Three recent breach reports to the New Hampshire Attorney General’s Office that flew under the media radar: Automatic Data Processing (ADP) reported that a laptop stolen from an associate’s home contained information on A. W. Hastings‘ employees including names, addresses, and Social Security numbers. The laptop, stolen November 12, was encrypted and had a logon…
Category: Hack
New York City Public Advocate notifies web site submitters of security breach, but did they downplay its scope?
It felt like an exercise in futility, but on Christmas Day, I started making phone calls to alert the NYC Office of the Public Advocate that their database had been hacked and personal and sensitive information of those seeking assistance had been exposed. No one ever called me back, but having provided specific details to…
Update: SpecialForces.com hackers acquired 8,000 credit card numbers
On December 14, I became aware of a data dump from a hack of SpecialForces.com, a business that caters to those seeking military gear. As is our now informal policy, I waited a bit to post it to DataLossDB.org so that the firm would have a chance to get their customers’ data removed from the…
Preliminary analysis of Stratfor data dump (updated)
Identity Finder has analyzed some of the data released from the Stratfor hack: 50,277 unique credit card numbers, of which 9,651 are not expired 86,594 email addresses, of which 47,680 are unique 27,537 phone numbers, of which 25,680 are unique 44,188 encrypted passwords, of which roughly 50 percent could be easily cracked 73.7 percent of decrypted passwords…
Attacks on Chinese sites continue: Now it’s 40 million users of Tianya who get the bad news (updated)
Zheng Yi reports: The registration details of about 40 million users of tianya.cn, a big social networking site, were found to have been leaked on Sunday, following last Thursday’s discovery that user information had been leaked from several other websites. According to Web users, tianya.cn was hacked and some 40 million users’ names and passwords…
What was Stratfor’s obligation to secure data and what might this breach cost them?
I thought it might be useful to post part of Texas law that may apply to Stratfor’s duty to protect subscriber data: Sec. 521.002. DEFINITIONS. (a) In this chapter: (1) “Personal identifying information” means information that alone or in conjunction with other information identifies an individual, including an individual’s: (A) name, social security number, date…