Of course, the fourth quarter ended before they announced that they had been breached. They had this to say about the breach in their press release today (via Marketwatch): Clearly our biggest challenge in 2009 will arise from the system breach we suffered. There are two main components to the challenge we face: addressing claims…
Category: Hack
How many strikes before they’re out?
A tip of my cap to Jai Vijayan of Computerworld, who in the process of digging into the second recent University of Florida breach realized that the university had had a third breach in the past three months that hadn’t made the media. Three breaches in three months sounds pretty bad, but it sounds even…
More recent breaches we didn’t know about
Thanks to the New Hampshire Attorney General’s Office for posting breach notices online: Student Loan Xpress, Inc. reported (pdf) that the service provider for their student loans, American Education Services, inadvertently transmitted personal information on student loans to another lender that AES also has contracts with. The information may have included names, addresses, Social Security…
StayFriends members’ personal info exposed by SQL injection
The same individual, “unu,” who has been exposing other web sites vulnerable to SQL injection, has issued some screen shots showing how the German site, StayFriends, left its over 7 million users’ personal information vulnerable to exposure or access. According to the account of the hack, the exposure involved names, email addresses, passwords, some credit…
It’s Symantec’s turn (updated with response from Symantec)
A hackers’ group has seemingly managed to embarrass another security vendor. After revealing that Kaspersky, BitDefender Portugal, and F-Secure all had vulnerabilities in their sites, the hacker has now reported a blind SQL injection of emea.symantec.com. It’s not clear from the report what kinds of information might have been accessible via the attack. Symantec.com has…
UF notifies thousands of possible breach of ‘Grove’ computer system
From a University of Florida announcement: University of Florida officials are making every effort to notify more than 97,200 people that an intruder gained access to a computer system containing files with their personal information. The files included the names and Social Security numbers of students, faculty and staff who used the “Grove” computer system…