One of the hazards outsource vendors face. A
breach of one client can panic all your clients. If there have been
multiple breaches (possible if you didn't compartmentalize your data)
the costs may prove fatal.
And then there were more. Like
Walmart Canada and CVS
before it, Costco also suspended its photo center in the wake of
a breach of third-party vendor PNI Digital Media:
PNI removed a list of its clients after Brian
Krebs reported on the list, but Brian
notes that other clients are also posting notices: Tescophoto.com
posted that it is “down for maintenance” and Rite
Aid’s photo service posted a notice concerning the
breach.
Sam’s Club has also posted a
notice:
The privacy and the security of our members’ data is of the utmost importance. In an abundance of caution and as a result of recent reports suggesting a potential security compromise of the third-party vendor that hosts Sam’s Photo website, photo.samsclub.com, we are temporarily suspending access to the site. At this time, we do not believe customer credit card data has been put at risk. This decision does not affect any other Sam’s website or our in-club operations, including in-club photo centers.
Other clients of PNI Digital include “Samsung,
ASDA (Wal-Mart UK), Hallmark UK, Blacks Photo, Loblaws, Fujifilm,
Kodak, Fred Meyer, Marks & Spencer and more.”
I wonder how rapidly and aggressively law
enforcement will pursue these hackers? On the other hand, if that
database happens to fall into their hands...
From MeetMeInYourCity.com, a site
that describes itself as a “directory listing of independent
escorts, exotic dancers, strippers’ adult entertainers, masseuse
and escort agencies,” here’s part of their Terms &
Conditions:
Secure technology is used to ensure your sensitive information is secure and protected from unauthorised access or improper use.
[…]
Your personal password is confidential and is encrypted to ensure its secrecy.
So why is there a data dump by @ElSurveillance of
an alleged hack that shows 2,500 users’ email addresses with
clear-text passwords?
DataBreaches.net sent an inquiry to
MeetMeInYourCity.com last night to ask them to confirm or deny the
data is from their database, and why, if it is their data, the
passwords are in clear text. No response has been received as of
this post, but this post will be updated if one is received.
MeetMeInYourCity is not the only escort-related
site attacked by @ElSurveillance, whose profile says “An owl
#Hacktivist – I aim to deliver a tiny message to the escort
agencies, #EscortsOffline is their actual flag – I always use the
front doors – #Dos.” See numerous instances of defacements on
Zone-H.
In the defacements, ElSurveillance leaves the following message:
Dear Admin and the clients
What such a great example you have given to the world
On how we can teach and raise our next generations
So they can live a much better life, Server and save our
Planet instead of just wasting their money and help
Spread the viruses just like every single stupid
Government in every single country do these days
Since you came all the way to here, They’re two things
That you can do while still viewing this page
1 – Turn on your volume and listen to the Qur’an & Just
Listening to your feelings instead of listening to the
Media and the stupid ISIS
2 – Have a look at your Logs which includes your IP
In the meantime, if you ever signed up for
MeetMeInYourCity.com, you might want to change your password for that
site and any other sites if you re-use passwords across sites.
Update: MeetMeInYourCity.com
still has not responded to the notification and request for response,
but @ElSurveillance provided the screencap below as proof of access
to their server:
Here's a suggestion. Redesign the forms so
private information is submitted on a document that is “Not for
Public Inspection.”
IRS,
nonprofits unwittingly leak 630K Social Security numbers
… More than 630,000 Social Security numbers —
including tens of thousands of numbers of Pennsylvanians — have
become public record inadvertently on tax-exempt Form 990 filings
with the Internal Revenue Service since 2001,
… Federal law deems Form 990 documents public
records — a transparency trade-off in exchange for nonprofits
getting tax breaks, and a mechanism that helps ensure charities act
in the public interest.
In its instructions for filling out 990s, the IRS
warns, “Reminder: Do Not Include Social Security Numbers on
Publicly Disclosed Forms.” The label “Open to Public Inspection”
appears in the top right corner of the first page of each form. The
IRS urges organizations to file 990s electronically to reduce
security risks and to refrain from including unneeded personal
information.
Now the virtual assistant built into your
smartphone can tell you that the person across the breakfast table is
mad at you – but not that it's because you pay more attention to
your phone than to her.
Dawn Of The
Emotionally Aware App, Possible Future ‘Emotion Chip’ To Herald
Devices That Respond To Feelings
… with today's super-fast computers, and even
mobile
devices, we're now able to detect emotion with far greater
granularity.
To see an example, we just have to turn to facial
recognition expert Rana el Kaliouby. She gave a talk at TED
last month to highlight just how accurate emotion-detection has
become, and depending on your perspective, the result is either
amazing, or downright scary.
… Through research with this software, a
couple of interesting factoids are revealed. In the United States,
women are 40% more likely to smile. In France, that number becomes
25%. In the UK? Interestingly enough, men and women there
apparently smile just as often.
Another “backgrounder” for my IT Governance
students.
Improving
Program Management in the Federal Government
by Sabrina
I. Pacifici on Jul 18, 2015
A White Paper by a Panel of the National Academy
of Public Administration sponsored by the Project Management
Institute July 2015 Improving. Program
Management in the Federal Government. PANEL – Peter Marshall,
Chair; Dan Chenok; Joseph Wholey.
No comments:
Post a Comment