From LeakedSource: Twitter credentials are being traded in the tens of millions on the dark web. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data. This data set was provided to us by a user who goes by the alias “[email protected]”, and has given us permission…
Category: Of Note
Morgan Stanley Fined Over Inadequate Security Tied to Galen Marsh Data Breach
Matt Robinson reports that Morgan Stanley has been fined $1 million by the U.S. Securities and Exchange Commission to settle allegations that it failed to protect customer data improperly taken by a former financial adviser, Galen Marsh. Marsh pleaded guilty in September, 2015 to making thousands of unauthorized searches on his employer’s system and to copying information on…
ERISA and Cybersecurity
Larry Goldstein of McGuireWoods LLP writes: Employee benefit plan data stored online may include participants’ names and Social Security numbers, account information and protected health information (PHI), all of which are inviting targets for hackers. Highly-publicized data breaches in recent years have called attention to the obligations of benefit plan administrators (typically the employers sponsoring…
Extortion E-mail Schemes Tied to Recent High-Profile Data Breaches
A public service announcement from the FBI (Alert Number I-060116-PSA): The Internet Crime Complaint Center (IC3) continues to receive reports from individuals who have received extortion attempts via e-mail related to recent high-profile data thefts. The recipients are told that personal information, such as their name, phone number, address, credit card information, and other personal details,…
Danish Authorities Investigate OkCupid Incident
Joseph Cox reports the follow-up to a breach that I covered on PogoWasRight.org. The breach involved a Danish grad student dumping OkCupid users’ personal and sensitive info in a data set for “research” purposes, claiming it was “public” data. They had neither sought nor obtained consent to scrape the user database, and although they did not include…
CFAA overreach: FBI raids home of security researcher
From the stop-me-if-you’ve-heard-this-one-before dept: Over on Daily Dot this morning, I reported that the FBI executed a search warrant at the home of researcher Justin Shafer. Shafer’s name will be familiar to regular readers of DataBreaches.net because he exposed a long-standing security vulnerability in Dentrix software and challenged Henry Schein’s claims that their product provided “encryption.” Our combined efforts resulted in…