Tagged: data breach Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 9:00 am on January 29, 2020 Permalink | Reply
    Tags: , data breach, LabCorp, , , Wawa   

    Recent data breaches can affect your money, health, and privacy! 

    Recent data breaches can affect your money, health, and privacy!

    If you’ve ever been to the East Coast especially the Pennsylvania and South Jersey areas you may be familiar with the convenience store chain Wawa. They recently had a data breach that could have exposed up to 30 million payment cards of its customers. Reportedly, hackers had installed malware into the payment processors at multiple stores at both the register area and their gas pumps. Some of the payment card information has even ended up on the web for sale to malicious actors. If you used a debit or credit card at a Wawa store in the past couple of months you’ll want to keep an eye on your account for unauthorized purchases.

    [youtube https://www.youtube.com/watch?v=qyT4SabnV2w%5D

    LabCorp is one of the nation’s largest medical testing companies. They recently had a flaw in their website that allowed 10,000 patient records to be exposed. This information included dates of birth, Social Security numbers, and lab results among other medical data. This is the second breach for LabCorp in the past year as their payment system was exposed back in June which resulted in the compromise of close to 8 million payment records. This latest breach could result in heavy fines for LabCorp under the Health Insurance Portability and Accountability Act (HIPAA). LabCorp has said that they will be notifying patients who had their data exposed.

    Lastly, it seems we can’t talk about data breaches without talking about Ring. While Ring’s most recent incident may not be a data breach per se, it does show how your information can be put at risk. The internet privacy advocates at the Electronic Frontier Foundation (EFF) claim they have discovered that the Android version of the Ring camera app sends user information to several third-parties. One of those third-parties is said to be Facebook and it doesn’t matter if you have a Facebook account or not. Some of the information sent to these third-parties include users’ full names, email addresses, and app settings including the number of locations they have Ring devices installed in.

     
  • Geebo 9:00 am on January 23, 2020 Permalink | Reply
    Tags: , data breach, , Personal Data Protection Fund, , US Trading Commission   

    Can you get paid for data breaches? 

    Can you get paid for data breaches?

    Sadly, data breaches are just a part of our way of digital life anymore. It’s not a matter of if some of our data will be exposed, it’s a matter of when. Some of the more egregious data breaches have even landed companies in legal trouble such as the infamous Equifax leak. Some of these have resulted in class action lawsuits which while costing the companies large sums of money, consumers affected by the leaks can only claim a very small part of that settlement. Some scammers are now using that fear of exposure and a little bit of consumer greed to try to trick people into giving up their personal information.

    Security experts Kaspersky Labs recently came across a website that promises to send you money if your data has been exposed in one of these corporate leaks. The website claims to be from the ‘Personal Data Protection Fund’ that was created by the ‘US Trading Commission’. There is no governmental office known as the US Trading Commission. The site asks you to enter your information including your Social Security information to see if your data has been leaked. Of course, it tells you that it has and promises you a payout of $2,500. All you have to do is give them your bank number in order to collect the payout. As you might have expected, there is no payout and now some overseas scammer has all the information they need to steal your identity or worse.

    As always, you should never give your personal or financial information to just anyone who asks on the internet. Don’t be lured in by promises of money where you don’t have to do anything for it. Also, the government doesn’t hand out payments for people who have had their data breached. If you’re afraid your data may have been breached you can check at haveibeenpwned.com which is one of the more trustworthy places online.

     
  • Geebo 9:00 am on December 31, 2019 Permalink | Reply
    Tags: , data breach, , , Wyze   

    Another security cam company has data breach 

    Another security cam company has data breach

    You may have recently seen that Ring cameras have not been having the best time of it in the news lately. If their cameras aren’t being hacked by internet pranksters, they’re making headlines for a potential data breach. Because of this, you may be considering using a Ring competitor to monitor your home. If you are, you may want to choose carefully as a Ring competitor just had a massive data breach that makes Ring’s look like a minor oversight in comparison.

    A cybersecurity firm recently announced that they found the security company Wyzed had exposed the personal information of over 2 million customers. Wyze themselves said the breach came about from a database error that led to the server’s security protocols being removed. The data was exposed from December 4th until the 26th when Wyze was notified of the breach. To Wyze’s credit, they rest all the security tokens for their customers requiring them to reset their login credentials.

    [youtube https://www.youtube.com/watch?v=2kwtkMaT8nw%5D

    However, there is something in reports that should cause concern among Wyze’s users. The cybersecurity firm that found the breach has also claimed that data was being sent to the Alibaba Cloud in China. Wyze says they do not use Alibaba Cloud and that they do not share data with any government agencies. While Wyze may not be sending data to the Chinese government is it possible that they’re just taking it instead?

    If you are a current Wyze customer, you should be on the lookout for identity theft scams such as phishing attacks.

