Commentaries and Analyses – Page 303

Phone numbers for 533 million Facebook users leaked on hacking forum

Posted on April 3, 2021 by Dissent

Catalin Cimpanu reports: A threat actor has published the phone numbers and account details for an estimated 533 million Facebook users —about a fifth of the entire social network’s user pool— on a publicly accessible cybercrime forum. According to samples reviewed by The Record today, the leaked data includes information that users posted on their profiles. Information…

Buying Breached Data: When Is It Ethical?

Posted on April 3, 2021 by Dissent

Jeremy Kirk reports: Security practitioners often tread a fine and not entirely well-defined legal line when conducting data breach research. This research can also pose ethical questions when commercial sources for stolen data fall into a gray area. Kirk’s article on DataBreach Today provides a good overview of the issue. And I totally agree with…

“Anonymous” tries to get this site’s post on MobiKwik censored

Posted on April 2, 2021 by Dissent

On March 30, DataBreaches.net posted an update to a controversial data breach that MobiKwik denies (previous coverage can be found here). The controversy subsequently escalated on Twitter when people started complaining that they had found their data in the leaked database and that it corresponded to what they had on file with MobiKwik. In addition…

A first in Canada: Class action over loss of personal information dismissed on the merits

Posted on April 2, 2021 by Dissent

Stéphane Pitre, Anne Merminod, Alexandra Hebert, Alexis Leray of BLG Law Firm write: On March 26, 2021, the Superior Court rendered a landmark judgment dealing with the loss of personal information, Lamoureux c. OCRCVM, 2021 QCCS 1093. Madam Justice Florence Lucas, J.C.S. dismisses the class action filed by the plaintiff, Danny Lamoureux in its entirety in…

Update: BioTel Heart notifies patients of vendor leak. Did vendor fail to notify them?

Posted on March 31, 2021 by Dissent

A cardiac monitoring firm is now notifying patients after a Google search on their name in January led them to an August, 2020 report on this site about a vendor’s leak. But why didn’t they know about it already from the vendor last year or from the notifications this site had sent them last year?…

Booking.com hit with €475K penalty for failing to report a breach within 72 hours

Posted on March 31, 2021 by Dissent

Politico reports: Hotel booking site Booking.com got hit with a €475,000 fine for being late to report a data breach, the company’s lead EU privacy regulator announced Wednesday. The fine, imposed by the Dutch data protection authority because the company is legally established in Amsterdam, came after criminals stole the personal data of more than…