Digital Journal reports: The Singapore Red Cross said Thursday its website had been hacked and the personal data of more than 4,000 potential blood donors compromised in the latest cyber attack on the city-state. Singapore, one of the world’s most digitally advanced countries, has been the target of multiple high-profile hacks in recent times, including…
What Colorado learned from treating a cyberattack like a disaster
Benjamin Freed reports: The Colorado Department of Transportation joined the ranks of dozens of other U.S. government entities affected by the SamSam ransomware virus when it was infected with the malware in February 2018. While the incident was costly — nearly 2,000 computers, servers and network devices were encrypted, while the state spent about $1.5…
Burger King’s Online Store for Kids Exposes Customers’ Info
Oops, I had missed this one last week. Sergiu Gatlan reported: An unprotected Elasticsearch cluster found via a Shodan search exposed 37,900 records of Kool King Shop customers, a French online shop specifically tailored to be used by kids who bought Burger King menus. As Security Discovery researcher Bob Diachenko discovered after further investigation, the…
Australians’ Medicare details illegally sold on darknet – two years after breach exposed
Paul Karp reports: Australians’ Medicare details are still being illegally offered for sale on the darknet, almost two years after Guardian Australia revealed the serious privacy breach. Screenshots of the Empire Market, provided to Guardian Australia, show the vendor Medicare Machine has rebranded as Medicare Madness, offering Medicare details for $US21. Read more on Guardian…
Update: West Hartford officials warn parents of test registration platform data breach
Doug Levin kindly alerted me that the Hartford Courant has a story on the Total Registration data security incident. … The school officials said that Total Registration, used by the district to register students for certain exams, informed them that certain information provided by students including name, grade level, gender, date of birth, address, email…
Seven months after learning of a breach, UCSD still has not notified HIV research participants whose privacy was breached
Brad Racino and Jill Castellano report on what sounds like either willful or negligent handling of highly sensitive information of research participants bu a non-profit participating in some university-funded research. In either event, the university was notified of a breach in October and STILL hasn’t notified the research participants with HIV whose data was available…