead shared them with thieves, according to court documents. The number of potential victims is in the thousands and the total loss may be in the millions of dollars, a law enforcement source told NBC…
Category: Breach Incidents
Hacked Japanese Building Research Institute responds to hack
A hacker who identifies him/herself as BH_Hacker has dumped data on Pastebin that allegedly comes from a kenken.go.jp database. The National Institute of Building Research identifies itself as an incorporated administrative agency of Japan. The data dump contains 330 records with first and last names, usernames, email addresses, and telephone numbers. With one exception, there were…
UK: Northamptonshire Police worker breached data law
A woman has admitted using police systems to access information on her ex-partner while employed by the Northamptonshire force. Julie Crust, 42, of Northfield Road, Northampton, admitted six counts of breaching data protection laws at Northampton Magistrates’ Court. The court heard she was employed as an administrative worker when the offences took place. Crust was…
Cerberus notifies users to reset paswords after some users’ usernames and encrypted passwords accessed
Email sent to Cerebus App users today (confirmed by Cerebus): Hi [username], Our Security Team recently discovered and blocked suspicious activity on Cerberus servers. The investigation found no evidence that your account was in any way accessed or compromised. However, the attacker(s) were able to gain access to usernames and encrypted passwords for a subset of…
Michaels Stores: two months later, no update?
On January 25, Michaels Stores issued a statement that began: Michaels Stores, Inc. (the “Company” or “Michaels”) recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting that the Company may have experienced a data security attack. The Company is working closely with federal law enforcement and is conducting an…
Law firm notifies employees after vendor’s server accessed
So here’s another case where a vendor’s database was accessed by someone who was able to acquire a client’s login credentials: The international law firm of McKenna Long & Aldridge notified the Maryland Attorney General’s Office on February 26 that 441 current and former employees’ W-2 information and other information were involved: As a result…