Data Breaches news & analysis | SC Media

Data Breach

"EFF asks court to find NSA internet spying a violation of Fourth Amendment"

Report: Russian man to plead guilty to financial firm hacks

Russian Andrei Tyurin will reportedly plead guilty to taking part in a cybercriminal campaign that targeted the U.S. financial sector and stole personal data from roughly 100 million customers of various firms. Citing court documents filed last Friday, Bloomberg reported yesterday that Tyurin, 36, has reached a plea deal with federal prosecutors in New York,…

Exposed server leaks PII on all 16.6 million Ecuador citizens

If another leaky Elasticsearch server may seem a little anticlimactic, considering how frequently they occur, the latest find by security researchers might have more of a “wow” factor since it exposed information on nearly all of Ecuador’s 16.6 million citizens, 6.7 million of them children. “The irresponsible handling of Personally Identifiable Information (PII) has literally…

FEMA offers free credit monitoring after mishandling disaster survivors’ data

The Federal Emergency Management Agency (FEMA) last week publicly acknowledged that for roughly 10 years it unnecessarily exposed the personally identifiable information of roughly 2.5 million disaster survivors to a third-party contractor. FEMA does not believe citizens’ data was compromised due to the error, which was originally reported last month by the U.S. Department of Homeland…

Automakers pen 'privacy principles' for in-car technology

Misconfigured database exposes 198M records on prospective auto buyers

Dealer Leads, LLC, a digital marketing company for car dealerships, was discovered last month to have exposed an Elastic database that contained 198 million records on prospective automotive buyers. Publicly accessible information included the plain-text names, email addresses, phone numbers, home addresses and IP addresses of visitors to numerous websites affiliated with Dealer Leads, cybersecurity…

Following cyber order from Obama, CISPA is back

Secret Service probing breach at federal IT contractor

Credentials and email messages pilfered in a breach of a federal government contractor that could be used to access the contractor’s systems and those of its customers – including the U.S. Department of Transportation, the National Institutes of Health (NIH), and the U.S. Citizenship and Immigration Services (USCIS) – were auctioned off in a Russian cybercrime site in August, prompting…

North Carolina Boy Scouts PII compromised

A third-party vendor that handles sales for the Boy Scouts of America suffered a data breach exposing the PII of up to 12,900 Mecklenburg County Council scouts. Trails End last week told the North Carolina Scouts that information including children’s full names, dates of birth, email addresses, phone number, parent names, favorite product and affiliation…

Secure signin

CirclCI data breach exposed customer GitHub and Bitbucket logins

The software integration firm CircleCI is informing its clients a third-party analytics vendor suffered an incident exposing login information for their GitHub and Bitbucket accounts. The company said in a statement it was informed of the breach on August 31, but affected customers who accessed the CircleCI platform starting June 30, 2019. The information compromised…

emails

Webcomic XKCD forum user data exposed

In an incident practically ripped from the plot of one of its own stories, the webcomic XKCD reported that user data from its online forum section was found in an exposed database. XKCD, which labels itself a “webcomic of romance, sarcasm, math, and language,” posted in a brief note that portions of its PHPBB user…

VacationingLaptop

Half a million Teletext Holidays files unsecured

UK-based travel company Teletext Holidays left a trove of its customer data unsecured, exposing 530,000 files including some to 200,000 audio files of calls made by customers. The Amazon Web Services (AWS) server, left unsecured for three years, showed the names of the users, their email and home addresses, telephone numbers and dates of birth, reported…

Next post in Data Breach