Josh Renaud reports: The Social Security numbers of school teachers, administrators and counselors across Missouri were vulnerable to public exposure due to flaws on a website maintained by the state’s Department of Elementary and Secondary Education. The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials…
Category: Government Sector
350 Qld border-pass applicants caught in police privacy breach
Matt Dennien reports: The Queensland Police Service has again been caught up in a privacy breach, this time involving the email addresses of more than 350 people – including AFP, Defence and Queensland Health staff –trying to return to Queensland. Read more on The Age. So after telling recipients to keep the invitation hush-hush, they…
Za: Ransomware attack crisis over, says justice department
Gill Gifford reports: Most online services, the payment of child maintenance to beneficiaries and the electronic recording of court proceedings is virtually back to normal after last month’s ransomware attack on the Department of Justice and Constitutional Development. The September attack led to a massive crisis, causing major disruptions to all divisions — including the…
Parents furious after personal information is leaked in 2nd data breach in online program
Rachel Keller reports: The Virginia Department of Behavioral Health and Developmental Services (DBHDS) is now investigating after some residents’ personal information was leaked in a data breach of one of their online programs. At 10 a.m. on Thursday, Oct. 7, families on the waiting list to receive Individual and Family Support Program funding logged onto the…
Plumsted Township reveals data breach in April-May
Today’s reminder that health data shows up everywhere: an attack on Plumsted Township in New Jersey via employees’ email accounts. For more than 1 month, the attacker had access to their email environment. From the town’s notification: While the specific data elements vary for each potentially affected individual, and it is important to note that…
Threat actors sometimes name the wrong victims — so why are you just repeating their claims?
Since March, 2021, data exfiltrated from Butler County Sheriff’s Office has been dumped on the dark web and clear net, but those affected may never have known that because the threat actors named the wrong victim. Relying too much on the word of criminals, researchers and compilations also misidentified the victim. Researchers and journalists should…