Cyrus Farivar reports: Uber’s top security official testified at Capitol Hill on Tuesday, saying that Uber had “no justification” for not coming clean sooner when it had been hit by a massive data breach in 2016. In written testimony, John Flynn, Uber’s chief information security officer, told a Senate committee that “it was wrong not…
RBS releases its year-end roundup and breach analysis
There’s nothing like some dramatic numbers to get attention to data breaches. Risk Based Security, Inc. has released their 2017 statistics, and yes, some of the numbers are dramatic. Here are just two snippets from their blog post about the report: There were 5,207 breaches recorded last year, surpassing 2015’s previous high mark by nearly…
Biometric data theft: Two more arrested in India
Yagnesh Bharat Mehta reports that there have been two more arrests in a case previously noted on this site. The case involves the theft of biometric data for illegally acquiring food grains meant for registered beneficiaries of the the National Food Security Act. It’s really not clear (to me or law enforcement, it seems) how…
A (Secondary) Education in Data Security
Christina Seda and Peter A. Nelson of Patterson Belknap write: On January 18, 2018, the New York State Education Department (“NYSED”) announced that one of its vendors, Questar Assessment, experienced a data breach resulting in the unauthorized disclosure of personal information from students in five different New York schools. While the data breach reportedly affected…
Pittsburg employees notified after their W-2 data stolen in phishing scheme
CORRECTION: I picked this up incorrectly as Pittsburgh in PA. A kind reader pointed out my error. This was Pittsburg in Kansas! Corrected Post: The City of Pittsburg hasn’t disclosed how many former and current employees had their W-2 data stolen in a phishing scam on January 30, but I’m betting it’s more than a…
Columbia University grad arrested for using key logger software
Robert Abel reports: A Columbia University grad student was arrested for leaving key logger malware on USB sticks left throughout the campus. Bill Liang Lin Wu, 23 was arrested Thursday after he was caught on camera leaving the credential stealing devices on a host of university computers shared by 14 professors. Wu graduated last spring…