Apr 122014

Nathan Baker reports:

Tennessee’s two public higher education systems are trying to trace the source of a possible federal income tax scam resulting from the stolen identities of some of their employees.

An email sent to faculty and staff in the Tennessee Board of Regents system said the college governing body was alerted to the possible scam by the University of Tennessee at Knoxville, which belongs to its own system.

The email said that when at least eight UTK employees attempted to file their income tax returns, they were notified by the U.S. Internal Revenue Service that a return had already been filed under their names and Social Security numbers.


Read more on Johnson City Press.

Apr 112014

Ildefonso Ortiz reports:

A Donna man with ties to the international computer hacking group Anonymous is accused of trying to break into various Web servers, including those of Hidalgo County, La Joya ISD and The Monitor.

Thursday morning, a somber-looking Fidel Salinas went before Magistrate Judge Peter Ormsby, who informed him of the new accusations presented in a superseding indictment that was recently handed up that charges him with 14 separate counts related to Internet hacking. Since his initial arrest in September, Salinas, 27, has been out on bond. …  Salinas had originally been indicted in September following an FBI investigation into his attempt to hack the Hidalgo County Web server.

Read more on The Monitor.

Apr 092014

Sean Gallagher reports on an interesting revelation concerning the second data breach at the University of Maryland:

A whitehat hacker from the Baltimore suburbs went too far in his effort to drive home a point about a security vulnerability he reported to a client. Now he’s unemployed and telling all on reddit.

David Helkowski was working for Canton Group, a Baltimore-based software consulting firm on a project for the University of Maryland (UMD), when he claims he found malware on the university’s servers that could be used to gain access to personal data of students and faculty. But he says his employer and the university failed to take action on the report, and the vulnerability remained in place even after a data breach exposed more than 300,000 students’ and former students’ Social Security numbers.

As Helkowski said to a co-worker in Steam chat, “I got tired of being ignored, so I forced their hand.”

Read more on Ars Technica.


Apr 072014

Elaine Keogh reports:

The Data Protection Commission is investigating a data breach by a college, which led to applicants being given portfolio assessment marks of other applicants instead of receiving just their own result.

As part of the application process, prospective students for the Bachelor of Arts course at Cork Institute of Technology must include a portfolio of their work and it is assessed and marked out of 600.

The names and addresses of each of the 137 applicants who had been successful and selected to go to the next stage of the process were also part of the email that was sent to all those who received the email.

Read more on Independent.ie

Apr 042014

Greg Parlier reports:

The Social Security numbers of 530 Polk County School District employees were available to the public online for two years until they were taken down last month, district officials said Thursday.

Mike Perrone, the School District’s chief financial officer who oversees human resources, said the numbers were part of a large document that shouldn’t have been put online.

Read more on The Ledger. Kudos to the district for disclosing how many times the file had been viewed during the two years and analyzing how what percent of the IP addresses were likely from employees and what percent may have viewed the SSN. 

Apr 032014

Curt Anderson of Associated Press reports:

Twenty-five people accused of using thousands of stolen identities to claim $36 million in fraudulent tax refunds have been arrested in the latest South Florida sweep, federal authorities said Thursday.

Among those charged in 19 separate cases is a middle school food service worker who swiped the identities of at least 400 Miami-Dade County students, a mail carrier charged with filching tax documents out of mailboxes and a jail guard who stole identities of inmates, according to Miami U.S. Attorney Wifredo Ferrer.

Read more on Star-Telegram

Update: I’ve posted the USAO’s press release here.