Julie Forster reports: The state agency that administers unemployment benefits is addressing concerns that it lacked adequate security controls for its computer system, leaving private information about applicants vulnerable to data breaches, according to a legislative audit report. The Dec. 3 report details the lack of controls with the massive Department of Employment and Economic…
Bank firewalls cracked by cyberhackers
Joseph Menn reports that according to the FBI, cyberhackers were able to directly drain $40 million from bank accounts so far this year, “primarily targeting the small and mid-sized businesses that are themselves customers of small and mid-sized banks.” Jeffrey Troy, chief of the FBI’s cybercrime section, told the Financial Times that online bank thefts…
P2P fraudsters snare DoD employees and FL business; two indicted
Jeffrey Steven Girandola and Kajohn Phommavong have been charged in a previously sealed 16-count indictment with Conspiracy, Computer Fraud, Access Device Fraud and Aggravated Identity Theft. According to the indictment, which was handed up by a federal grand jury in San Diego, the defendants installed peer-to-peer file sharing software on computers under their control and…
UK: Action taken after tenants’ personal files go missing
The Information Commissioner’s Office (ICO) has found the Orbit Heart of England Housing Association to be in breach of the Data Protection Act after 57 paper files containing personal data went missing during an office move. Forty-two of the files were recovered in full, but 15 which contain a significant amount of personal data relating…
Two Official Kaspersky Websites Hacked
Lucian Constantin reports: A grey hat hacker has found a critical SQL injection weakness on the official Kaspersky Lab websites in Malaysia and Singapore. Exploiting the vulnerability leads to full compromise of the underlying database, which contains customer information, product keys and other sensitive data. The attack has been documented by a Romanian hacker calling…
Businesses still plagued by data breaches
An article by Jackie Noblett includes references to some recent breach notifications affecting Massachusetts residents that I do not recall ever seeing covered in the media: Three separate breaches at State Street Corp. affecting 42 Massachusetts residents involved State Street employees accidentally sending personal information of a customer to the wrong client or financial adviser…