Apr 212018

Lisa Polewski reports:

The emails of about 1,100 residents have been compromised following a data breach of two waste collection apps, according to the city of Hamilton.

Municipal Media Inc., the service provider for Recycle Coach and My Waste, reported the data breach to the city and several other municipalities earlier this week.

Read more on Global News.

Apr 182018

New from UpGuard:

The UpGuard Cyber Risk Team can now confirm that a cloud storage repository containing information belonging to LocalBlox, a personal and business data search service, was left publicly accessible, exposing 48 million records of detailed personal information on tens of millions of individuals, gathered and scraped from multiple sources.

This data includes names, physical addresses, dates of birth, scraped data from LinkedIn and Facebook, Twitter handles, and more.  Ashfaq Rahman, co-founder of LocalBlox, a company that bills itself as the “World’s Most Comprehensive Cross Device Identity Graph on Businesses, Consumers and Geo Audiences,” has confirmed to UpGuard that the exposed information belongs to them.

Read more on UpGuard.

Apr 172018

Alex Pearce of Ellis & Winters LLP writes:

As we have explored before, a common scam known as “W-2 phishing” can put companies in the crosshairs for data-breach lawsuits brought by their employees.

In honor of Tax Day, today’s post examines an interesting recent decision from a North Carolina federal court in one of these cases.

In that decision, called Curry v. Schletter Inc., Judge Martin Reidinger of the United States District Court for the Western District of North Carolina handed the employees a big win: a favorable ruling on a treble damages claim brought under N.C. Gen. Stat. § 75-1.1.

Read more via JDSupra. It’s actually an interesting case because the employees claimed that their employer had been negligent in not training employees to avoid phishing attacks. But read on to find out more about both sides’ arguments and how the judge decided the case.

Apr 172018

Catalin Cimpanu reports:

TaskRabbit, a web-based service that connects freelance handymen with clients in various local US markets, has emailed customers admitting it suffered a security breach.

The company has taken down its app and website while law enforcement and a private cyber-security firm are investigating the incident.

The hack appears to have taken place earlier today —US timezones— when users started posting on Twitter images showing defacements of some TaskRabit pages.

Read more on Bleeping Computer.