Ethan Wolff-Mann reports: Equifax used the word “admin” as both password and username for a portal that contained sensitive information, according to a class action lawsuit filed in federal court in the Northern District of Georgia. The lawsuit, filed in January, went viral on Twitter Friday after Buzzfeed reporter Jane Lytvynenko came across the detail. Read more…
Mercedes-Benz app glitch exposed car owners’ information to other users
Zack Whittaker reports: Mercedes-Benz car owners have said that the app they used to remotely locate, unlock and start their cars was displaying other people’s account and vehicle information. TechCrunch spoke to two customers who said the Mercedes-Benz’ connected car app was pulling in information from other accounts and not their own, allowing them to…
Blame uni’s lax security for data leak, says UM hacker
There’s more on the University of Malay breach noted yesterday. MalaysiaKini is reporting: MrX’, which claimed to be the hacker who yesterday dumped vast amounts of personal data belonging to University of Malaya (UM) staff, said the varsity is to blame for the data breach due to its lax online security. “Guess who? Security is…
Student Hacked Into Downingtown Area School District System To Gain Competitive Advantage In Water Gun Fight, Officials Say
Howard Monroe reports on what sounds like yet another hack involving Naviance. We first read about a Naviance hack by a student last week involving the Montgomery County Public Schools in Maryland. Now it’s the Downingtown Area School District in Pennsylvania, it seems. A student prank went too far after personal information belonging to dozens…
SC: Ransomware attack may be affecting 911, emergency dispatch in Jasper Co.
Kristen Rary reports: Earlier this week it was confirmed Jasper County had a cyber attack on their countywide systems, including email and emergency response systems. At that time, county officials said 911 and emergency dispatch services were not having any issues as a result of the cyberware attack. Now, that may not be the case….
Mishandling of Veterans’ Sensitive Personal Information on VA Shared Network Drives — Audit by Veterans Affairs OIG
VA OIG 19-06125-218 | October 17, 2019 From the Executive Summary: The OIG team found that veterans’ sensitive personal information was left unprotected on two shared network drives, where it was accessible to VSO officers who did not represent those veterans. Senior Office of Information and Technology (OIT) representatives told the team that other authenticated…