The Office of Inadequate Security
Proposed order will prohibit GoDaddy from misleading customers about its security protections and require it to establish a robust information security program January 15, 2025 The Federal Trade Commission will require web hosting company GoDaddy to implement a robust information security program to settle charges that the company failed to secure its website-hosting services against…
UPDATE of January 16, 2025: I am stunned by the response to this post and the number of people asking me how they can file a claim or get help. This breach was in 2017. If you never filed a claim when the settlement was open for claims, it’s too late to file now. Read…
Lucas Ropek reports: A former Disney employee who was fired for misconduct has admitted to hacking into the company’s menu creation software to alter key details, including food allergy information that could have been dangerous to customers at the resort’s restaurants. A complaint brought by the Justice Department last year claimed that a man named…
Over on TechDirt, Karl Bode writes: Gravy Analytics, the parent company of Venntel, is like many dodgy data brokers. The company gleans vast troves of sensitive U.S. behavior and location cellphone data, then generally sells access to that data to a long line of folks. Including the U.S. government, which has increasingly turned to buying…
The threat actor known as 0mid16B contacted DataBreaches this morning to alert this site to a breach involving a U.K. photo business, DEphoto (DEphoto[.]biz). DEphoto is an established business for school, sports, club, and event photography. According to 0mid16B, they attacked DEphoto on December 25, and acquired the personal information of 555,952 customers, 429,597 orders…
Brian Krebs reports: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea….