When Vancouver tech retailer NCIX went bankrupt, it stopped paying its bills, including the bills for the storage where its servers were being kept; that led to the servers being auctioned off without being wiped first, containing sensitive data -- addresses, phone numbers, credit card numbers, passwords, etc -- for thousands of customers. Also on the servers: tax and payroll information for the company's employees. Read the rest

Jesse writes, "Vancouver tech retailer NCIX was driven into the ground last year (much to the morbid fascination of local techies). Now their fetid corpse is in the news again, after their SQL servers were sold for $1500 at auction without being wiped, containing the personal data – including credit card details – of thousands of customers." Read the rest

Last year Equifax sheepishly admitted that it had breached hundreds of millions of Americans', Britons' and Canadians' private financial data and then suppressed the news (subsequent months revealed that the company had suffered multiple breaches, so many it didn't know what it had lost and wasn't looking very hard). Read the rest

The porn extortion scam works like this: you get an email from a stranger claiming that he hacked your computer and recorded video of you masturbating to pornography, which he'll release unless you send him some cryptocurrency. Read the rest

On August 2, 2017, security researcher Dylan Houlihan contacted Panera Bread to warn them that their customer loyalty website had a serious defect that allowed attackers to retrieve the names, email and physical addresses, birthdays and last-four of the credit cards for up to seven million customers. Read the rest

Fedex acquired a company called Bongo International in 2014; Bongo specialized in helping North American companies sell overseas and after the acquisition, Fedex renamed the company FedEx Cross-Border International. Read the rest

A leaked set of disclosures made by Equifax to the US Senate have revealed that the breach of 145.5 million Americans' sensitive financial data was even worse than suspected to date: in addition to data like full legal names, dates of birth, Social Security Numbers, and home addresses, it appears that Equifax also breached drivers' license numbers and issue-dates. Read the rest

Millions of new cars sold in the US and Europe are "connected," having some mechanism for exchanging data with their manufacturers after the cars are sold; these cars stream or batch-upload location data and other telemetry to their manufacturers, who argue that they are allowed to do virtually anything they want with this data, thanks to the "explicit consent" of the car owners -- who signed a lengthy contract at purchase time that contained a vague and misleading clause deep in its fine-print. Read the rest

Vtech is the Taiwanese kids' crapgadget vendor that breached sensitive data on 6.3 million children and their families, lied about it and covered it up, then added a dirty EULA to its products that made us promise not to sue them if they did it again. Read the rest

The Data Security and Breach Notification Act (S2179) was introduced by three Senate Commerce Committee Democrats, Bill Nelson [D-FL], Richard Blumenthal [D-CT] and Tammy Baldwin [D-WI] in the wake of the revelation that Uber hid a breach involving 50,000,000 riders and 7,000,000 drivers for over a year after paying hush-money to the criminals who stole the data. Read the rest

Uber's Chief Security Officer Joe Sullivan and his top aide have both been forced out of the company in an act of penance for the revelation that the company suffered a breach in October 2016 in which hackers stole personal data from 50,000,000 riders and 7,000,000 drivers, including 600,000 drivers' US driving license numbers; Uber says the disgraced employees acted alone when they then paid the hackers who stole the data $100,000 to hush it up. Read the rest

This weekend, we learned that Discus -- the commenting system we once used here on Boing Boing -- suffered a breach in 2012 in which 17.5m user accounts (email addresses, signup names, account activity dates and some unsalted, weakly encrypted passwords) were stolen. Read the rest

Equifax dumped dox on 143 million Americans (as well as lucky Britons and Canadians!), sat on the news for five weeks, let its execs sell millions in stock, and then unveiled an unpatched, insecure WordPress site with an abusive license agreement where you could sign up for "free" credit monitoring for a year, in case someone used the immortal, immutable Social Security Number that Equifax lost control over to defraud you. Read the rest

From mid-May to July 2017, Equifax exposed the financial and personal identifying information of 143 million Americans -- 44% of the country -- to hackers, who made off with credit-card details, Social Security Numbers, sensitive credit history data, driver's license numbers, birth dates, addresses, and then, in the five weeks between discovering the breach and disclosing it, the company allowed its top execs to sell millions of dollars' worth of stock in the company, while preparing a visibly defective and ineffective website that provides no useful information to the people whom Equifax has put in grave financial and personal danger through their recklessness. Read the rest

The Swedish Transportstyrelsen (Transport Agency) botched its outsourcing to IBM, uploading its records to IBM's cloud and then emailing cleartext copies to marketing managers, unvetted IBM employees in the Czech Republic and others. Read the rest

Information security is a race between peak indifference to surveillance and the point of no return for data-collection and retention. Read the rest

Opponents of Ecuadoran president Rafael Correa -- himself a prolific and shrewd social media campaigner -- have had their social media accounts hacked and used to dump embarrassing transcripts purporting to show their party in disarray and romantic scandals in their personal lives. Read the rest