Rachel Cohen reports on a hacking incident involving Corp-Students of Georgetown, Inc. (“The Corp.”). Former Georgetown student Justice Suh pleaded guilty on one count of computer fraud for hacking The Corp’s email system. The federal government charged Suh in D.C. federal court in April 2019, and the U.S. government representative in this case recommended a…
Russian Banks Leaked Personal Data From 900k Clients
Tanya Chepkova reports: Clients from the top three Russian banks entrusted their data — including phone numbers, addresses, and IDs — to the financial institutions. Now, this sensitive information is publicly available. Databases with sensitive personal information about the clients of the top Russian banks — including Alfa Bank, the country’s largest commercial bank —…
Kingman Regional Medical Center investigating potential breach of PHI
Agata Popeda reports: Kingman Regional Medical Center reported a “security incident” on its website, which was shut down on April 8 and, after two months, still remains under construction. The hospital established that “the configuration of the website made it possible for unauthorized person(s) to view some information entered into the website by KRMC customers,”…
9.5 billion rows of email metadata leaked by Shanghai Jiao Tong University
Justin Paine reports: While searching Shodan, I recently discovered an ElasticSearch database without any authentication. This database contained metadata related to a huge amount of emails. It was eventually confirmed that this server and the email metadata was controlled by a large university located in China. I would like to thank the university’s security team…
Eight years later, the case against the Mariposa malware gang moves forward in the US
Catalin Cimpanu reports: Eight years after US law enforcement opened a first case in the operations of the Mariposa (Butterfly Bot, BFBOT) malware gang, officials are now moving forward with new charges and arrest warrants against four suspects. The original case started way back in May 2011, when US officials first filed a complaint against…
SG: Firm fined $4k by PDPC for leak of more than 400 national servicemen’s data
Lim Min Zhang reports: A firm has been fined $4,000 by Singapore’s privacy watchdog for the leak of the personal data of more than 400 national servicemen on June 12 last year due to a technical error. The data comprised the log-in identifications, e-mail addresses, delivery addresses and mobile phone numbers of 427 men from…