Eric Yoder reports: The Veterans Affairs Department, while responding to requests for records on veterans’ benefits claims, “put millions of people at risk of identity theft” by not deleting personally identifying information on other people from those records, an audit has found. That information included names and Social Security numbers of people such as other…
Category: Commentaries and Analyses
A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems
Andy Greenberg reports: Iranian hackers have carried out some of the most disruptive acts of digital sabotage of the last decade, wiping entire computer networks in waves of cyberattacks across the Middle East and occasionally even the US. But now one of Iran’s most active hacker groups appears to have shifted focus. Rather than just standard…
Physical and cyber threats collide in data theft incidents at N.J. businesses
Joel Griffin reports: For years, cybersecurity experts have warned about the lengths that criminals will go to in gaining access to the network of their intended victim, including exploiting flaws in an organization’s physical security program to achieve their goals. Some security practitioners brushed aside these concerns convinced that these so-called “hackers,” often portrayed as…
UK public sector IT chiefs shrug off breach threats: The data we hold isn’t that important
Gareth Corfield reports: Half of UK public sector IT chiefs think the data they’re responsible for protecting is less valuable than private sector information, according to a survey by antivirus firm Sophos. Just over 50 per cent of 420 senior managers quizzed by Sophos agreed with the statement: “The data held by my organisation is…
Indian onlinebloodbank FINALLY secures exposed donors database
It’s been a frustrating matter, but it may finally be resolved, thanks to the individual known as @fs0ciety on Twitter. In May 2019, DataBreaches.net was alerted to an online bloodbank in India that had a misconfigured Amazon s3 bucket. Despite repeated emails by this site and even a phone call from Banbreach infosec in India,…
TW: Online box office EZding liable for data theft and consequential damages
Arthur Shay of Shay and Partners writes: In September 2019 a landmark appeal court decision found an online information service provider liable for consequential damages of data theft. In April 2017 subscribers and users of one of Taiwan’s most popular box office websites, EZding, reported numerous data theft incidents. EZding rejected the complaints about its…