If you fill in this form, Equifax will send you $125 as part of its settlement with the Consumer Finance Protection Bureau, the FTC, and 48 out of 50 states. Read the rest

Equifax doxed virtually every adult in America as well as millions of people in other countries like the UK and Canada. The breach was caused by an acquisition spree in which the company bought smaller competitors faster than it could absorb them, followed by negligence in both monitoring and responses to early warnings. Execs who learned of the breach used it as an opportunity to engage in insider trading, while failing to take action to alert the public. Equifax nonconsensually gathers dossiers on everyone it can, seeking the most sensitive and potentially damaging information to record. The company was founded as part of a corporate spy-ring employed to root out and identify political dissidents and sexual minorities. Read the rest

The security firm Cybereason says that it has identified a likely state-sponsored attack on ten global mobile phone networks that they have attributed to "the Chinese-affiliated threat actor APT10," which has been "underway for years." Read the rest

Data from facial recognition scans performed by US Customs and Border Patrol on travelers crossing at an unnamed lander border point (an anonymous source says it's a US-Canada crossing) have been stolen by hacker or hackers unknown. Read the rest

Quest Diagnostics is one of America's biggest medical testing companies; they have warned securities regulators that they lost 12,000,000 customer records (credit card numbers, bank account information, medical information, Social Security Numbers, and other personal information) due to a breach at ACMA, a collection agency they used. Read the rest

First American Financial Corp is a Fortune 500 company that insures titles on peoples' property; their insecure website exposed 885,000,000 records for property titles, going back 16 years, including bank accounts (with scanned statements), Social Security numbers, wire transaction receipts, scanned drivers' licenses, tax records, mortgage records, etc -- when notified of the error, the company (which employs 18,000 people and grossed more than $5.7B last year) closed the misconfiguration. Read the rest

OG Users is a forum for people who steal login credentials for online services, mostly to sell desirable login-names for popular services like Instagram; it attained notoriety when Motherboard's Lorenzo Franceschi-Bicchierai linked the forum to an epidemic of SIM-swapping attacks; a few months later, the Reply All podcast devoted an episode to the forum. Read the rest

Writing on Techcrunch, Zack Whittaker (previously) calls out the timeworn phrase "we take your privacy and security seriously," pointing out that this phrase appears routinely in company responses to horrific data-breaches, and it generally accompanied by conduct that directly contradicts it, such as stonewalling and minimizing responsibility for breaches and denying their seriousness. "We take your privacy and security seriously" is really code for "Please stop asking us to take your privacy and security seriously." Read the rest

A dump called "Collection #1" has been released by parties unknown, containing email addresses and cracked passwords: in its raw form, it contains 2.7 billion records, which Troy "Have I Been Pwned" Hunt (previously) de-duplicated to come up with 773 million unique records -- of those 140,000,000 email addresses and 10,000,000 passwords have never been seen in the HaveIBeenPwned database before. Read the rest

After a successful phishing attack that captured over 50 accounts, hackers stole 500,000 records from the San Diego Unified School District, for staff, current students, and past students going all the way back to 2008; including SSNs, home addresses and phone numbers, disciplinary files, health information, emergency contact details, health benefits and payroll info, pay information, financial data for direct deposits. Read the rest

Facebook has notified 6.8 million users that, due to a bug, the company allowed its third-party developers to access all the users' photos, including those marked as private. Read the rest

Equifax doxed 145 million Americans, dumping their most sensitive financial data into the world forever, with repercussions that will be felt for decades to come. Read the rest

Long before Quora admitted to being breached and losing 100,000,000 million users' account data, it had disqualified itself from being used, by dint of its impulse to hoard knowledge and the likelihood that its limping business model would cause it to imminently implode. Read the rest

A user called FBSaler is offering personal data for Facebook users at $0.10 each, claiming to have account data from 120,000,000 users to offer; to prove that they have the goods, they've dumped the private messages sent by 81,000 Facebook users; and account data from 176,000. Read the rest

Cathay Pacific started investigating a potential breach in March; by May they'd learned of breaches to a system with 9.4 million travelers' data on it, then for some reason they didn't tell anyone about it, until now: "The following personal data was accessed: passenger name; nationality; date of birth; phone number; email; address; passport number; identity card number; frequent flyer programme membership number; customer service remarks and historical travel information." They are sorry if you are upset: "We are very sorry for any concern this data security event may cause our passengers." Read the rest

Yesterday, at least 90,000,000 Facebook users were forced to log back into the service without any explanation; later, the company revealed that at least 50,000,000 of them had been hacked, but wouldn't say how. Read the rest

When news broke yesterday that Facebook had suffered a breach affecting at least 50,000,000 users, Facebook users (understandably) began to widely share links to articles about the breach. Read the rest