Jul 232017

Catalin Cimpanu reports:

The Swedish government has exposed sensitive details on millions of citizens in one of the biggest government screw-ups ever, and the official responsible for the whole fiasco was fined only half of her’s monthly salary, which is 70,000 Swedish krona — or around $8,500.

The leak happened in September 2015, when the Swedish Transport Agency (STA) decided to outsource the management of its database and other IT services to companies such as IBM in the Czech Republic, and NCR in Serbia.

 Read more on BleepingComputer.
Jul 232017

Erin Zaranec reports:

A local nursing assistant was charged with misuse of credit cards and four other counts after using a credit card she stole from a patient.

Markita Hunter was seen in security video using a Chase Bank credit card that was stolen from a patient at University Hospitals, where she works.

Read more on News 5.

Jul 232017

I was just thinking about this guy last night, and woke up to see that Catalin Cimpanu has an update on him:

A 29-year-old man pleaded guilty in court on Friday to hijacking over 900,000 routers from the network of Deutsche Telekom, according to several reports in the German press [1, 2, 3, 4].

The man is the hacker known as BestBuy, also known as Popopret. German authorities have not released the man’s name but referenced him under the nickname Spiderman, which the hacker utilized in registering domains names that he used in hijacking and controlling Deutsche Telekom’s routers.

Read more on BleepingComputer.

It appears that Brian Krebs’ identification of “BestBuy” as “Daniel Kaye” may be correct. In one of the German articles, the defendant was referred to twice as “Daniel K.” and he was described as a Brit with ties to both the U.K. and Israel.

Jul 222017

Bradley J. Freedman of Borden Ladner Gervais LLP writes about the settlement of a class action lawsuit against Walmart and PNI Digital Media. DataBreaches.net had covered the breach involving both U.S. and Canadian photo centers at the time of the breach.

Canadian class action lawsuits over the Walmart Canada Photo Centre data breach were settled in May 2017. The lawsuits and settlement provide useful lessons for Canadian organizations that collect and process sensitive customer information.

The settlement includes:

  • Credit Monitoring: Walmart Canada and PNI Digital Media will pay the costs of a one-year credit and identity theft monitoring service (or reimbursement of previously incurred costs for a similar service) for affected customers. The maximum cumulative total available for credit monitoring for all affected customers is $350,000.
  • Recovery of Expenses: Walmart Canada and PNI will reimburse affected customers for their out-of-pocket losses, unreimbursed charges and time spent remedying issues traceable to the data security incident (at $15 per hour for up to five hours) to a maximum of $5,000 for any one customer. The maximum cumulative total available for recovery of expenses for all affected customers is $450,000.
  • Administration Costs: Walmart Canada and PNI will pay up to $250,000 for the reasonable costs of administering the settlement, including the costs of a court-appointed independent claims administrator.

Read more on Martindale.com.

Jul 222017

Serge F. Kovaleski and Stacy Cowley report that external counsel for Wells Fargo Advisors appear to have over-responded to a discovery request by inadvertently including financial details on 50,000 Wells Fargo high-wealth clients:

When a lawyer for Gary Sinderbrand, a former Wells Fargo employee, subpoenaed the bank as part of a defamation lawsuit against a bank employee, he and Mr. Sinderbrand expected to receive a selection of emails and documents related to the case.

But what landed in Mr. Sinderbrand’s hands on July 8 went far beyond what his lawyer had asked for: Wells Fargo had turned over — by accident, according to the bank’s lawyer — a vast trove of confidential information about tens of thousands of the bank’s wealthiest clients.


The documents were sent by Angela A. Turiano, a lawyer with Bressler, Amery & Ross, an outside law firm in Florham Park, N.J., hired by Wells Fargo, which is not a party to the suit. Mr. Sinderbrand and one of his lawyers, Aaron Zeisler, notified Ms. Turiano on Thursday morning about the sensitive documents now in their hands.

Read more on the New York Times. The law firm, in turn, appears to be pointing fingers at a vendor it employed.

There are a lot of questions that Wells Fargo clients and employees will understandably be asking in the wake of this incident. And how many people will spit at the “We take your privacy very seriously” assurances that will be flying around?