Back in January, I noted that the ICO was preparing to levy a huge fine on Brighton and Sussex University Hospitals NHS Trust after hard drives with patient data were stolen and put up for sale on eBay. We later learned that the thief was an employee of a contractor. The possibility of the fine was revealed by the…
Category: Of Note
New Math, data breaches version
As a survivor of New Math, it’s somewhat amazing that I’m willing to deal with numbers or math at all. Yet, here I am, with a simple equation as today’s New Math: UNCC + UN = time for regulation Simple, elegant, and somewhat nonsensical as a math equation, but two recent education sector breaches do…
University of Nebraska breach needs to reverberate in Washington, D.C.
The University of Nebraska disclosed a breach last week, which I dutifully entered on DataLossDB. The breach sounded like it could be huge, despite the university’s statement that it had no evidence (at that time) that any data had been downloaded: The NeSIS database includes Social Security numbers, addresses, grades, transcripts, housing and financial aid…
Computer security breach at Serco affects 123,000 Thrift Savings Plan participants
Hazel Bradford reports: A cyber attack on a computer of a contractor for the $313 billion Thrift Savings Plan, Washington, could have compromised account information for about 123,000 plan participants, the Federal Retirement Thrift Investment Board, which oversees the plan, announced Friday. […] The attack was made on a computer at Serco Inc., a contractor…
WHMCS victim of social engineering; over 500,000 client records stolen, deleted from server, and dumped publicly
Why hack when you can socially engineer employees into giving you the keys to the kingdom? Client management billing platform WHMCS reports that hacker group UGNazi successfully socially engineered their web hosting firm into providing the hackers with admin credentials. The hackers then proceeded to acquire their data, delete it, and dump it. The attack…
Il: Six indicted over Population Registry data theft
More on a breach previously mentioned on this blog last year. Joanna Parasczuk reports on the evolution of a data breach that started in 2006 as an insider breach and ultimately affected everyone in Israel, it seems: The Tel Aviv District Attorney has charged six people, including a computer programmer formerly employed as a Social…