AP reports: A little-known side to the government’s health insurance website is prompting renewed concerns about privacy, just as the White House is calling for stronger cybersecurity protections for consumers. It works like this: When you apply for coverage on HealthCare.gov, dozens of data companies may be able to tell that you are on the site….
Another Lizard Arrested, Lizard Lair Hacked
I should have noted this one last week. My bad. Brian Krebs reports: In an unrelated development, not long after this publication broke the news that the Lizard Squad’s attack infrastructure is built on a network of thousands of hacked home Internet routers, someone hacked LizardStresser[dot]su, the Web site the group uses to coordinate attacks and sell subscriptions…
All Verizon Customer Emails Were Opened Up To Hackers Thanks To Glaring Bug
Thomas Fox-Brewster reports: US telecoms giant Verizon has had a bad couple of years from a privacy point of view, from revelations of unrestrained NSA access to its’ customers call metadata or “permacookies” that could have permanently tracked users web activity. It could do without any other embarrassment, but on Sunday a researcher revealed a glaring vulnerability related…
UK: Customer records left exposed after shoe company data breach
The Information Commissioner’s Office (ICO) has issued a press release indicating that high street and online shoe retailer Office has signed an undertaking following a hacking incident the ICO was informed about on May 29, 2014. According to details in the undertaking, a member of the public had hacked into an unencrypted historic Office database that was being stored on a legacy server outside…
C’mon, folks, you really need to acknowledge breach notifications, Monday edition
I haven’t kept strict statistics, but in general, most entities that I try to notify of a breach fail to respond at all. Others may respond that they’re looking into claimed hacks, but then fail to get back to me with a definitive answer or statement. Here’s another case in point: On January 10, I…
Metropolitan State U. disclosed breach, but what about other .edu targets of Abdilo?
On December 31, a self-described teenage hacker from Australia who calls himself “Abdilo” claimed to have hacked into dozens of education entities by exploiting SQLi vulnerabilities. Metropolitan State University acknowledged they were breached, but what is going on with the other educational entities that were allegedly hacked, too? Abdilo claims that he started attacking .edu sites back in…