Ax Sharma reports: A bug on Ford Motor Company’s website allowed for accessing sensitive systems and obtaining proprietary data, such as customer databases, employee records, internal tickets, etc. The data exposure stemmed from a misconfigured instance of Pega Infinity customer engagement system running on Ford’s servers. Read more on BleepingComputer.
T-Mobile Investigating Claims of Massive Customer Data Breach
Joseph Cox reports: T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn’t mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers. The data includes social security…
Hack me once, shame on you. Hack me twice, shame on me?
Alicia Hope reports: A report by Ponemon Institute and commissioned by Team Cymru found that half of the organizations surveyed experienced disruptive cyber attacks from repeat sophisticated threat actors, the majority of whose exploits were unresolved. Although organizations acknowledged experiencing disruptive attacks and from repeat offenders, total remediation was not possible. According to the report,…
Case Files Affected in Dallas Police Department Data Loss
Claire Cardona reports: Multiple terabytes of Dallas Police Department data are missing and may be unrecoverable after being deleted during a data migration process in April, according to the Dallas County District Attorney’s Office. District Attorney John Creuzot said in a disclosure notice to defense attorneys Wednesday that the city had learned in April that…
Current and former North Carolina state employees notified of unintended exposure of file on intranet
From the no-need-to-hack-when-it’s-leaking dept., state edition, the North Carolina Department of Information Technology and Office of State Human Resources are notifying 84,860 current or former state agency employees that a file with their name and SSN was uploaded by mistake to a state intranet site accessed by more than 65,000 authenticated users: We are writing…
Hackers stole client info, work materials in Accenture ransomware attack
Tim Starks reports: Ransomware hackers began leaking Accenture data after the consulting giant suffered a security incident where the perpetrators made off with client-related documents and work materials. The gang, known as LockBit 2.0, has threatened to leak further after providing purported proof of the breach. Accenture acknowledged the attack on Wednesday, but has downplayed…