Derek Borchardt and Craig A. Newman write: In the first notable resolution of a data breach-related securities fraud case, a federal court has preliminarily approved Yahoo!’s $80 million settlement based on multiple hacking incidents. As we reported, Yahoo! suffered two cyber-attacks in 2013 and 2014, which compromised the personal information of billions of users. Yahoo!,…
Category: Of Note
Identities of thousands of Tennesseans with HIV made vulnerable by government error
Bret Kelman reports: For nine months, the confidential data just sat there, where hundreds of employees could reach it. The identities of thousands of Tennesseans with HIV or AIDS, both living and dead, were listed in a computer database kept on a server accessible to the entire staff of the Nashville Metro Public Health Department. But…
The 111 Million Record Pemiblanc Credential Stuffing List
Troy Hunt reports: ……. I’ve just loaded 111 million email addresses found in a credential stuffing list called “Pemiblanc” into HIBP. I had multiple different supporters of HIBP direct me to this collection of data which resided on a web server in France and looked like this: That site has now been taken down…
DOJ backtracks on linking OPM hack to loan fraud case
From the not-surprised dept.: I had suggested previously that claims that data used in identity theft came from the OPM hack were not very convincing. Now the government has walked back any claim that the data did come from the OPM hack. Mark Rockwell reports: The Justice Department said it jumped the gun with a…
MyEtherWallet Warns of [Another] Hack, Urges Hola Users to Move Funds
CCN reports: Popular Ethereum wallet interface and token wallet MyEtherWallet is – yet again – at the center of a significant security breach and has warned its users utilizing a popular VPN to move their funds. MyEtherWallet (MEW) is now reeling from its second major security compromise in under three months after claiming hackers compromised…
Security Firm Sued for Failing to Detect Malware That Caused a 2009 Breach
Catalin Cimpanu reports: Two insurance companies are suing a cyber-security firm to recover insurance fees paid to a customer after the security firm failed to detect malware on the client’s network for months, an issue that led to one of the biggest security breaches of the 2000s. Read more on Bleeping Computer about how Lexington Insurance…