What the Hack? Podcast
What the Hack? Podcast
What the Hack? Podcast
What the Hack? Podcast

Data Security

The latest on data breaches and cybersecurity and data security by Adam K Levin.

NYCWiN
A technical glitch took down a wireless network used by New York City’s municipal government, raising serious questions about security and reliability of operational technology used by the city. The New York City Wireless Network, or NYCWiN, was initially deployed in 2008 at a cost of $500 million. It costs the city an additional $37 million per year to maintain....
Banking app holes
A security analysis of 30 major banking and financial apps has shown major security holes and a lax approach to protecting user data. The analysis was conducted by the Aite Group, which looked at mobile apps in eight categories: retail banking, credit cards, mobile payment, healthcare savings, retail finance, health insurance, auto insurance and cryptocurrency. Among the most alarming finding...
CT scan
Israeli cybersecurity researchers have created malware capable of showing fake cancerous growths on CT and MRI scans. The malware, called CT-GAN, served as a proof of concept to show the potential for hacking medical devices with fake medical news that was convincing enough to fool medical technicians. In a video demonstrating the exploit, researchers at Ben Gurion University described...
Unless you live under a bottle cap rusting on the bottom of Loon Lake, you know that if you're concerned about privacy, Facebook CEO Mark Zuckerberg is the gift that keeps on taking. A week after it landed with a curious (and most likely spurious) thud, Zuckerberg's announcement about a new tack on consumer privacy still has the feel of an unexpected message...
Toyota hack?
Multiple sales subsidiaries of Toyota Motor Corp. were breached in an apparent cyberattack that may have leaked the personal information of up to 3.1 million people in the Tokyo area. Toyota announced the possible breach as being the result of “unauthorized access” to a network server containing customer information in late March, but explained that they were unable to confirm...
One billion emails
The email addresses and personal information of 982 million people were compromised in a leak from an unsecured database. The database belonged to Verifications.io, an “email validation service” that aggregates and sells information about the validity and personal data associated with email lists. Security researcher Bob Diachenko found the information in an unsecured 150GB-sized MongoDB database. “This is perhaps the biggest...
Police stalking story
Florida police officer Leonel Marines resigned after a police investigation revealed the 12-year veteran of the Bradenton Police Department had been using police databases like a dating app to locate potential women for fun and maybe more. He'd been doing it for years. While it's surprising this 5-0 Romeo actually got some dates playing fast and loose with his access to driver's...
The Federal Emergency Management Agency failed to properly protect the personal information of 2.3 million survivors of natural disasters. A partially redacted memo issued by the Office of the Inspector General of the Department of Homeland Security stated that FEMA released the personally identifiable information of 2.3 million survivors of hurricanes Harvey, Irma and Maria as well as the...
DNS
The U.S. Department of Homeland Security issued an emergency directive in January 2019 giving government agencies ten days to verify that they weren't compromised by DNS hijacking. A few days later, the Internet Corporation for Assigned Names and Numbers (ICANN), the organization responsible for governing large parts of the internet, issued a bleak warning urging businesses to do the same, and to enact stronger security...
Elasticsearch medical breach
A health company’s unprotected server exposed over six million health records in the last 12 months. Meditlab, an electronic medical record company, left a server for electronic faxes completely unprotected since bringing it online in March 2018. This meant that any information transmitted between medical offices, including records, doctor’s notes, prescriptions, and patient names, addresses, health insurance information and Social...