Jayed Rahman reports that Paterson Public Schools in New Jersey was hacked. The attacker allegedly acquired 23,103 account passwords and other computer access tokens. Information stolen in the breach includes desktop logins, email usernames and passwords, and laptop credentials. For example, the email usernames and passwords of all school district employees — including that of…
1.5 Million Mobile Users’ Card & Information Exposed
Roy Urrico reports: Security researchers discovered an exposed Elasticsearch server containing up to 1.5 million Freedom Mobile users’ personal data, passwordless, and including unencrypted credit card and CVV numbers, expiration dates and verification numbers. The five million exposed customer data logs belonged to Freedom Mobile, Canada’s fourth wireless telecommunications provider. The files, stored in plaintext,…
Twitter discloses a bug impacting collection and sharing of location data on iOS devices
Twitter’s online Help section has the following notice: You trust us to be careful with your data, and because of that, we want to be open with you when we make a mistake. We have discovered that we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances….
Oregon Health Authority provides early notification to Oregon State Hospital patients of a phishing incident
I realize that some will fault the entity for making early notification before they have all the facts, but my hat is off to the Oregon Health Authority (OHA). On May 6, they suffered – and quickly stopped – a successful spear-phishing attack that gave the attacker access to one employee’s mail account. That account…
Condé Nast notifies 1,100 WIRED subscribers after subscriber page vendor breach
Condé Nast is notifying about 1,100 WIRED subscribers of a breach involving their payment information. In a notification letter dated May 9, they write: The WIRED subscription page is hosted by a third-party vendor. We believe that an unauthorized party accessed our vendor’s systems in an attempt to acquire information about approximately 1,100 WIRED subscription…
Numbers from the OS, Inc. breach dribble in…
OS, Inc. provides revenue management (billing) services to covered entities. I recently reported on a phishing-related breach they experienced in 2018 that was first disclosed this month. As I noted in that post, their notification specifically mentioned a number of their affected clients. Their disclosure did not, however, provide a total number of patients affected,…