What Australian IT Leaders Need to Focus on Ahead of Privacy Act Reforms

The Australian federal government aims to deliver changes to privacy laws in 2024. Organisations are being warned to prepare ahead of time by creating a comprehensive map of organisational data. Continue reading What Australian IT Leaders Need to Focus on Ahead of Privacy Act Reforms

Good Heavens! 10M Impacted in Pray.com Data Exposure

The information exposed in a public cloud bucket included PII, church-donation information, photos and users’ contact lists. Continue reading Good Heavens! 10M Impacted in Pray.com Data Exposure

Double-dipping scammers don’t need malware to grab card numbers and turn a profit, report says

Stolen credit card numbers sometimes spill onto the dark web for the most mundane reason: People carelessly give them up. According to researchers with Gemini Advisory, a China-based e-commerce scam appears to be harvesting payment information not through direct hacks on companies or using pernicious malware to skim data, but with a simpler approach. The fraudsters set up hundreds of websites that appear to sell legitimate goods, but instead capture card numbers for sale on the dark web, Gemini says. It ends up being a double-dip for the crooks: In addition to vending the card data and other information about shoppers in cybercriminal forums, they also collect money for items that are “faulty, counterfeit, or nonexistent,” Gemini says in a report published Thursday. The dark web sales have led to profits upwards of $500,000 over the past six months, but the total take is “likely significantly larger,” considering all the money the scammers […]

The post Double-dipping scammers don’t need malware to grab card numbers and turn a profit, report says appeared first on CyberScoop.

Continue reading Double-dipping scammers don’t need malware to grab card numbers and turn a profit, report says

HackNotice to Democratize Threat Intelligence

HackNotice announced today it has added a set of free analysis and visualization tools to enable end users to know when their personally identifiable information has been disclosed. The tools, dubbed Risk Explorer, also will be available as part of Ha… Continue reading HackNotice to Democratize Threat Intelligence

VA High Court: License Plate Database Not Personal Data

Regulations related to the collection, storage and use of personal data don’t apply to the collection of license plate readings, a court has found, calling privacy regs into question As you drive to George Mason University in Fairfax, Virginia, you ma… Continue reading VA High Court: License Plate Database Not Personal Data

Breach at food delivery service Chowbus reportedly affects hundreds of thousands of customers

Two months after securing a $33 million funding round from investors, food delivery startup Chowbus is grappling with a breach that observers say exposed personal data on hundreds of thousands of customers. Customers reported receiving an email on Monday from Chowbus containing reams of customer data, including names, phone numbers and mailing and email addresses. The file is said to contain more than 800,000 rows. Got an email from @ChowbusOfficial support with a link to their full user data dump. Columns include email, full name, and full address. File has ~800000 rows. — Johnny Wang (@Johnny___Wang) October 5, 2020 The incident is a blow for a budding company that had recently attracted funding from Silicon Valley and New York venture firms alike. Founded four years ago in Chicago, Chowbus touts its app’s ability to connect diners with authentic and undiscovered Asian restaurants. In an email to customers, Chowbus CEO Linxin […]

The post Breach at food delivery service Chowbus reportedly affects hundreds of thousands of customers appeared first on CyberScoop.

Continue reading Breach at food delivery service Chowbus reportedly affects hundreds of thousands of customers

Anthem to pay $39.5 million to states in latest settlement over 2015 hack

Anthem has agreed to pay $39.5 million in penalties and fees resulting from a sweeping 2015 cyberattack on the health insurer as part of a multi-state settlement, the company announced Wednesday. It’s the latest fallout from a major data breach that exposed data on some 79 million people, and which U.S. authorities have blamed on a Chinese hacker. The settlement, based on an investigation by attorneys general in over 40 states, requires Anthem to implement a security program that includes penetration-testing, and logging and monitoring of networks. It also bars Anthem from misrepresenting how the company protects its customers’ privacy and security, according to the New York attorney general’s office. “The company is pleased to have resolved this matter, which is the last open investigation related to the 2015 cyberattack,” Indianapolis-based Anthem said in a statement, adding that it has an “ongoing and consistent focus on protecting information.” The repercussions of the […]

The post Anthem to pay $39.5 million to states in latest settlement over 2015 hack appeared first on CyberScoop.

Continue reading Anthem to pay $39.5 million to states in latest settlement over 2015 hack

Almost 235 Million YouTube, TikTok and Instagram Profiles Exposed Online by Unsecured Database

A security researcher has found a database with almost 235 social media profiles scraped from the Internet, likely belonging to Social Data. Public user data is precious, and many companies want to gather it and sell it. Social media networks represent… Continue reading Almost 235 Million YouTube, TikTok and Instagram Profiles Exposed Online by Unsecured Database

No hacking needed: Someone duped Experian into handing over data in breach affecting 24 million South Africans

For fraudsters looking to swindle big corporations, sometimes it’s just a matter of asking. Earlier this week, the South African division of credit reporting giant Experian revealed that someone posing as a client had tricked the firm into coughing up personal information on an untold amount of South African consumers. The South African Banking Risk Information Centre (SABRIC), an association of banks focused on combating crime, put a number on the breach: up to 24 million people, and nearly 794,000 “business entities,” could be affected. Investigators have been working with banks to figure out which of their customers may have had their personal data exposed, according to SABRIC. It’s a reminder of the reams of personal data that credit monitoring firms like Experian and Equifax are sitting on, and the high stakes those firms face in protecting it. A social engineering trick, or an unpatched software flaw, can open the […]

The post No hacking needed: Someone duped Experian into handing over data in breach affecting 24 million South Africans appeared first on CyberScoop.

Continue reading No hacking needed: Someone duped Experian into handing over data in breach affecting 24 million South Africans

74% of Internet Users Feel They Have No Control Over the Personal Information Collected on Them

New research conducted by the Ponemon Institute reveals a substantial lack of empowerment felt by consumers when it comes to their data privacy. There is also a gap between the data protection individuals want and what industry and regulators provide, … Continue reading 74% of Internet Users Feel They Have No Control Over the Personal Information Collected on Them