Eric Katz reports: Customs and Border Protection released the personally identifiable information, including Social Security numbers, of thousands of individuals to dozens of federal agencies during an investigation of cheating on polygraph tests. CBP violated some aspects of the Privacy Act in distributing the information across government, the Homeland Security Department’s inspector general found in…
Category: Commentaries and Analyses
162 million personal data items leaked over six years in Beijing
ECNS reports: More than 162 million personal information items were leaked in the past six years, with courier companies, educational institutes and online stores the major sources, reported Beijing Youth Daily. From 2013 to 2016, courts in Beijing handled 67 cases involving illegal sale or supply of personal information. Those cases that happened from 2010…
U.S. personnel management hack preventable, congressional probe finds
Dustin Volz reports: The U.S. Office of Personnel Management (OPM) did not follow rudimentary cyber security recommendations that could have mitigated or even prevented major attacks that compromised sensitive data belonging to more than 22 million people, a congressional investigation being released on Wednesday has found. Two breaches at the federal agency detected in 2014…
Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops
It’s nice to read reports where the good guys screw the bad guys… Darren Pauli reports: HITB Florian Lukavsky hacks criminals profiting from out-of-control multi-billion dollar CEO wire transfer scams… and they hate him for it. The director of SEC Consult’s Singapore office has made a name striking back at so-called “whaling” scammers by sending malicious Word documents…
As databases from old hacks appear, they also go up for sale
The free market system might appear to be alive and well on the dark web. As sites like LeakedSource add newly leaked databases from hacks in 2012-2015, we are also likely to find the databases up for sale on sites like dark web marketplaces. For current examples, see the listings for the Dropbox database and BitcoinTalk forum database:…
Southwest Portland Dental notifies patients of Patterson Dental breach
There’s a somewhat interesting follow-up to a situation DataBreaches.net first reported in February. Back then, DataBreaches.net had reported that 22,000 patients from several health care providers had their PHI exposed on an FTP server that Patterson Dental used to provide support documentation for its Eaglesoft software. That report was based on information and screenshots provided by a researcher….