On a single day in May, 108 Los Angeles County employees fell for a phishing attack that affected approximately 756,000 individuals. Here is the press release issued Dec. 16 from the County of Los Angeles Chief Executive Office: The County of Los Angeles today disclosed that it was the victim of a phishing email attack that potentially…
Category: Of Note
Insider breaches dominate in Protenus’s November Breach Barometer
As in previous months, Protenus has summarized what kind of month November was for breaches involving health data. And as the November issue of Breach Barometer makes clear, insider/employee incidents outnumbered external attacks in a month where we first learned of 57 incidents – the largest number of monthly reports this year. One of the main explanations for…
Stolen Yahoo Data Includes Government Employee Information
Jordan Robertson reports yet another worrying aspect to the newly disclosed Yahoo! breach affecting 1 billion users: government employee accounts were involved, and at least one buyer of the database specifically asked about government officials as to whether their data was in the database. Some snippets from his reporting: More than 150,000 U.S. government and military…
Accused mastermind of $100M JPMorgan Chase customer data hack surrenders to feds at JFK
Stepan Kravchenko, Erik Larson, and Bob Van Voris report: An American fugitive who is accused of conspiring to organize the largest known cyber attack on Wall Street arrived back home in the U.S. from Russia, resolving months of negotiations at a moment of high tension over hacking between Moscow and Washington. Joshua Aaron pleaded not guilty…
Yahoo Discloses 1 Billion User Accounts Were Hacked in 2013
From the not-really-a-surprise dept., Vindu Goel reports: Yahoo, already under a cloud from its summertime disclosure that 500 million user accounts had been hacked in 2014, disclosed Thursday that another attack a year earlier had compromised more than 1 billion Yahoo accounts. The newly disclosed attack involved more sensitive user information, including unencrypted security questions….
$17.5 Million Settlement With Owner Of Ashleymadison.com In Joint Multi-State And FTC Agreement
Settlement Follows Investigation Finding That Adult Dating Website Maintained Lax Security Practices, Misled Consumers About Its Data Security, And Created Fake Female Profiles To Entice Male Users In Addition to Penalties, Settlement Requires The Website To Implement Stronger Data Security Program And Cease Deceptive Practices NEW YORK—Attorney General Eric T. Schneiderman joined twelve other states,…