Here’s Mandiant’s report on the breach at the South Carolina Department of Revenue. From the Executive Summary, a summary of the attack: Summary of the Attack A high level understanding of the most important aspects of the compromise are detailed below. 1. August 13, 2012: A malicious (phishing) email was sent to multiple Department of…
Category: U.S.
Haley admits hacking errors; revenue chief resigns
Governor Haley has now walked back some of her more irritating claims about South Carolina’s massive data breach. Seanna Adcox of Associated Press reports: A report on a massive security breach at the South Carolina tax collection agency shows the state could have done more to protect personal information for nearly 4 million taxpayers, Gov. Nikki…
Breach notification done right? (Nationwide hack, updated)
I spend a lot of time criticizing breach notifications, so it’s nice when I can occasionally point to a positive example. Without considering whether the breach could have been prevented, consider this notification letter from Nationwide Insurance, dated November 16: We want to make you aware that a portion of our computer network was criminally…
Haley: SCDOR hacking may not have been preventable
Color me stunned. In one breath, Governor Haley says that even with what is known now, there is “no way to say it could have been prevented.” Then we learn that investigators “believe that a hacker tricked someone at the Department of Revenue into opening a file that gave the hacker access to the system.”…
Couple Stole the Identities of Doctors Who Applied for Fellowships at Johns Hopkins Hospital and Patients at Highlandtown Community Health Center
Another scheme involving insider breaches comes to light in Baltimore. The U.S. Attorney’s Office in Maryland reports: Ringleader Derrick Hill, age 52, and his girlfriend Renee Cabell, age 51, both of Woodlawn, Maryland, pleaded guilty to conspiring to commit wire fraud and aggravated identity theft. According to their plea agreements, from August to October, 2009,…
Adobe investigates alleged customer data breach (updated)
Jeremy Kirk: Adobe said Wednesday it is investigating the release of 230 names, email addresses and encrypted passwords claimed to have been stolen from a company database. The information was released on Tuesday on Pastebin by a self-proclaimed Egyptian hacker named “ViruS_HimA.” The hacker, who claimed the database accessed holds more than 150,000 records, posted…