On March 17, I noted that the General Services Administration (GSA) had disclosed a vulnerability in the System for Award Management (SAM), which could allow some existing users in the system to view certain registration information of other users. The data contained identifying information including names, taxpayer identification numbers (TINs), marketing partner information numbers and bank…
Category: Breach Incidents
1-800-Data Breach
Raj J. Patel reports: Despite the increase in cyberattacks, the Securities and Exchange Commission (SEC) has yet to publish guidelines as to when a corporation should publicly disclose the data loss, system disruption, or other damages caused by a cyber incident — even where the incident caused financial losses. Some companies have included standard warnings…
Privacy Commissioner details ‘web leakage’ research, but declines to name sites found in violation
Matthew Braga reports: The Office of Canada’s Privacy Commissioner has declined to name 11 Canadian websites found to be leaking personal information to third parties without the knowledge of users, but revealed in a blog post that privacy practices had improved after being notified of the government’s concerns. A study found that user names, email…
Iran Airtour Servers Breached by Yourikan
Its been a while since yourikan has been in headlines but that’s about to change. Today yourikan has contacted cwn with a breach on Iran Airtour (https://www.iranairtours.ir/) which is one of Iran’s main airlines which deals with freight, travel tours and chartered flights. > Iran Airtour was established in 1973 by the Iran Air, the Airline of…
Australian customers’ private phone calls online
Ben Grubb reports: “This call may be recorded for training and quality purposes.” And perhaps inadvertently uploaded to the internet if you’re a customer of a certain Australian telco. Recorded voice contracts containing personally identifiable information between telco IF Telecom and its customers have been found online by an Australian security expert while performing a…
NY: Town of Brookhaven data breach ‘was clerical error,’ officials say
Deon J. Hampton reports: Brookhaven Supervisor Edward P. Romaine on Thursday handed off an investigation into the inadvertent online posting of personal information to the town’s law department — the same unit that made the mistake. […] Town officials did not release the name of the employee who mistakenly made public the Social Security numbers…