The New Zealand Herald reports: ASB Securities has been fined $80,000 for a privacy breach which left hundreds of online accounts able to be viewed and traded by users without permission. The New Zealand Markets Disciplinary Tribunal censured the online share trading platform after 576 of its trading accounts were made vulnerable to unauthorised use…
26 million LiveJournal credentials leaked online, sold on the dark web
Catalin Cimpanu reports: Blogging platform LiveJournal appears to have suffered a security breach in 2014, according to multiple hackers who are now selling and freely trading the company’s user database on the dark web and on hacking forums, ZDNet has learned. For some, this might be old news. Rumors about a LiveJournal security breach have been circulating online for…
StrandHogg 2.0 flaw allows hackers to hijack almost any Android app
Keumars Afifi-Sabet reports: Google has patched a critical vulnerability, resembling 2019’s infamous StrandHogg flaw, that allows hackers to hijack almost any app on the Android mobile operating system. The flaw, assigned CVE-2020-0096, has been dubbed StrandHogg 2.0 due to the similarities with the original flaw discovered in December. The successor allows for broader attacks and is…
Leak at Desjardins: a mortgage broker buys a list of 5000 names
The following is a translation provided by Google: A Quebec mortgage broker paid $ 3,000 in cash to obtain a list of personal and confidential data belonging to approximately 5,000 people. This is what emerged from a hearing by the disciplinary committee of the Organisme d’autoréglementation du courtage immobilier du Québec (OACIQ) during which Marc-Olivier…
KS: ‘In the hands of cyber criminals’: Man sues WSU over hack of decades-old student data
Amy Renee Leiker reports a follow-up to a breach previously reported on this site: A December data breach that jeopardized the personal information of thousands of current and former Wichita State University students — some of whom attended the school decades ago — is now the subject of a federal lawsuit. Michael Bahnmaier of Wichita…
Class-action lawsuit filed against state contractor over Ohio Department of Job and Family Services data leak
No surprise here…. ABC6 in Ohio reports: A class-action lawsuit has been filed in the Cuyahoga County Court of Common Pleas, alleging Deloitte—the contractor the Ohio Department of Job and Family Services (ODJFS) hired to create and manage the new Pandemic Unemployment Assistance system—acted “negligently and recklessly,” leading to last week’s data leak. Read more on…