     
  • Geebo 9:00 am on December 24, 2019 Permalink | Reply
    Tags: , data breach, , , ,   

    Ring denies massive data breach 

    Ring denies massive data breach

    Ring’s cameras have been in the news a lot lately. Sometimes it’s for good reasons like footage from a Ring camera led to the arrest or conviction of a criminal. However, most of the news seems to have been bad for Ring. Throughout 2019, there was a rash of news stories where hackers and internet pranksters would access someone’s Ring security camera to try to harass or scare a random family. Ring keeps claiming that these security breaches happen due to two-factor authentication not being enabled. But how can that explain close to 4,000 Ring account credentials being exposed on the web?

    [youtube https://www.youtube.com/watch?v=XxcYimzcTik%5D

    BuzzFeed News reported on the alleged breach after they were contacted by a security researcher who found the exposed credentials online. When Ring was asked about the breach, they claimed that there was no breach at all. A Ring spokesperson claims that the credentials were harvested from other data breaches outside of Ring and that Ring customers were just using the same passwords and logins as their Ring service. While that’s statistically improbable, it could be true. Except, BuzzFeed showed the customer credentials to more security experts who noted that the credentials contained Ring specific data such as camera names that customers use. Reportedly, this kind of information can’t be gleaned from outside of Ring’s network.

    If you are a Ring customer, we would recommend changing your login and password as soon as possible and to enact two-factor authentication. With 2FA enabled, it will make it more difficult for someone to access your home cameras. Also, if you’re using the same login and password for other online accounts as you do with your Ring setup, you change them immediately as well. And never use the same password across multiple online accounts. Once one of those accounts become compromised, then they all do.

     
  • Geebo 8:00 am on July 30, 2019 Permalink | Reply
    Tags: capital one, data breach   

    100 million card holders hit by data breach 

    100 million card holders hit by data breach

    If you have a credit card through Capital One, you’re probably waking up to the news that your data might have been exposed on the internet. According to reports, 33-year-old Paige Thompson worked for Capital One’s cloud hosting service and was able to gain access to the information through a vulnerability in Capital One’s firewall. Thompson is believed to have not only bragged about having the Capital One information on social media but also posted the information on an online repository that’s normally used to host open source projects. She is said to have done all this while continuing to use her real name.

    The breach is said to have affected more than 100 million Capital One customers. 140,000 Social Security numbers were said to have been exposed along with countless names, addresses, credit scores, and bank account numbers. Capital One states that the vulnerability has since been patched and that they will be offering free credit monitoring for anyone affected by the breach. If you are a Capital One customer that has been affected you should be receiving notification shortly telling you that your account had been breached. This breach could end up costing Capital one somewhere in the range of $100-$150 million.

    [youtube https://www.youtube.com/watch?v=8VLNb4yh1k8%5D

    However, not all is lost if your account has been exposed. In order to better protect yourself, it is recommended that you go over your credit card statements to make sure there hasn’t been any unauthorized activity. You can also freeze your credit temporarily so no one can take out any loans or other financial transactions in your name. You should also change all the passwords to your financial accounts and make sure not to use the same password. what you shouldn’t do is ignore this issue as it has the potential to damage not only your credit but your personal finances as well. Don’t let someone else’s actions negatively impact your financial well being.

     
  • Geebo 8:00 am on June 4, 2019 Permalink | Reply
    Tags: data breach, , , , quest diagnostics   

    Giant medical lab bleeds patient information! 

    Medical lab bleeds patient information!

    If you’ve ever had a blood test at your doctor’s office that they had to send to a lab, chances are that they may have sent it to Quest Diagnostics. Quest is one of if not the largest medical testing corporation in the country. Due to the sheer amount of testing and processing that Quest does, they must have their logistics down to a T to be able to handle so many patients. However, recent events have shown that even a well-oiled machine is vulnerable to breakdown.

    Within the past few days, it’s been reported that Quest has had a patient data breach on a massive scale. According to reports, close to 12 million patients have had their personal data exposed due to a billing vendor giving unauthorized access to an unidentified person. This information is said to have included financial information such as credit card numbers, medical information, and personal information. Quest claims that the results of any testing have not been exposed but they have also notified law enforcement of the breach.

    [youtube https://www.youtube.com/watch?v=rycsBSVOQDk%5D

    Besides being a PR nightmare for Quest, this could end up being very costly for them as well. Under the Health Insurance Portability and Accountability Act or HIPAA as it’s better known as the government could levy hefty fines against both Quest and their billing vendor for compromising such information. So far the largest HIPAA violation fine has been $5.5 million levied against a hospital that allegedly exposed over 100,000 patients’ information. With Quest and its vendor reportedly exposing the information of 12 million patients we could sadly see a new record being set.

     
  • Geebo 8:00 am on May 2, 2019 Permalink | Reply
    Tags: data breach, ,   

    Data breach exposed most American families 

    Data breach exposed most American families

    This past week, a data breach was discovered that could have put the personal information of 80 million American families at risk. Internet security experts discovered an unprotected database that was hosted in the cloud included names, ages, and genders as well as income levels and marital status. What’s even more concerning is that it’s unknown who the database belongs to. It’s been theorized that it may belong to an insurance or mortgage company.

