Chris Foxx reports: The BBC has discovered a security flaw in the office collaboration tool Huddle that led to private documents being exposed to unauthorised parties. A BBC journalist was inadvertently signed in to a KPMG account, with full access to private financial documents. Huddle is an online tool that lets work colleagues share content…
Retailer Forever 21 discloses payment card breach
So far, all I’ve seen is their press release, so it will have to do until we get more details from other sources, but I do wonder what kind of “third party” alerted them to this – was it a third party vendor who had some responsibility for data security or a customer who experienced…
U.S. CERT issues report on remote hacking tool used by North Korea
Patrick Howell O’Neill reports: U.S. authorities issued a report Tuesday identifying a remote administration trojan (RAT) they say is used by the North Korea-based hackers to attack the aerospace, telecommunications and finance industries. The tool, called FALLCHILL, is used by a group that the Department of Homeland Security refers to as Hidden Cobra. That group is more popularly known as Lazarus…
Social Security numbers of 2,100 Maine foster care participants posted online
J. Craig Anderson reports: The names, addresses and Social Security numbers of roughly 2,100 Mainers who receive foster care benefits were accidentally posted to a public website in September, the Maine Office of Information Technology said Monday. The incident was the responsibility of an employee of a contractor, Knowledge Services, who still has a contract…
Clinic worker who stole IDs of mentally ill, addicted patients for tax scam denied break on jail term
Matt Miller reports the update to a breach previously noted on this site: A clinic worker who stole the personal information of his mentally-ill and drug-addicted clients for a tax scam can’t evade a 5-year prison term for his crimes, a federal appeals court ruled Monday. A panel of the U.S. Court of Appeals for…
CareFirst Data Breach Case Moves to US Supreme Court
Elizabeth Snell reports: November 13, 2017 – A petition for writ of certiorari was recently filed with the US Supreme Court, pushing the CareFirst data breach case forward. CareFirst wants its case reviewed, which could potentially reignite the debate over how plaintiffs need to establish that injuries took place from a data breach. In August 2017,…