Hunton Andrews Kurth writes: On August 14, 2024, the Committee on Foreign Investment in the United States (“CFIUS”) disclosed that it had assessed a $60 million penalty against T-Mobile US, Inc. (“T-Mobile”) in connection with unauthorized data access incidents following T-Mobile’s 2020 merger (the “Merger”) with Sprint Corporation (“Sprint”). CFIUS is a U.S. government interagency…
Category: Business Sector
NationalPublicData.com Hack Exposes a Nation’s Data
Brian Krebs reports: On July 21, 2024, denizens of the cybercrime community Breachforums released more than 4 terabytes of data they claimed was stolen from nationalpublicdata.com, a Florida-based company that collects data on consumers and processes background checks. The breach tracking service HaveIBeenPwned.com and the cybercrime-focused Twitter account vx-underground both concluded the leak is the same information first put up for…
Tabb Inc. Security Gaffe Exposes 200,000 Background Check Files for More Than Six Months (1)
An unsecured backup blob exposed pre-employment background checks on approximately 200,000 people. Applicant files contained various amounts of personal and occupational information, including SSN, name, address, driver’s license, date of birth, education and employment history, and in some cases, criminal background checks. Files went back 15 years. The blob was unsecured for at least six…
ADT hacked; firm says “limited customer data” involved
It is always a bit awkward when threat actors reveal a breach before the victim releases their version of events. In this case, home safety giant ADT notified the SEC about a breach after data from it was already being leaked on a hacking forum. On July 31, a forum user with a high positive…
Personal Data of 3 Billion People Stolen in Hack, Suit Says
Cassandre Coyer reports: Jerico Pictures Inc., a background-check company doing business as National Public Data, exposed the personal information of nearly 3 billion individuals in an April data breach, a proposed class action says. On April 8, a cybercriminal group by the name of USDoD posted a database entitled “National Public Data” on a dark…
Ring, Ring, it’s the FCC Calling- TracFone to Pay $16M to Settle FCC Investigation
Liisa M. Thomas, Tracy Chau, and Kathryn Smith of SheppardMullin write: TracFone, the pre-paid phone company, recently settled with the FCC over allegations that the company failed to protect customer information during three different data incidents. According to the FCC, in each of the incidents, threat actors gained access to customer information, including names, addresses, and features…