An employee of the California Department of Health thought it would be a great idea to access and copy to a portable drive personal information belonging to 9,000 former and current state employees. The security breach discovered within the department involved names, dates of birth, and addresses stored in compensation records of the affected parties.
The California Department of Health is currently running an investigation on the scope and extent of the breach. In the mean time, the person responsible for the unauthorized removal of personal records from the institution is on administrative leave, answering all the questions needed to understand the incident. Read more
Hackers love big players in the gaming industry, it seems. After the prolonged downtime of Sony’s PlayStation Network due to subsequent hacks that exposed about 70 million players to fraud or identity theft, SEGA was the next target in the same industry segment. As a result, 1.2 million customers of the Japanese gaming company had their information stolen by the hackers, being exposed to the same risks as in the PSN breach.
SEGA stated that only Japanese players and the Japanese website were affected and that fortunately they do not store any sensitive information, such as credit card details. Yet even less details are sometimes enough to be used as a start point to get someone’s life turned upside down. Read more
After analyzing the couple of dozens of breaches that made it to the security news pages last week, we concluded hackers going wild on websites and stolen hardware, particularly laptops, were the most frequent causes for data loss last week. The Citigroup breach did take center stage, as it turned out they downplayed the number of exposed accounts a little. By a little we mean they almost cut them in half! The originally disclosed 200,000 turned out to be 360,000. Just a minor overlook, I’m sure.
But the Citigroup situation was far from feeling lonely last week. Here are part of the security fails caused by successful hacking attempts and lost hardware:
Hackers breaching security
Workspace reported a hack that breached its legacy platform and exposed client data.
Hackers also breached WriterSpace.com, accessed 12,000 members’ email addresses and then posted them online for everyone to see.
BioWare also dealt with a hacker breaching their security. The result was 18,000 user account names, passwords, email addresses, and birth dates being exposed.
After the hacking of the PBS network website, Sony’s movie division website was also hacked and at least 50,000 consumer email addresses have published. A group called LulzSec has claimed responsibility for the attack and stated the security breach was made possible by an existing SQL vulnerability.
“What’s worse is that every bit of data we took wasn’t encrypted,” the group wrote in a press release announcing the hack. “Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.” Read more