Hack

More recent breaches we didn’t know about

Thanks to the New Hampshire Attorney General’s Office for posting breach notices online: Student Loan Xpress, Inc. reported (pdf) that the service provider for their student loans, American Education Services, inadvertently transmitted personal information on student loans to another lender that AES also has contracts with. The information may have included names, addresses, Social...

StayFriends members’ personal info exposed by SQL injection

The same individual, “unu,” who has been exposing other web sites vulnerable to SQL injection, has issued some screen shots showing how the German site, StayFriends, left its over 7 million users’ personal information vulnerable to exposure or access. According to the account of the hack, the exposure involved names, email addresses, passwords, some...

It’s Symantec’s turn (updated with response from Symantec)

A hackers’ group has seemingly managed to embarrass another security vendor. After revealing that Kaspersky, BitDefender Portugal, and F-Secure all had vulnerabilities in their sites, the hacker has now reported a blind SQL injection of emea.symantec.com. It’s not clear from the report what kinds of information might have been accessible via the attack. Symantec.com...

UF notifies thousands of possible breach of ‘Grove’ computer system

From a University of Florida announcement: University of Florida officials are making every effort to notify more than 97,200 people that an intruder gained access to a computer system containing files with their personal information. The files included the names and Social Security numbers of students, faculty and staff who used the “Grove” computer...

Valley National Bank replaces cards after Heartland

When payment processor Heartland Payment Systems announced it had been breached on January 20, management at Valley National Bank in New Jersey went into action. By January 26, they had notified the New York State Attorney General’s Office that they were replacing 20,013 cards as a result of the breach and had kicked into...

Floridians warned about ID data breach at Wyndham Hotels

Note: this is an update to a breach we reported here last month and that occurred last summer. In addition to the Florida story below, Wyndham reported to NYS that the breach affected 8,787 NYS residents (report not yet available online). Attorney General Bill McCollum is asking Floridians to monitor their credit statements to...

AL: Computer Hacking at UA (updated)

Diana Moorer reports: Thousands of people in West Alabama are learning their personal information could be at risk. According to a University of Alabama spokesperson, a small portion of the university’s computer system was recently breached by a hacker. UA said they discovered the intrusion and took steps to block further unauthorized access. The...

First arrests made in Heartland data breach case

Chuck Miller reports: Three men have been arrested in Tallahasee, Fla., in connection with the Heartland Payment Systems data breach, authorities said. The men, Tony Acreus, Jeremy Frazier and Timothy Johns, each were charged with multiple counts of credit card fraud, police said. The arrests were part of a larger investigation into the breach,...

Kaspersky: no personal information lifted during web hack

Dan Goodin reports: Anti-virus provider Kaspersky Lab on Monday moved to reassure customers that none of their personal information was accessed during a 10-day security lapse that exposed a database used to run a support site for its US users. The company also apologized for the blunder and said it was bringing in database...