May 162018
 

CBC News reports on a CBC breach:

The CBC is warning more than 20,000 of its past, present and contract employees that their personal and financial information may be at risk after a break-in and the theft of computer equipment.

“An intruder recently broke into a secure area of CBC/Radio-Canada, stealing a piece of computer equipment,” Judith Purves, executive vice-president and CFO of CBC, said in a statement.

Read more on CBC.

May 142018
 

So for a law firm, I would think this would be a really bad breach to have to disclose.

Mason Law Office in Sacramento sent a copy of their notification to the California Attorney General’s Office.  Their notification reads, in part:

What happened?

On or about May 5, 2018, we discovered evidence of unauthorized access to mycase.com by an unknown individual or group of individuals. It is unclear how this access was made since we have implemented all security measures offered by mycase.com. Client data was potentially accessed, client case information was deleted, and other administrative changes were made to the system. The extent of the information accessed will be thoroughly investigated by Mason Law Office, P.C. and mycase.com. You will be contacted if we discover any information specific to your case.

What Information Was Involved?

Generally, any information uploaded to mycase.com was potentially accessed, and information has been deleted. Information potentially accessed includes client names, social security numbers, driver’s license numbers, phone numbers, email addresses, as well as legally privileged/protected information, including legal documents, case notes, disclosures, financial statements, evidence, photos, invoices, transcripts, trust balances, and attorney-client communications. Please note, our standard procedure is to remove identifiable account information from financial statements, tax returns, and disclosure documents prior to uploading them into mycase.com. We also do not store payment information, such as credit card information used for payments into your trust account. No payment information given to us was ever put into mycase.com whatsoever. We use bank approved software for all payment transactions, which is highly regulated and secure.

May 142018
 

Phee Waterfield and Timothy Revell report:

Data from millions of Facebook users who used a popular personality app, including their answers to intimate questionnaires, was left exposed online for anyone to access, a New Scientist investigation has found.

Academics at the University of Cambridge distributed the data from the personality quiz app myPersonality to hundreds of researchers via a website with insufficient security provisions, which led to it being left vulnerable to access for four years. Gaining access illicitly was relatively easy.

The data was highly sensitive, revealing personal details of Facebook users, such as the results of psychological tests. It was meant to be stored and shared anonymously, however such poor precautions were taken that deanonymising would not be hard.

Read more on New Scientist.

May 132018
 

Gavin Mairs reports:

World Rugby has been forced to suspend one of its websites after the governing body was the target of a cyber attack that saw hackers obtain personal data from thousands of subscribers to one of their databases, The Sunday Telegraph can reveal.

It is understood that the hackers were able to access the first name, email address and encrypted passwords of thousands of users, including players, coaches and parents from across the world after the security breach on May 3.

It is not yet clear if it was a random attack to steal data or if World Rugby was deliberately targeted by one of the cyber espionage groups that has previously leaked confidential information from the websites of sporting bodies such as WADA and the IAAF.

Read more on Independent.ie.

May 122018
 

On May 11th, 2018, we learned that payment card information of some of our Guests who visited certain Chili’s® Grill & Bar corporate-owned restaurants have been compromised in a data incident. Currently, we believe the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident.

Upon learning of this incident, we immediately activated our response plan. We are working with third-party forensic experts to conduct a thorough investigation to determine the details of what happened. Law enforcement has been notified of this incident and we will continue to fully cooperate.

While the investigation is still ongoing, we believe that malware was used to gather payment card information, including credit or debit card numbers and cardholder names, from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants.

We deeply value our relationships with our Guests and our priority remains doing what is right for them. We are committed to sharing additional information on this ongoing investigation. More details can be found at: http://brinker.mediaroom.com/ChilisDataIncident.

SOURCE Chili’s Grill & Bar