So I meant to report on this breach last week, but when I went to their web site to see if they had any notification up, I started browsing all the Japanese and Eastern Asian art, and forgot to get back to writing up the breach report. Thanks to “Russy” who sent me a reminder…
Hackers bypass two-factor authentication “at scale”
Sam Tidmarsh reports: Multiple credentials phishing campaigns targeting human rights activists and journalists across the Middle East and North Africa have been disclosed by Amnesty International. Credentials phishing deploys imitations of websites, wherein a login prompt lures a victim into entering their personal details, which are then transmitted to the attacking party. In this case,…
DrBenLynch.com notifies customers of payment card compromise
DrBenLynch.com is a commercial site that focuses on naturopathic research and supplements. At least I think it does. The site is down right now “for maintenance,” which seems to be this generation’s euphemism for “OK, we were hacked and we’re fixing things.” As reported to at least a few state attorneys general, DrBenLynch.com experienced a…
MA: Payment Processor to Pay $155,000 Over Data Breach Affecting Thousands of Massachusetts Residents
Massachusetts Attorney General had a busy day yesterday announcing enforcement actions over data breaches that had been disclosed in 2015. In addition to her announcement about the McLean Hospital settlement, she also announced a second settlement stemming from another 2015 breach that had also been reported by DataBreaches.net at the time. A California company that…
MA: McLean Hospital to Implement New Security and Training Programs After Data Breach Exposed Sensitive Health Information
There’s a follow-up to a 2015 breach that was previously reported on this blog. Massachusetts Attorney General Maura Healey made the announcement yesterday: BOSTON — McLean Hospital Corporation will implement new security and training programs and pay a total of $75,000 to resolve claims that it exposed the personal and health information of more than 1,500 people, Attorney General Maura Healey announced today. According…
AU: Big W customer data leaked due to printer repair mishap
Matthew Elmas reports: A Big W worker accidentally leaked the personal information of 32 people earlier this year when repairing a printer for a customer, Office of the Australian Information Commissioner (OAIC) disclosures reveal. The Woolworths-owned discount department store has admitted to an extraordinary instance of human error where an employee enclosed confidential information within a…