Brian Krebs reports: One of the cybercrime underground’s more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned. Since at least February 2023, a service advertised on Telegram called USiSLookups has operated an automated bot that allows anyone to look…
Okta admits hackers accessed data on all customers during recent breach
Carly Page reports: U.S. access and identity management giant Okta says hackers stole data about all of its customers during a recent breach of its support systems, despite previously stating that only a fraction of customers were affected. Okta confirmed in October that a hacker used a stolen credential to access its support case management system…
Hackers breach Israel intelligence group’s website
The Middle East Monitor reports: An unknown entity has breached the website of the Shin Bet veterans’ association, Shoval, and may have stolen the details of the intelligence agency’s former employees, the French website Intelligence Online has reported. According to the website, the agency’s management has requested members of the association to be cautious, especially when travelling…
Queensland passes mandatory data breach notice laws
Justin Hendry reports: Queensland has become only the second state to legislate a mandatory data breach notification scheme for public sector entities, as an almost identical scheme comes into effect in New South Wales. The Information Privacy and Other Legislation Amendment Bill 2023 passed through the Queensland state Parliament on Wednesday, less than two months…
A cyberattack hit thousands of people in Louisiana. They’re still in the dark months later. (2)
Stephen Marcantel reports: It was early August when teacher Heather Vidrine first heard about a cyberattack on her former school district in St. Landry Parish, but she didn’t think much about it — even after her Facebook got hacked. Now, she’s left to wonder whether the two are connected. Her Social Security number and other…
KidSecurity’s user data compromised after app failed to set password
Paulina Okunytė reports: KidSecurity, a popular parental control app that’s used to track children, has exposed its activity logs, leaving users’ private data in the hands of threat actors. With more than a million downloads on Google Play, KidSecurity provides parents with services to track their children’s location, listen to the sounds around the child…