It appears we should add the University of Chicago to schools hacked by Carbonic. And yes, chalk it up to another SQLi vulnerability. In a statement to DataBreaches.net, @MarxistAttorney reported that they got payroll information, employee IDs and a “substantial amount of information they didn’t publicize.” A copy of the url vulnerable to SQLi exploit was…
Category: U.S.
Ex-Air Force sergeant pleads guilty to stealing credit cards, personal ID at San Diego bases
How… dishonorable. The AP reports: A retired Air Force senior master sergeant who stole credit cards and identification from dozens of military members in the San Diego area has pleaded guilty to wire fraud and aggravated identity theft. Christopher Underwood entered the pleas on Thursday. He could face more than 20 years in federal prison….
Travelers Sues Web Designer Over Alpine Bank Website Data Breach
Law360 reports: Travelers Casualty and Surety Co. of America on Wednesday sued an Illinois-based Web design company, saying the company’s negligence in designing and maintaining a community bank’s website contributed to a data breach for which the insurer was left on the hook. Travelers accuses Ignition Studio Inc. of allowing hackers to access Alpine Bank‘s…
Court Rules in Favor of Breached Retailer
Tracy Kitten reports: A breached retailer has won a court ruling against its payments processor and merchant bank, setting a $500,000 cap on how much it must pay for a point-of-sale breach it suffered in late 2012. Now the processor and bank must pick up the rest of the breach-related tab. […] On Jan. 15,…
Malware infects Arkansas state computers; data said secure
Claudia Lauer reports: The Arkansas Department of Information Systems blocked all .zip files from the state’s email system after a malware attack was identified. The department sent out notice over email and social media about 10:30 a.m. Wednesday. Department spokesman Janet Wilson said only a fraction of the more than 15,000 computers on the state’s…
TX: Data breach hits MPISD employees
Gary Borders reports: Personal information of approximately 915 present and former staff members of Mount Pleasant ISD may have been compromised between Jan. 18 and Jan. 21. […] When technology director Noe Arzate clicked on the link in the Tweet, “it took him to a downloaded file that included name, address and Social Security numbers” of…