The Kansas Department on Aging has recently reported a hardware theft that caused a data breach affecting about 7,000 of its customers. A laptop, a flash drive and paper files were stolen out of an employee’s vehicle, putting thousands of senior customers at risk.
The stolen files contained personal and protected health information belonging mainly to customers located in Sedgwick, Harvey, and Butler counties. The theft was immediately reported to the Wichita Police Department. The Kansas Department on Aging says it is cooperating with the police, but the stolen hardware has not yet been recovered. Read more
When you are the lead artist of a security mishaps that ended up in a data breach affecting some 24 million people, consequences are bound to catch up with you. And they just have caught up with shoe retailer Zappos.com and the bigger online fish behind them, Amazon.com. The two companies are being sued by the customers affected by the data breach, being accused of negligence.
A woman from Texas seems to be the main promoter in this Kentucky lawsuit. She claims that she and millions of other customers were harmed by the exposure of their personal account information. Zappos and Amazon have not commented on the lawsuit as of earlier today. Read more
The US Department of Taxation (DOTAX) decided to take a closer look at how their systems work this year. The process of evaluation included a security audit which lead to discovering internal security breaches dating back to 2008. DOTAX celebrated the three years of undiscovered breaches by putting employees of the Hawaii DOTAX on administrative leave without pay and starting a comprehensive investigation.
The breaches affected the Department’s computer tax database but no one knows when they occurred, it is suspected they happened at least as far back as 2008.The discovered incidents were immediately turned over to the Department of the Attorney General for review and investigation. Read more
Almost two weeks ago, we revealed the major changes that had happened this year in the major data breaches top of all times. 2011 was leading in what the number of high profile of breaches is concerned. The top might change once more, ensuring an even stronger position for the current year as hackers hit Steam, a gaming giant that is home to 35 million user accounts.
What we know so far is that the Steam customer data base has been indeed accessed by hackers.
“We learned that intruders obtained access to a Steam database in addition to the forums,” said Gabe Newell, co-founder and managing director of Steam parent company Valve. “This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.”
While data breaches are as common as any other daily occurrence in the business and individual worlds, the large security incidents don’t happen as often, especially if you think that one of the breaches in the top ten all time largest data exposures dates back to 1984. 2011 is not yet over and it already is the poster child of this top we all want to see unchanged.
2011 is the only year with three major data loss incidents in the top ten: Sony Corporation with 77 million records exposed, SK Communications, Nate, Cyworld with 35 million and again Sony Corporation through their Sony Online Entertainment division with close to 25 million records exposed. Luckily for us, although it featured large incidents, 2011 did not create as many victims as 2009 with its two incidents, Heartland Payment Systems, Tower Federal Credit Union, Beverly National Bank which share the number one position in the infamous top with 130 million records exposed and RockYou Inc. with another 32 million. Read more
After the hacking of the PBS network website, Sony’s movie division website was also hacked and at least 50,000 consumer email addresses have published. A group called LulzSec has claimed responsibility for the attack and stated the security breach was made possible by an existing SQL vulnerability.
“What’s worse is that every bit of data we took wasn’t encrypted,” the group wrote in a press release announcing the hack. “Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.” Read more
A computer that may contain personally identifiable information of almost 20,000 Reid Hospital patients was stolen from an employee’s home office in early April. According to Craig Kinyon, CEO/President of Reid Hospital, the laptop was only one of the items stolen in a break in, this indicating that data was not the objective of the theft.
The computer in question might have been storing reports on Medicare and Medicaid patients that have received treatment and medical services between 1999 and 2008. The reports contain names and Social Security numbers, as well as Medicare numbers.
No information stored after 2008 was stored on the stolen device. Nor were any financial information, banking information or other identifying information stored on the missing notebook.
Inside threat is kicking and screaming and far from being gone from the corporate security world. Upset over being fired, a Californian woman breached the email system of her former employer and posted confidential documents to public websites. She got caught and the sentence was 60 days of home detention plus ayear of probation for the one count of felony computer intrusion that 44 year old Ming Shao pleaded guilty to.
In her plea, the woman admitted to a value of the stolen information belonging to PanTerra Networks(which included a Weekly Ops Report) ranging between 10,000 and 30,000 US dollars. She admitted to have breached the PanTerra network and exposing the confidential files as a form of revenge for being fired in August 2009. Read more
A security problem that allowed malicious web sites to access personal user information without their explicit permission has just been fixed by Facebook. This flaw has been reported by Rui Wang and Zhou Li, two student researchers.
According to Graham Cluley, senior technology consultant at Sophos, the security lapse could let malware spread between users,and abuse data as it goes by impersonating a legitimate site that already has the permission to take information.
“According to Wang and Li, it was possible for any web site to impersonate other sites which had been authorised to access user data, such as name, gender and date of birth,” he said. “Furthermore, the researchers found a way to publish content on the visiting users’ Facebook walls under the guise of legitimate web sites, a potential way to spread malware and phishing attacks.” Read more
According to ALDI sources, terminals in the following areas have been affected: Read more