Newsletter Archives

• Dealing with a data breach

  Posted on June 26, 2023 at 02:42 CDT by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Recently, the MOVEit system from Progress has been in the headlines, and not in a good way.

  MOVEit is used by many businesses and governments to transfer files. Those same entities are now sending out notifications that your personal information may have been stolen by attackers using a vulnerability discovered in MOVEit.

  Although the problem has now been patched, attackers had a window of opportunity for at least several days during which data was captured in the clear.

  Read the full story in our Plus Newsletter (20.26.0, 2023-06-26).

  On Security data breach, Newsletters, Patch Lady Posts, safety, Security

• Should you get a free credit report for any data breach?

  Posted on September 26, 2022 at 02:44 CDT by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  Samsung Electronics — the giant multinational that sells 28% of all the smartphones in the world, as well as many other consumer devices — has sent notices to some of its users that their personal information in Samsung’s database has been hacked.

  In a statement, the company says the hackers didn’t obtain users’ credit-card or debit-card numbers. But the intrusion did reveal some customers’ names, addresses, birthdates, and the Samsung products they’d registered. As a result, the corporation’s notices recommend that affected users obtain a copy of their credit report from major reporting agencies.

  Read the full story in our Plus Newsletter (19.39.0, 2022-09-26).

  Public Defender Credit Reports, data breach, Newsletters, Privacy, Public Defender, Samsung, Security

• 16-year U.S. data leakage: KrebsOnSecurity

  Posted on May 24, 2019 at 18:16 CDT by Kirsty • Comment in the Forums

  Security supremo Brian Krebs has published details of a long-standing data leak he stemmed this week:

  The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.
  …
  I should emphasize that these documents were merely available from First American’s Web site; I do not have any information on whether this fact was known to fraudsters previously, nor do I have any information to suggest the documents were somehow mass-harvested (although a low-and-slow or distributed indexing of this data would not have been difficult for even a novice attacker).

  See Brian’s blogpost “First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records” for details.

  Other data breach

• vpnMentor reports a data breach identifying 80 million US households

  Posted on April 29, 2019 at 13:28 CDT by woody • Comment in the Forums

  I can’t verify this independently, but if it’s confirmed, we have one whale of a breach on our hands.

  vpnMentor’s blog says:

  The 24 GB database includes the number of people living in each household with their full names, their marital status, income bracket, age, and more…

  Full addresses, too, including zip codes, longitude, latitude.

  Apparently the list is indexed by households, not by individuals.

  vpnMentor says it’s looking for the owner of the database.

  Let’s see how this pans out.

  Thx Günter Born.

  Tech Help data breach, vpnMentor

• Yahoo’s 2013 hack, again in the news

  Posted on October 4, 2017 at 00:21 CDT by Kirsty • Comment in the Forums

  Reports have showed up all over the place in the last several hours, stating that ALL 3 BILLION (yes, with a B) Yahoo accounts were hacked in the 2013 data breach.

  Here’s the Reuters report.

  A reminder from ZDNet’s Zack Whittaker, not to trash an old Yahoo account, or it could be re-used:

  Secure your Yahoo account with 2FA, but do not delete it. Deleting it will recycle your account after 30 days — and anyone can hijack it.

  — Zack Whittaker (@zackwhittaker) 4 October 2017

  
  

  Other data breach, Yahoo Mail

• What the latest data security breaches really mean

  Posted on June 7, 2011 at 06:38 CDT by woody • Comment in the Forums

  You need to check and make sure your data hasn’t been compromised.

  It’s important. My InfoWorld Tech Watch article will show you how.

  Windows Patches/Security data breach, LulzSec, Sony