Category Archives: personally identifiable information

Insurer’s huge data exposure draws charges from New York state

Posted on by

New York regulators have charged an insurer with violating state cybersecurity law for allegedly exposing hundreds of millions of documents that included Americans’ personal data, including Social Security numbers and financial information. The New York State Department of Financial Services announced legal action Wednesday against the First American Title Insurance Company, the second-largest real estate title insurer in the U.S. The company is accused of exposing customers’ Social Security numbers, bank account information, driver’s license numbers and mortgage and tax records through a software vulnerability that went undetected between May 2014 and December 2018. Upon discovering the flaw during a routine security test, the insurance company failed to fix it, DFS alleged. “After the data exposure was discovered by an internal penetration test in December 2018, First American failed to conduct a reasonable investigation into the scope and cause of the exposure, reviewing only 10 of the millions of documents exposed and […]

The post Insurer’s huge data exposure draws charges from New York state appeared first on CyberScoop.

Continue reading Insurer’s huge data exposure draws charges from New York state

Iran-linked hackers steal sensitive data from U.S. Navy member, researchers say

Posted on by

Allison Wikoff has spent years tracking suspected Iranian hackers, sifting through data they’ve left behind and analyzing their techniques. But in May, when her colleague stumbled upon a server with 40 gigabytes of the hackers’ training videos and online personas, Wikoff knew she had struck gold. “[When] we started combing through all the data and video files we couldn’t believe what we were seeing,” said  Wikoff, a cyber threat analyst on IBM’s X-Force security team. “This discovery brought a whole new meaning to observing ‘hands-on keyboard activity.’” The nearly five hours of videos found on the server, which IBM reported publicly on Thursday, include evidence of a suspected Iranian hacker stealing data from the personal email and social media accounts of an enlisted member of the U.S. Navy and a Greek naval officer. The attacker managed to exfiltrate files on the military unit of the U.S. Navy member and their […]

The post Iran-linked hackers steal sensitive data from U.S. Navy member, researchers say appeared first on CyberScoop.

Continue reading Iran-linked hackers steal sensitive data from U.S. Navy member, researchers say

Michigan man accused in 2014 hack of medical center, sale of data on 65,000 people

Posted on by

Federal agents have arrested a 29-year-old Michigan man for allegedly hacking into a medical center in 2014, stealing data on more than 65,000 people and then selling it on the dark web, the Department of Justice announced Thursday. A 43-count indictment charges Justin Sean Johnson with wire fraud, aggravated identity theft and conspiracy for the hack of a database at University of Pittsburgh Medical Center, Pennsylvania’s largest health care system. Johnson’s sale of medical center employees’ Social Security numbers and addresses led other alleged criminals to claim hundreds of thousands of dollars in fake IRS tax refunds, prosecutors said. “The health care sector has become an attractive target of cyber criminals looking to update personal information for use in fraud,” Timothy Burke, special agent in charge for the U.S. Secret Service in Pittsburgh, said in a statement. The indictment also alleges that from 2014 to 2017 Johnson sold other personally identifiable information […]

The post Michigan man accused in 2014 hack of medical center, sale of data on 65,000 people appeared first on CyberScoop.

Continue reading Michigan man accused in 2014 hack of medical center, sale of data on 65,000 people

Blockchain-based VPNs: The Next Step in Privacy Tech?

Posted on by

Could open source bandwidth utilized by blockchain be the alternative to today’s VPN? Every person who goes online today fights a losing privacy battle. Every site we visit, every app we download, every service we subscribe to collects our perso… Continue reading Blockchain-based VPNs: The Next Step in Privacy Tech?

Businesses Skating on Thin Ice Using Third-Party Services

Posted on by

Every year businesses lose millions of dollars in data breach incidents. A survey by Ponemon Institute revealed a 3% increase in third-party data breaches in 2018, with 59% of companies experiencing a breach due to third parties in 2018. And more than… Continue reading Businesses Skating on Thin Ice Using Third-Party Services

Protecting Healthcare Data and Infrastructure

Posted on by

The healthcare industry is increasingly targeted by cybercriminals. As digital transformation accelerates and more providers move their internal systems to the cloud, deploy IoT medical devices and host medical records online, they become even more vu… Continue reading Protecting Healthcare Data and Infrastructure

Rare cybercrime enforcement in Russia yields 25 arrests, shutters ‘BuyBest’ marketplace

Posted on by

Russian authorities arrested more than two dozen people as part of a law enforcement operation against an alleged network of illicit websites where users bought and sold stolen payment cards and personal data. The Federal Security Service (FSB) on March 20 apprehended 25 people, including Russians and foreign nationals, for their alleged roles in a digital identity theft ring, the agency announced on Tuesday. The accused scammers were allegedly running a dark web marketplace called BuyBest, or GoldenShop, and dozens of  corresponding “mirror” websites, according to an alert from the threat intelligence firm Gemini Advisory, which was obtained by CyberScoop. Alexey Stroganov, an accused hacker who went by the name “Flint24,” was among those arrested, according to a court file posted on a Moscow city website. A partial list of those those charged appears to have been published on a LiveJournal page. Multiple discussion forums on Russian-language cybercriminal markets were focused on the […]

The post Rare cybercrime enforcement in Russia yields 25 arrests, shutters ‘BuyBest’ marketplace appeared first on CyberScoop.

Continue reading Rare cybercrime enforcement in Russia yields 25 arrests, shutters ‘BuyBest’ marketplace

Data Privacy and Security in the Travel Industry

Posted on by

As COVID-19 mauls the travel sector and hotels, airlines and cruise lines shutter their doors or park their planes and ships, this interlude may present them an opportunity to address how they handle passenger information. Each of these sectors of the… Continue reading Data Privacy and Security in the Travel Industry

FBI arrests alleged operator of a Russian hosting service meant for scammers

Posted on by

U.S. authorities have arrested a Russian man accused of running an illicit service where buyers allegedly have spent years purchasing stolen data and hacked web accounts. In a complaint unsealed March 9, the FBI accused Kirill Victorovich Frisov of operating Deer.io, a web hosting service where subscribers can host independent stores online for roughly $250. The site, which remains online, is based in Russia, outside the reach of U.S. law enforcement, and advertises itself as the home of more than 24,000 accounts with more than $17 million in sales. Unlike legitimate hosting services, Deer.io promises anonymity and markets strong defenses against the kind of distributed denial-of-service attacks that scammers often use to harass each other, the threat intelligence provider Digital Shadows found in 2016. FBI investigators probing the site determined it existed entirely for the purpose of cybercrime. Seamus Hughes, the deputy director of the Program on Extremism at George Washington […]

The post FBI arrests alleged operator of a Russian hosting service meant for scammers appeared first on CyberScoop.

Continue reading FBI arrests alleged operator of a Russian hosting service meant for scammers