Ah, that pesky human error strikes again. Marianne Favro reports: Attention, Old Navy shoppers: Your credit card receipt, with full account number and signature, may have ended up in a random mailbox in Upstate New York. Anita Vogel lives in West Seneca, New York, near Buffalo. She recently received a package in the mail containing…
Category: Exposure
The Coupons App – Android Coupons App leaks your personal information to everyone – Appthority
In this bad app report we’ll be looking at one of the most popular coupon apps for Android, and how it shares private data it collects from mobile devices. This app also illustrates how privacy issues can extend beyond just the servers used by the app from using HTML5, by mishandling private data, they have…
VA: Supt. of Loudoun County Public Schools statement on breach (updated)
Statement on the school district’s website from Supt. Dr. Edgar B. Hatrick: Recently, the school system was informed of a security breach involving one of our software vendors. The vendor, Risk Solutions International, maintains the school system’s Emergency Management Plans. The website contains some personal information about students and staff members that is normally restricted to…
ZA: Hacker reveals e-toll website security flaw
Jan Vermeulen reports that a hacker has reported a vulnerability in the SANRAL website that exposes user information: This is due to a page on the South African National Roads Agency Limited (Sanral) website which can be exploited to expose the PIN of any registered e-toll website user. The page is intended to be used…
Acting Medicaid Director Releases Information on the Incorrect Mailing of Medicaid Cards
Raleigh, N.C. – Today, Department of Health and Human Services Acting Medicaid Director Sandra Terrell released the following information regarding the incorrect mailing of 48,752 Medicaid cards to the wrong addresses: After a review of the incident, it has been determined that some Medicaid cards were incorrectly sent because of human error in computer programming and…
Omniquad Surf Wall Remote injects string into the browser user agent that identifies users – claim
Back in October 2010, I noted a breach involving managed security services provider Omniquad. Omniquad acknowledged the breach that involved helpdesk tickets leaking online, but the firm’s managing director, Daniel Sobstel, subsequently claimed that Webroot reseller Infosec Technologies started contacting his customers and passing on misleading information about the size of the data breach. Now…