Data Security

Krebs on Security reported a security weakness that affected millions of USPS customers. The vulnerability in question allowed anyone with an account on USPS.com to view granular information about the site’s more than 60 million users. In what has become an all too familiar scenario, Krebs on Security was contacted by a researcher who discovered the problem a year...

The Wall Street Journal (subscription required) reported a potential new partnership between Apple and the Department of Veterans Affairs that would give military veterans access to portable electronic health records. This move will have one effect: expanding attackable surface and creating a new vector for fraudsters to attack. That should be enough to give pause, but there is more....

The American business and financial services company Moody’s will start factoring risk of getting hacked into their credit ratings for companies. The move is seen as part of a wider initiative to gauge the risk of cyberattacks and data breaches to companies and their investors. “We've been in the risk management business for a very long time. This is...

The Girl Scouts of Orange County has sent out letters warning almost three thousand members that their personal information may have been compromised in a breach. The letter, which was also filed with the State of California, explained that the organization “became aware that an unauthorized third party illegally gained access” to their email account, but “did not appear...

Facebook announced in a blog post on November 5th that it blocked 115 accounts on its platforms after being informed by law enforcement that they may have been “engaged in coordinated inauthentic behavior.” Roughly 30 of the Facebook accounts blocked were from Russian or French speakers, with the remaining 85 on its Instagram platform being in English. According to...

The international soccer league FIFA announced it had been hacked earlier this year and is bracing itself for a potential data breach. This latest cyber incident marks the second major successful hack on the organization, the first reported in 2017. That attack was attributed to a Russian hacking group alternately called Fancy Bear and APT28. News of this new hack...

The Israeli evening news Hadashot reported that Iran “is again facing a attack, from a more violent, more advanced and more sophisticated virus than before.” According to sketchy reports, the attack  hit infrastructure and strategic networks. Stuxnet was a worm believed to be the product of a U.S./Israel collaboration that targeted the Siemens equipment used in Iran’s nuclear centrifuges. It was...

The U.S. Justice Department announced charges against ten Chinese intelligence agents for hacking into computer systems belonging to U.S. and international companies to steal aerospace technology and data. The indictment, revealed earlier this week accuses agents working for the Jiangsu Province Ministry of State Security (JSSD) of conspiring “to steal sensitive commercial technological, aviation, and aerospace data by hacking into...

A network-wide infection of Russian malware at the U.S. Geological Survey was traced back to a single employee’s viewing of pornographic content on the job. In a study released by the U.S. Department of the Interior, the department’s security audit of “suspicious internet traffic” at a USGS facility in South Dakota was traced back to an unnamed employee with...

Hong Kong-based Cathay Pacific discovered a data breach that compromised the information of more than 9 million passengers, the company announced last week. It is the biggest breach to date of an airline. In the same release, Cathay announced that the “types of personal data accessed were the names of passengers, their nationalities, dates of birth, telephone numbers, email,...