Data Breaches | SC Media

Data Breaches

leakplumbing_863980

Gay dating app fined $240,000 for leaking nudes and other personal data

The makers of the gay dating app Jack’d was fined $240,000 by the New York Attorney General’s Office for leaking private data and nude photos.  Online Buddies, Inc. was charged with failure to protect private photos of users of its ‘Jack’d’ dating application, and the nude images of approximately 1,900 users in the gay, bisexual,…

Data management firm exposed client info on open Amazon S3 buckets: researchers

Data from Netflix, TD Bank, Ford and other companies was left exposed for an unknown period of time on publicly configured cloud storage buckets operated by data integration and management company Attunity, according to the research team that discovered the error. A researcher from UpGuard’s Data Breach Research team found the three publicly accessible Amazon…

Legislators block California data protection expansion

California lawmakers Thursday blocked expansion of data privacy law handing a victory to the tech industry collection, storage and use of consumer information. The proposed expansion would have given customers the right to know what data companies were collecting from them as well as the right to delete and restrict the sell of information. The…

Boost Mobile breached

Boost Mobile was hit with a breach which affected an unknown number of customer accounts. “Boost.com experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code,” the company said in a notification. “The Boost Mobile fraud team discovered the incident and was able…

Data breaches hit several organizations across the Southern US and West Coast

Oracle, Airbus, Toshiba, and Volkswagen financial data leaked following cyberattack

Threat actors stole financial data from a company that provides internet infrastructure for dozens of the world’s largest companies including Oracle, Airbus, Toshiba, and Volkswagen. The cybercriminals stole data from Germany-based CITYCOMP, which provides servers, storage and other computer equipment to other enterprise-level organizations and subsequently blackmailed the firm and threatened to publish the stolen…

Password-spraying attacks abuse IMAP to break into targets’ cloud accounts

Taking advantage of recent stolen credential dumps, attackers have been exploiting legacy protocols like IMAP to engage in high-volume password-spraying campaigns for the purpose of breaking into companies’ cloud accounts, researchers at Proofpoint are reporting. Used by email clients to retrieve messages from a server, IMAP (Internet Message Access Protocol) is an ideal protocol to…

Ransomware attack targets college admissions data

Threat actors launched ransomware attacks against three U.S. colleges seizing the data on students applying for admission to the schools and demanded 1 Bitcoin or approximately $3,800 from students to retrieve their “entire admission file.” Attackers targeted Oberlin College in Ohio, Grinnell College in Iowa, and Hamilton College in New York to seize teacher recommendations,…

Cybersecurity partnerships defend threats during NCAA college football playoff championship

In a first of its kind partnership and event,  cybersecurity students from Norwich University teamed up with Respond Software to monitor cyber attacks during the NCAA College Football Playoff Championship between the Clemson Tigers and Alabama Crimson Tide. Together with stadium security, the team analyzed and resolved over 243,000 monitored events and threats during game…

Exactis breach exposes 340M records, may compel GDPR-like reg in U.S.

An exposed database at data broker Exactis exposed nearly 340 million records amounting to around two terabytes of information. “If U.S. citizens did not think their personal information has ever been compromised, this should convince them it definitely is,” said Robert Capps, vice president and authentication strategist for NuData Security, noting the Exactis “breach blows up…

Next post in Privacy & Compliance News and Analysis