Jordan Robertson reports: Days before Christmas in 2015, Juniper Networks Inc. alerted users that it had been breached. In a brief statement, the company said it had discovered “unauthorized code” in one of its network security products, allowing hackers to decipher encrypted communications and gain high-level access to customers’ computer systems. Further details were scant,…
Category: Commentaries and Analyses
Dallas Independent School District reveals breach, but details are still missing
As seen on their web site: Information on Dallas ISD data security incident The Dallas Independent School District recently received notice of a data security incident involving the district’s electronic records that may affect former and current students, alumni, parents, and district employees. The confidentiality, privacy, and security of information in our care is one…
Audit of the Department of Defense’s Controls on Health Information of Well-Known Department of Defense Personnel (DODIG-2021-106)
Summary from the OIG: Objective The objective of this audit was to determine whether the DoD effectively controlled access to health information of well-known DoD personnel. Background The DoD maintains millions of electronic health records on its DoD beneficiaries, [REDACTED] DoD personnel who are granted access to health information to perform their official duties…
Nigerian hacker and a repeat offender sentenced to federal prison for unemployment fraud and tax fraud scheme
Bamidele Muraina, a Nigerian national who hacked into tax preparation firms and filed fraudulent unemployment benefit claims and tax returns using stolen personally identifiable information, and Gabriel Kalembo, a previously convicted fraudster who laundered the fraudulent assets, have both been sentenced to federal prison. The sentencing was announced today by the U.S. Attorney’s Office for…
SEC fines three companies over hacked employee email accounts
Catalin Cimpanu reports: The US Securities and Exchange Commission has fined three brokerage firms on Monday for neglecting to secure employee accounts, incidents that led to the exposure of their customers’ data. Cetera Advisor Networks LLC, Cetera Investment Services LLC, Cetera Financial Specialists LLC, Cetera Advisors LLC, and Cetera Investment Advisers LLC (collectively, the Cetera entities); Cambridge…
VaxiCode flaw: Quebec refused to give immunity to the whistleblower
Thomas Gerbet reports (machine translation follows): Contrary to what the Minister of Digital Transformation, Eric Caire, said, the Quebec government has never offered immunity to the computer scientist who discovered the security flaw in the VaxiCode health passport application. Exchanges of emails obtained by Radio-Canada reveal the underside of this affair and show that the…