Brian Krebs has a must-read investigative piece about how ssndob.ms – an underground marketplace selling oodles of usable personal information (some of which we saw earlier this year on exposed.su) – gained access to major U.S. consumer and business data aggregators to obtain some of the data they were selling. LexisNexis, Dun & Bradstreet, Kroll…
Category: U.S.
Unique Vintage notifies customers of long-running hack
We are writing to you because of an incident at Unique Vintage. On September 14, 2013 we discovered a data security incident that involved some of your personal information. Unique Vintage is Payment Card Industry Security Standards Council (“PCI”) compliant and implements the latest measures reasonably possible to protect its customers’ sensitive information. However, the very sophisticated data breach…
Computer server containing Virginia Tech job application info illegally accessed (updated)
Virginia Tech has learned that a computer server in the Department of Human Resources was illegally accessed on August 28, 2013. A VT spokesperson informs DataBreaches.net that the illegal access was from outside the school an IP address in Italy. The server contained information about 144,963 individuals who used the institution’s online employment application process…
Breach notifications: what really happened vs. what they tell us
I’ve often pointed out how breach notification letters to those affected may omit details that consumers might want to know but breached entities probably prefer we not know. I came across another example today. Let’s start with what happened, as described by attorneys for Vector Security to the Maryland Attorney General’s Office. Vector Security provides…
Alabama state employee sentenced for stealing info from state database for tax refund fraud scheme (updated)
An update to a case reported previously on this blog: Lea Tice Phillips, who had been employed by an unnamed Alabama state agency, was sentenced to 94 months in prison and ordered to pay restitution of $567,631 for her role in a tax refund fraud scheme. Phillips had pleaded guilty in May. Aha. Finally we know…
State Farm call center worker misused customers’ credit card information
Two days after a State Farm auto insurance customer made a payment on their insurance policy over the phone, the customer called State Farm back to report that their credit card information had been misused. State Farm investigated, and one month later, on September 4, the insurer notified the Maryland Attorney General’s Office that they…