Dustin Volz reports: The U.S. Office of Personnel Management (OPM) did not follow rudimentary cyber security recommendations that could have mitigated or even prevented major attacks that compromised sensitive data belonging to more than 22 million people, a congressional investigation being released on Wednesday has found. Two breaches at the federal agency detected in 2014…
Category: U.S.
Breach response and notification done right: Nourse Farms
I occasionally come across breach notifications that impress me quite favorably. This notification by Nourse Farms is a good example of a strong incident response described in a strong letter that will be more likely to reassure customers than infuriate them.
Noodles & Company sued by financial institutions over breach
The Denver Channel reports that Noodles & Company has been sued by financial institutions who allege that they suffered injury as a result of a databreach first reported in May – a breach they claim could have been avoided had Noodles & Company learned from all the hacks of other major retailers and deployed adequate security….
FL: Accused hacker apologizes to Lee County elections official
There’s a follow-up to a case previously noted on this site. WINK News reports: Cyber expert and owner of Vanguard Cybersecurity, David Michael Levin, pleaded guilty to one misdemeanor charge for hacking into the Lee County elections website Tuesday. Levin’s plea for a misdemeanor was a reduction to the felony charges he faced. He will…
Village of Oak Park incident reported to HHS six months later?
So it seems there was a reported insider breach affecting the Village of Oak Park, Illinois earlier this year. It was picked up by their local media at the time, but never reported to HHS. It’s now been reported to HHS, which is what sent me looking for coverage. On February 25, the Cook County Chronicle…
Hacker Selling 68 Million Stolen Dropbox User Accounts on Dark Web; BitcoinTalk forum data also for sale
I had seen the listing on TheRealDeal, but not having time to try to verify its authenticity, skipped it. Thankfully, Waqas of HackRead investigated and verified some of the data: On 31st August 2016, unknown hackers leaked 68 million Dropbox user accounts including login emails and encrypted passwords from a breach that took place in 2012. Initially,…