Jack Julian reports on a truly horrific leak: A Dartmouth, N.S., woman whose personal information was exposed in the province’s worst-ever privacy breach says the experience has left her angry and hurt. “I felt violated,” the woman said. CBC News is shielding the woman’s identity because the files leaked by the province’s online freedom of information portal…
Category: Of Note
Monster 773 million-record breach list contains plaintext passwords
Dan Goodin reports: Have I Been Pwned, the breach notification service that serves as a bellwether for the security of login credentials, has just gotten its hands on its biggest data haul ever—a list that includes almost 773 million unique email addresses and 21 million unique passwords that were used to log in to third-party…
Over 140 International Airlines Affected by Major Security Breach
Sergiu Gatlan reports: Potential attackers could view and change private information in flight bookings made by millions of customers of major international airlines because of a security issue in the Amadeus online booking system found by Safety Detective’s Noam Rotem. Currently, the Amadeus ticket booking system is being used by 141 international airlines which gives…
DoD Health Agency Security Flaws Put Patient Data at Risk, OIG Finds
Jessica Davis reports: The Department of Defense Health Agency (DHA) failed to consistently implement security measures to protect the systems that stored, processed, and transmitted electronic health record and patient information, according to a DoD Office of Inspector General report released this week. The report found DHA and Army officials didn’t enforce the use of Common…
Massive Oklahoma Government Data Leak Exposes 7 Years of FBI Investigations
Thomas Brewster reports: Another day, another huge leak of government information. Last December, a whopping 3 terabytes of unprotected data from the Oklahoma Securities Commission was uncovered by Greg Pollock, a researcher with cybersecurity firm UpGuard. It amounted to millions of files, many on sensitive FBI investigations, all of which were left wide open on…
U.S. authorities charge several people in SEC hacking scheme
Jonathan Stempel reports: U.S. authorities on Tuesday charged several individuals and companies in a scheme to trade on information in nonpublic corporate press releases by hacking into a U.S. Securities and Exchange Commission database. In a filing with the U.S. District Court in Newark, New Jersey, the SEC said individuals in the United States, Russia…