TMZ reports: Kylie Jenner’s cosmetics site has a shaky foundation, because it’s been inadvertently exposing very personal customer information. Here’s the problem. When someone tried to log into the site, it would send them to an existing customer’s account, revealing names, email addresses, personal addresses, order history, etc. Every time a customer refreshed the site,…
Category: U.S.
University employees vulnerable after tax data breach involving W-2 vendor
Hannah Knowles reports that a breach involving a W-2 vendor has left employees in the education sector at risk of tax refund fraud. This time, it’s W-2 Express and Stanford University, although other clients of W-2 Express are also reportedly affected: At least 600 current and former Stanford employees are vulnerable to tax fraud following the illegitimate download…
Flaws in Worldpay’s Merchant Portal Allow Attackers to Modify Payment Forms
Catalin Cimpanu reports: Vulnerabilities known as IODR (Insecure Direct Object References) were found and fixed in Worldpay, an online secure payments platform, security researcher Randy Westergren reports. An IODR vulnerability is when users have access to information they should not see, either because it belongs to another user or originates from an account with higher privileges. In…
Former Energy Department worker sentenced in email ‘spear-phishing’ attempt
Spencer S. Hsu reports: A former Energy Department employee was sentenced to 18 months in prison after offering to help a foreign government infiltrate the agency’s computer system to steal nuclear secrets and then attempting an email “spear-phishing” attack in an FBI sting operation. Charles Harvey Eccleston, an environmental scientist formerly employed by the department…
More than 100 Randolph College employees report recent identity theft (Updated)
Tim Saunders reports: More than 100 people who work for Randolph College in Lynchburg have encountered problems this year while trying to file their tax returns. That’s because their personal information was stolen in what appears to be a data breach. […] As of Monday 103 people who work for Randolph have reported a recent…
FL Dept. of Health Palm Beach County Notification of Breach
From their public statement today: Florida Department of Health in Palm Beach County is issuing a public notice of an unauthorized disclosure and/or use of protected health information pertaining to some clients of its Health Centers. Federal law enforcement officials informed the department they had obtained a list of names, birth dates, social security numbers,…