A tip of my cap to Jai Vijayan of Computerworld, who in the process of digging into the second recent University of Florida breach realized that the university had had a third breach in the past three months that hadn’t made the media. Three breaches in three months sounds pretty bad, but it sounds even…
Category: Hack
More recent breaches we didn’t know about
Thanks to the New Hampshire Attorney General’s Office for posting breach notices online: Student Loan Xpress, Inc. reported (pdf) that the service provider for their student loans, American Education Services, inadvertently transmitted personal information on student loans to another lender that AES also has contracts with. The information may have included names, addresses, Social Security…
StayFriends members’ personal info exposed by SQL injection
The same individual, “unu,” who has been exposing other web sites vulnerable to SQL injection, has issued some screen shots showing how the German site, StayFriends, left its over 7 million users’ personal information vulnerable to exposure or access. According to the account of the hack, the exposure involved names, email addresses, passwords, some credit…
It’s Symantec’s turn (updated with response from Symantec)
A hackers’ group has seemingly managed to embarrass another security vendor. After revealing that Kaspersky, BitDefender Portugal, and F-Secure all had vulnerabilities in their sites, the hacker has now reported a blind SQL injection of emea.symantec.com. It’s not clear from the report what kinds of information might have been accessible via the attack. Symantec.com has…
UF notifies thousands of possible breach of ‘Grove’ computer system
From a University of Florida announcement: University of Florida officials are making every effort to notify more than 97,200 people that an intruder gained access to a computer system containing files with their personal information. The files included the names and Social Security numbers of students, faculty and staff who used the “Grove” computer system…
Valley National Bank replaces cards after Heartland
When payment processor Heartland Payment Systems announced it had been breached on January 20, management at Valley National Bank in New Jersey went into action. By January 26, they had notified the New York State Attorney General’s Office that they were replacing 20,013 cards as a result of the breach and had kicked into high…