Update Feb. 2, 2017: The list for 2017 has been moved to its own post that will be updated as more incidents are reported. Original post: First it was Dracut Schools. Then it was Tipton County Schools and then Odessa School District whose employees had their SSN and information from W-2 forms acquired by criminals in phishing…
Category: Of Note
Has LeakedSource.com been raided by feds?
Zack Whittaker reports: LeakedSource, a for-profit breach notification site that helped break the news of some of last year’s largest data breaches, has apparently been raided by law enforcement. News of the raid, which can’t be confirmed at the time of writing, first broke on Thursday through a note posted on a vritual markets forum earlier in…
Google Removes Ransomware-Laden App From Play Store
Jai Vijayan reports: A ransomware sample that was recently discovered embedded in an Android application on Google Play Store suggests that threat actors may have found a dangerous new way to get extortion malware on mobile devices. The malware, dubbed Charger, is believed to be the first instance of ransomware being successfully uploaded to Google’s…
Realty firm fined $10,000 by Singapore regulator for data security failure
Singapore’s Personal Data Commission has imposed a $10,000 penalty on Propnex Realty for failing to make reasonable security arrangements to prevent unauthorized access of individuals’ personal data stored online. On December 28, 2015, the Personal Data Protection Commission (“Commission”) received a complaint from a complainant in relation to the publication online of the Propnex Realty’s internal…
Telus releases Hamilton woman’s personal information to her stalker
Adam Carter reports on a small-N breach that reminds us all how horrifying the consequences of a privacy breach can be: A Hamilton woman says Telus violated her privacy and put her and her family in grave danger by allowing her stalker to access her phone account without her consent. Ellie, whose name has been…
218,000 AlphaBay marketplace users’ private messages acquired by bug hunter
If you’re a darknet vendor who has the skills to really test the security of marketplaces where you might hawk your wares, what do you do? Well, if you’re a vendor known as “Cipher0007” on reddit, and you find problems, you try to alert the marketplace, and then go public if they don’t respond promptly. This…