FlushDraw reports: The world’s largest online poker discussion forum, TwoPlusTwo, has again seen its virtual defenses breached. The site’s operators have confirmed that the forum was hacked at some point late in 2016, with the personal data then being offered for sale elsewhere on the Internet. The hacking and theft of the personal information was discovered…
UK: £150,000 fine for insurance company that failed to keep customers’ information safe
From the Information Commissioner’s Office: The ICO has fined Royal & Sun Alliance Insurance PLC (RSA) £150,000 following the loss of the personal information of nearly 60,000 customers. An ICO investigation looked at the theft of a hard drive device containing 59,592 customers’ names, addresses and bank account details including account numbers and sort codes. The device…
The MongoDB attacks: 93 terabytes of data wiped out
The other night on Twitter, after I and others communicated concern as the number of attacks on misconfigured MongoDB installations rose to 27,000 in a relatively short period, @Cyber_War_News and I had a respectful disagreement about the seriousness of the situation: still shocked that yall shocked and fussing about the mongodb ransom spike. — CWN (@Cyber_War_News) January…
Minneapolis settles more lawsuits over snooping in driver database
Whether it’s the healthcare sector, government, or any other sector, if you’re not using adequate tools to monitor and audit your employees’ access to personal information records, it will cost you sooner or later. Eric Roper reports: The long list of lawsuits against Minnesota governments for employees improperly snooping into the state driver’s license database…
First HIPAA enforcement action for lack of timely breach notification settles for $475,000
OCR has announced a settlement involving a breach that I never even reported on this site at the time and that doesn’t appear to have been in the news at the time. A quick look at HHS’s “Wall of Shame” shows two entries for the incident at issue: one entry says it was reported on…
ESEA hacked, 1.5 million records leaked after alleged failed extortion attempt
Steve Ragan reports: E-Sports Entertainment Association (ESEA), one of the largest competitive video gaming communities on the planet, was hacked last December. As a result, a database containing 1.5 million player profiles was compromised. Citing LeakedSource, Steve reports that there was an alleged extortion demand, but that has been neither confirmed nor disconfirmed by ESEA…