Remember when it seemed like every day we were reading about ID theft and tax refund fraud schemes involving rogue employees of tax preparation firms? Yeah, well it’s still a thing. Here’s a story about a former rogue employee at Jackson Hewitt in McKinney, Texas. If you or someone you know may have used that…
Mumsnet reports itself to regulator over data breach
Alex Hern reports: Mumsnet has reported itself to the information commissioner after a data breach resulted in users accidentally logging into the accounts of strangers. A botched upgrade to the software the forum runs on meant that for three days, if two users tried to log in at the same time, there was the possibility…
Is your airline’s e-ticketing system putting your data at risk?
Liarna LaPorta of Wandera reports: Wandera’s threat research team has discovered a vulnerability affecting a number of airline e-ticketing systems that can expose passengers’ personally identifiable information (PII). This vulnerability can expose passenger data by using links that are easily intercepted by hackers. The intercepted and unencrypted links enable unauthorized third parties to view, and…
Schools Suffered at Least 122 Cybersecurity Incidents Last Year
Benjamin Herrold reports: The nation’s K-12 schools experienced 122 publicly reported cybersecurity incidents in 2018, more than half of which were caused or carried out by staff or students, and nearly 60 percent resulted in students’ personal data being compromised. And that’s likely just the tip of the iceberg, according to a report released Thursday by…
NZ: Landlord’s ‘blacklist’ of tenant’s criminal convictions hacked and leaked online
Samesh Mohanlall reports: A woman was shocked to discover her decades-old criminal record had been published online, part of a blacklist of compromising information compiled by a property investor group and sold to landlords about prospective tenants. Jessica Cross was one of hundreds of Timaru residents to have their sensitive information posted online, including a…
Pawnee County Memorial Hospital notifies 7,038 patients after employee email account compromised by phishing attack
Pawnee County Memorial Hospital in Nebraska recently notified 7,038 patients of a malware incident affecting protected health information. According to their substitute notice, reproduced below, on November 29, the hospital discovered that when an employee opened an email attachment from what had appeared to be a trusted source, malware was injected. The malware gave the…