The Defense Information Systems Agency, which calls itself a combat support agency of the Defense Department on its website, employs 8,000 military and civilian employees.
The DIA, which is responsible for secure White House communications, said Social Security numbers and other personal data its network held, was likely compromised, reports Reuters, citing a letter sent to compromised individuals. Read the rest
Personal information for more than 10 million former guests of MGM resorts has been posted on a hacking forum. Among the notable data breach victims: Twitter and Square CEO Jack Dorsey. The leaked data includes home addresses, and is said to only affect guests who stayed at the hotel chain's properties before 2018. Read the rest
• The Equifax breach was disclosed in 2017, exposed financial records of 150M Americans
• FBI Deputy Director David Bowdich: “This is the largest theft of sensitive PII by state-sponsored hackers ever recorded.” Read the rest
An unsecured facial recognition database that contained info on thousands of children from 20 schools in China, half of which are located in historically ethnic Tibetan areas, has been found online. Read the rest
After LifeLabs was hit by a a cyber attack in November, the Canada-based medical lab paid a ransom to recover stolen data belonging to more than 15 million of its customers. That stolen data included usernames, password, and some 80,000 or more test results. Read the rest
In a decision released late Tuesday night, a federal judge ruled that up to 29 million Facebook users whose personal info was stolen in a September 2018 data breach are not entitled to sue Facebook as a group for damages -- but the users may be entitled to demand better personal data security at Facebook. Read the rest
Cellular phone provider T-Mobile on Monday is confirming earlier reports of a data breach, and says the breach affected over a million of its customers. Read the rest
T-Mobile today admitted that a recent "criminal hack" accessed personal data of some prepaid wireless customers' accounts. Read the rest
Back in 2011, I signed up for a Zappos account so I could buy pants for a wedding I was in. Then I returned them because they didn't fit. I ended up buying them at the local Macy's instead (although I bought the wrong shade of grey, oops).
That should have been the end of my relationship with Zappos. Until I received this email the other day:
Zappos put me at risk by exposing my data. And the best mea culpa they can offer is "Here's a discount so you can help us to increase our Q4 revenue!" That might be even pathetic than the $125 offering from Equifax. Equifax may have exposed more personal information, but unless I plan on buying a $2,000 pair of John Lobb boots from Zappos—thus giving $1800 back to the company that just screwed over my data—then I'm basically getting nothing.
To be clear, Zappos offer here has only been preliminarily approved by the court in charge of the settlement. If enough people say, "I'm not paying you to pay me financial damages," the judge may change their mind. But I wouldn't hold my breath. If the only consequence to expose customer data is increasing Q4 revenue, then there's never going to be any incentive for any company to give a shit about the personal information of the people who keep them in business. And that's not a healthy economy.
Another data security disaster for 'food delivery on demand' startup DoorDash, and it's not their first. The company confirms a data breach, and says sensitive information belonging to 4.9 million individual customers, delivery workers, and merchants -- all stolen by hackers. Read the rest
A massive database hosted on Amazon Web Services (AWS) for Mumbai-based internet company Chtrbox that contained contact info for millions of Instagram accounts for influencers, celebrities and brands has been discovered leaked online. Read the rest
That massive Equifax data breach on September 7, 2017, shocked everyone, but a year and a half later, where the data of all those 143 million Equifax users ended up is still a mystery. Read the rest
It seems that we can't have nice, unhacked things. According to Gizmodo, someone has hacked NASA's personnel database to gain access to social security numbers and other personal information of the space agency's staff.
News of the security breach was only disseminated via memo to NASA's employees on December 18th, despite the fact that the agency became aware of the hack back on October 23rd.
From Gizmodo:
According to the memo, NASA is working with federal investigators to determine the extent of the breach and who might be responsible. It said that servers were accessed that contained the personal information of employees that worked at the agency between July 2006 and October 2018. The message was sent to inform employees to take the necessary precautions to prevent possible identity theft. It seems that investigators still haven’t narrowed down the employees who may have been effected, however the agency promised to notify individuals as that information becomes available.
When contacted for comment by Gizmodo, a NASA spokesperson could not say exactly how many employees’ information was potentially exposed, but they did confirm that the agency “does not believe that any agency missions were jeopardized by the intrusions.”
If anyone knows who's responsible for the hack, they're keeping their mouths shut about it. Hacking's so hot right now -- the breach could have been pulled off by anyone from a code-savvy lone-acting lady at a coffee shop to a high-falootin' government sponsored collective in Eastern Europe. Also, China. It'll be interesting to see what, if anything, is done with information that was obtained during the hack. Read the rest
