Chris Larson reports: Tax information for dozens of University of Louisville employees has been compromised after a hack of the online system the university uses to give employees access to tax documents. John Karman, university director of media relations, said Friday the university confirmed that 83 employees’ W-2 forms were downloaded or accessed without authorization…
Category: U.S.
Gamestop.com Investigating Possible Breach
Brian Krebs reports: Video game giant GameStop Corp. [NSYE: GME] says it is investigating reports that hackers may have siphoned credit card and customer data from its website — gamestop.com. The company acknowledged the investigation after being contacted by KrebsOnSecurity. “GameStop recently received notification from a third party that it believed payment card data from cards…
Leak of diabetic patients’ data highlights risks of giving info to telemarketers
Personal and health information of 918,000 vulnerable seniors was exposed on the Internet for months by a software developer working on a project. No one would have even known about it if the leak hadn’t been found by a guy with “too much time on his hands.” Before you give your personal or health insurance…
Excellus case offers a glimpse into the dark web of private data
Steve Orr of the Rochester Democrat & Chronicle has an interesting follow-up to the Excellus incident that was covered on this site in earlier posts. It seems plaintiff-members who are suing Excellus over the incident claim that their information was found up for sale on the dark web. But who’s selling it, and are the…
Breach of Financial-Aid Tool May Have Compromised Data on 100,000 Taxpayers
Adam Harris reports: Nearly 100,000 taxpayers may have had their personal information compromised by a security breach of an Internal Revenue Service tool that makes it easier to fill out the Free Application for Federal Student Aid, the Fafsa, according to the IRS commissioner, John Koskinen, who testified on Thursdaybefore the Senate Finance Committee. The tool,…
New Tenn. Law: No Breach Notice Needed if Data Encrypted
Andrew M. Ballard reports: Companies don’t need to notify Tennessee citizens of personal data breaches if the information was encrypted, under a new law that took effect April 4 and clarifies confusion created by a 2016 amendment. The measure reinstates language in the state’s data breach notice law to remove any doubt that companies do…