Jan 222018

Rafia Shaikh reports:

Hackers have dumped files in the Dark Web containing nearly 1.2 million email addresses and credentials from the UK’s top 500 law firms. Security researchers from RepKnight cybersecurity firm revealed earlier today that over 1,159,687 email addresses were found in these dump and over 80 percent of these were linked to leaked passwords.

The firm, however, adds that most of this data doesn’t come from any direct attacks and is a result of several third party breaches. But that doesn’t mean it isn’t damaging for the law firms who are now at risk of attacks since many of these passwords in plaintext are expected to work despite the security breach notifications.

Read more on WCCF Tech.

Jan 222018

Here’s a news report of an insider privacy breach in Canada that is just…. awful. That is has resulted in severe psychological harm and trauma to one of those impacted  is not surprising.

The incident, which you can read about here, involves records that are more than 30 years old that appear to have been maliciously sent to the child of a welfare recipient.

As such, this incident serves as a useful reminder that even very old personal data can have devastating consequences if the data are not adequately secured against unintended or malicious release.

This incident also serves as a useful reminder that entities need to have good access logs so that they can determine who is the rogue employee.  And of course, then we get to the question of why was the rogue employee even able to access these old files? Were the access controls adequate in this case?


Jan 222018

Kirsty Weakley writes:

Age UK lost the personal details for current and former staff in two separate data breaches at the end of last year and has reported itself to the Information Commissioner’s Office.

The charity has written to current and former employees to tell them that there were two incidents at the end of last year which mean people’s names, addresses, date of birth and national insurance number have been lost.

Age UK said that no bank details or passwords were lost and it is “not aware of any actual or attempted misuse of any personal data”. No customer or supporter data has been compromised.

Read more at CivilSociety.

Jan 222018

Julie Wootton-Greener reports that Jerome School District in Idaho is still working on recovering from a ransomware attack that they discovered on December 11. Readers may recall that at the time, the ransom amount was the equivalent of USD $65,000 and the district decided not to pay it as they felt they could recover from backups.

The Jerome School District has now been able to restore its most of its computer systems, such as payroll and its student database.

“We have the critical data restored for the most part,” Layne said.

About 95 percent of processes are functional, but there are still some connectivity issues, such as with a food service computer program and PowerSchool, a student management system.

Read more on Reading Eagle.

Jan 202018

Gareth Corfield reports:

A former Santander bank manager has pleaded guilty to £15,000 worth of computer misuse crimes after her boyfriend talked her into giving him illicitly obtained customer information.

This morning at the City of London Magistrates’ Court in England, Abiola Ajibade, 24, of Martock Court, Consort Road, Southwark, pleaded guilty to “causing a computer to perform a function to secure unauthorised access to a program or data” contrary to section 1 of the Computer Misuse Act 1990.

Her crimes took place over the course of a year, starting in August 2015 when she was aged 22.

Read more on  The Register.

CORRECTION:  When this post first appeared,the story was attributed to Brinkwire. Post-publication, this site learned that this article was published by The Register.  Apologies to The Register for not crediting their original work properly, and thanks to the reader who pointed out our error.