January 27 — Epsilon Data Management LLC (Epsilon), one of the largest marketing companies in the world, has entered into a settlement with the Department of Justice to resolve a criminal charge for selling millions of Americans’ information to perpetrators of elder fraud schemes. Epsilon entered into a deferred prosecution agreement (DPA) with the Consumer…
Unemployment fraud in one state and a breach while investigating unemployment fraud in another state
Unemployment fraud is a rampant problem these days. Even investigating it can increase the risk of fraud, it seems. Betty Lin-Fisher reports that hundreds of thousands of Ohioans have become victims, and they generally are first finding out because the Ohio Department of Job and Family Services (ODJFS) started sending out 1099 tax statements showing…
Ransomware payments are going down as more victims decide not to pay up
Danny Palmer reports: The average ransom paid to cyber criminals following a ransomware attack is falling as more companies become reluctant to give into extortion demands. Analysis by cybersecurity company Coveware has found that the average ransom payment paid following a ransomware attack decreased by a third in the final quarter of 2020, dropping to $154,108 from $233,817…
Wind River Security Incident Affects SSNs, Passport Numbers
Lindsey O’Donnell reports: Wind River Systems, which develops embedded system software, on Friday warned of a “security incident” that had exposed personnel records. One or more files were downloaded from the company’s network on or around September 29, it said. Affected data included information maintained within the company’s personnel records – including critical data like…
Personal Data of 3 Million+ People Exposed In DriveSure Hack
Once again, breaches are discovered when security firms read forums where data are shared or posted for sale. Risk Based Security discusses what they found involving DriveSure: In a lengthy post to prove the databases’ high quality, the threat actor detailed the leaked files and the user information. Typically, hackers only share valuable segments or…
Report: American Cable and Internet Giant Comcast Exposed Development Database Online
This is a leak that deserves its own post. Website Planet reports: On December 1st, 2020 the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained over 1.5 billion records. There were references to Comcast throughout the database including multiple subdomains, urls, and internal IP addresses. The publicly visible…