    [youtube https://www.youtube.com/watch?v=vt-Mf8W-Zlg%5D

    Every person in the database is said to be over the age of 40 which could potentially put seniors at risk not only for identity theft but phishing scams as well. There’s no evidence to suggest that cybercriminals accessed the database. However, the information could have been publicly accessible for months. Experts believe that the information provided in the database could also be used to launch ransomware attacks against people listed in the database.

    The server that the database was stored on was a Microsoft cloud server but it’s up to the database’s owner to make sure the database is encrypted. Microsoft has contacted the owner of the database and it has since been removed from public access. With the number of data breaches becoming more frequent every day have we reached a point where we should just expect our data to become exposed?

     
  • Geebo 10:00 am on January 18, 2019 Permalink | Reply
    Tags: Collection #1, data breach,   

    Data breach could potentially expose millions of email accounts 

    Data breach could potentially expose millions of email accounts

    If you’re the type that doesn’t change their online passwords frequently, you may want to change your passwords today. It’s been reported that a massive amount of data known as ‘Collection #1’ has been floating around on the internet for a while and contains 773 million email addresses and 21 million passwords. The list itself is a few years old so if you’ve been using the same password for while you should probably go ahead and start changing your passwords on your online accounts.

    [youtube https://www.youtube.com/watch?v=5Dy-K3QbtYM%5D

    Now you may think that you’ve probably changed your passwords since this data was collected. Well, there’s a reason this data dump has been called Collection #1. THat’s because there is a Collection #2 on the horizon which contains even more recently exposed data from within the past year. Collection #2 is said to have ten times the data that Collection #1 had. While we’re waiting for Collection #2 to hit the internet like a wrecking ball you can check to see if your email account was included in Collection #1 by checking your email address at Have I Been Pwned.

    While you’re changing your passwords there are some good practices that everyone should follow. You should never use the same password for all of your online accounts. If you have trouble remembering all your passwords there are a plethora of secure password managers that will create and remember secure passwords for your accounts. If you are going to manage your own passwords don’t fall into the trap of using the most common passwords. You may think your clever by using ‘password’, ‘qwerty’, and ‘football’ as your passwords but you’re not fooling anyone. Instead, most security experts agree that passwords should contain no dictionary words, contain a mix of uppercase and lowercase letters and numbers and at least one non-alphanumeric symbol.

    If a bad actor were to gain access to your email account they could wreak some fairly damaging havoc to your life since most of your online accounts are probably tied to that email address.

     
  • Geebo 10:12 am on December 17, 2018 Permalink | Reply
    Tags: data breach, , ,   

    Here we go again: Facebook bug exposes millions of accounts 

    Here we go again: Facebook bug exposes millions of accounts

    In what is starting to become an almost weekly event, Facebook announced this past Friday that yet another bug exposed close to 7 million accounts to third-party app developers. The bug was first discovered in September and was active for a few weeks before being corrected. The bug is said to have exposed pictures that users had posted to Facebook but did not give permission for the pictures to be seen by third-parties.

    In the grand scheme of things, this bug is not that big of a security risk as other Facebook data leaks have been in the past year. The pictures that were exposed were only those that were started to be uploaded but for some reason were never posted to the user’s timeline. Or they were photos that were posted to Facebook Marketplace. However, it further shows Facebook’s long-standing disregard not just for user privacy but for Facebook’s own security.

    This was a bug that was discovered back in September after being active for weeks. Why did it take Facebook upwards of three months before informing the public? According to the New York Times, Facebook didn’t notify government officials about the bug until November because they needed to “create a notification page” first. Again, this shows that Facebook is really more concerned about covering their own tails from regulators rather than protecting user privacy.

     
  • Geebo 10:00 am on December 11, 2018 Permalink | Reply
    Tags: data breach, , ,   

    Google+ shutting even earlier due to more massive breach 

    Google+ shutting even earlier due to more massive breach

    If you’ll recall, back in October, Google announced that it would be shuttering its underused social network Google+ in August of 2019 due to a security breach that left 500,000 user accounts vulnerable. This was after the Wall Street Journal discovered a flaw in the comically underused platform. In a world where Facebook is continually exposing millions of accounts to third parties in an almost regular basis, 500,000 users seemed like a thimble of water in the ocean in comparison. Now, a new breach has put Google in very similar company with Facebook.

    During internal testing by Google, it was recently discovered that Google+ had another bug in it that left 100 times the amount of accounts exposed than the last breach. Over 52 million accounts could have been potentially exposed with such information as a user’s name, email address, occupation, and age to third-party developers. Google has stated that there’s no evidence that any of the exposed information was used by bad actors but this latest breach has caused Google to move up the timetable for the demise Google+. Now Google has scheduled the shutdown for April of 2019.

    Besides being in amazement that Google+ actually had that many users at one point, this bug could not have come at a worse time. Maybe Google will be able to weather this storm since Google+ was nowhere near as popular as its competitors but when you add it to the multitudes of other security breaches in similar spaces this could invite even more governmental eyes looking to regulate companies like Google and Facebook. And as we’ve mentioned before, in today’s highly partisan climate it might not be the best time for any kind of sweeping legislative change.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel