Dan Rattiner reports: Kids at Sag Harbor’s Pierson High School who have bad grades might have gotten a lot to cheer about last Monday, November 11. On that day, administrators and teachers found out that hackers had seized the school’s computer system. What would happen to class schedules, reports, college acceptance information, salaries to be paid, bank balances? And…
Security lapse exposes personal data of 6,500 Singapore accountants
Eileen Yu reports: A folder containing personal data of 6,541 accountants in Singapore was “inadvertently” sent to multiple parties, in a security lapse that was uncovered only months after when a review was conducted. The incident exposed personal details such as names, national identification number, date of birth, and employment information. The incident occurred under…
T-Mobile discloses security breach impacting prepaid customers
Catalin Cimpanu reports: The US branch of telecommunications giant T-Mobile disclosed a security breach today that impacted a small number of customers of its prepaid service. The company said its cybersecurity team “discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account.” Exposed data included details such as…
French Hotel Giant Leaks 1TB+ of Client Data
Phil Muncaster reports: A leading European hotel booking platform has leaked over 1TB of data on customers, clients and partners thanks to an unsecured Elasticsearch database, exposing them to account takeover, identity theft and financial fraud. The database reportedly belongs to French B2B hotel booking firm Gekko Group, a subsidiary of Europe’s largest hotel group,…
Personal And Social Information Of 1.2 Billion People Discovered In Massive Data Leak, But Who’s Responsible??
Over on DataViper.io, Vinny Troia reports that he and Bob Diachenko found a massive data leak that appears to implicate two data enrichment firms: People Data Labs (PDL), and OxyData.io. But “implicate” is not the same thing as being able to actually attribute ownership of the elasticsearch server that was open at 35.199.58.125, and both…
Lithuanian national, extradited from Ukraine, charged with unauthorized computer intrusion, other crimes
A criminal complaint was unsealed today in federal court in Brooklyn charging Lithuanian national Vytautas Parfionovas with computer intrusion, securities fraud, money laundering, bank fraud and wire fraud, among other offenses. The charged crimes stem from a variety of criminal conduct between 2011 and 2018 in which Parfionovas gained access to U.S.-based computers, including email…