Two incidents involving Texas tax preparers may have put customers at risk of ID theft

 Posted by at 8:18 am  Business Sector, Commentaries and Analyses, Hack, Insider, U.S.
Feb 102019
 

Remember when it seemed like every day we were reading about ID theft and tax refund fraud schemes involving rogue employees of tax preparation firms?

Yeah, well it’s still a thing.  Here’s a story about a former rogue employee at Jackson Hewitt in McKinney, Texas.  If you or someone you know may have used that firm’s branch or a Jackson Hewitt office in north Texas,  you should check your credit report and take steps to protect yourself.

And in other unsettling news involving a Texas tax preparer,  on August 2 of 2018, thedarkoverlord tweeted that they had hacked a Hurst, Texas firm called CB Tax Service.  But they hadn’t hacked that firm at all, as I realized when I started investigating a sample of data the hacker(s) had provided to this site.

This site’s investigation indicated that the firm that they did hack was a firm with a similar name, C & B Tax Preparation.  That firm,  owned by one Wynora Johnson, had and has an address in Dallas.  But a number of attempts to reach Ms. Johnson by phone failed — numbers were disconnected and the one working number was answered by someone who said she knew nothing about Ms. Johnson or that business.

So if you were a customer of C & B Tax Preparation in Dallas,  you would be prudent to assume that thedarkoverlord is in possession of any personal and financial information you shared with that tax preparer.  And you would be prudent to assume that if thedarkoverlord failed to successfully extort the firm  (and for now, I will assume that they failed because they didn’t even have the right victim identified), then your personal and financial data may be up for sale on the dark web at some point.  The sample data they had sent me have a number of image files as well as copies of completed tax-related forms and bank information.  The image files include images of people’s driver’s licenses with name, address, DOB, and picture, as well as images of their and dependents’  Social Security cards.

DataBreaches.net did alert law enforcement in Dallas about the incident in the hopes that they would be able to notify the business or its owner.  This site never received any follow-up, though, as to whether the business or its owner was ever reached — or, even more importantly — whether the business’s customers have been contacted and notified that their information is in the hands of thedarkoverlord. So if you know someone who used that service, you might want to encourage them to take steps to monitor their credit report and take steps to protect themselves.

AU: Officer jailed for using police database to access personal details of dozens of Tinder dates

 Posted by at 6:59 pm  Government Sector, Insider, Non-U.S.
Feb 042019
 

Frances Bell reports:

A former long-serving police officer has been jailed for six months for illegally accessing the personal details of almost 100 women to determine if they were “suitable” dates.

Adrian Trevor Moore was a 28-year veteran of WA Police and was nominated as police officer of the year in 2011.

The former senior constable pleaded guilty to 180 charges of using a secure police database to access the information of 92 women he had met, or interacted with, on dating websites including Tinder and Plenty of Fish.

Read more on ABC (AU).

h/t, Joe Cadillic

Data of 14,200 Singapore patients with HIV leaked online by American fraudster who was deported from here

 Posted by at 9:46 am  Health Data, Insider, Non-U.S., Of Note
Jan 282019
 

Chang AI-Lien reports:

 Confidential information of 14,200 people with HIV, including their names, contact details and medical information, has been stolen and leaked online, and the culprit is an American fraudster, the Ministry of Health revealed on Monday (Jan 28).

Mikhy Farrera-Brochez, the man behind the leak, lived in Singapore from 2008 onward before being jailed in 2017 for several fraud and drug-related offences and lying to the Ministry of Manpower about his own HIV status.

His partner was Ler Teck Siang, a male Singapore doctor who was head of MOH’s National Public Health Unit (NPHU) from March 2012 to May 2013 and had access to the HIV Registry for his work. He has been charged under the Official Secrets Act for failing to take reasonable care of confidential information regarding HIV-positive patients.

Read more on AsiaOne.

Yahoo! News  also reports that:

Ler was sentenced to two years’ jail last year for abetting Brochez to commit cheating, and also of providing false information to the police and the health ministry. His appeal is expected to be heard in March.

GA: Mount Zion student pleads not guilty to computer hacking to avoid homework

 Posted by at 1:13 pm  Education Sector, Insider, U.S.
Jan 252019
 

Tony Reid reports the update to a story previously noted on this site:

A Mount Zion High School student is pleading not guilty to three charges of tampering with computers after police said he shut down his school district’s computer network while trying to sabotage a homework assignment.

Gage C. Hart, 18, appeared in Macon County Circuit Court on Wednesday and was represented by Chief Public Defender David Ellison.

Read more on Herald & Review.

Ca: REPORT: Significant privacy breach at Belleville General Hospital

 Posted by at 3:57 pm  Health Data, Insider, Non-U.S.
Jan 242019
 
David Foot reports:
According to newspaper reports, there’s been a privacy breach at Belleville General Hospital, in what Quinte Health Care officials are calling an isolated incident.
The Belleville Intelligencer report says a nurse was fired over the incident for accessing “hundreds of patient records” and that, while QHC staff are trying to nail down a timeline of events, the activity was noticed by the corporation’s privacy office in September.
The report says information accessed could include names, addresses, birth dates, health card numbers and other health information.
Read more on Quinte News.
 Older Entries  Newer Entries