Tag: social-security

Report: Uber paid hackers $100,000 to keep 2016 data breach quiet

Enlarge (credit: Jaap Arriens/NurPhoto via Getty Images ) In a public statement, Uber has announced that it sustained a massive data breach in 2016: 57 million customers’ and drivers’ names, e-mail addresses, and phone numbers were compromised. According to Bloomberg , no trip location info, credit card information, or Social Security numbers was taken. Uber did not immediately respond to Ars’ request for comment. Read 7 remaining paragraphs | Comments

Original post:
Report: Uber paid hackers $100,000 to keep 2016 data breach quiet

Equifax tries to explain its response to a massive security breach

A day after announcing that hackers stole personal information tied to 143 million people in the US , Equifax’s response to the breach has come under scrutiny. Language on the website where people could find out if they were affected seemed to say that by signing up they would waive any right to join a class action suit against the company — something New York Attorney General Eric Schneiderman said is “unacceptable and unenforceable.” The company has since explained it does not apply to the data breach at all, but that hasn’t stopped misinformation from spreading. After conversations w my office, @Equifax has clarified its policy re: arbitration. We are continuing to closely review. pic.twitter.com/WcPZ9OqMcL — Eric Schneiderman (@AGSchneiderman) September 8, 2017 Equifax: In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident, Of course, considering the extent of what has leaked and the number of people affected, a hyperbolic reaction to anything surrounding this incident is understandable. Still, there are a few steps that people can and should take, now that we know someone has stolen more than enough information to perpetrate identity theft on a massive scale. Now that the language has been clarified, it appears legally clear to use Equifax’s website to check things out. Among Engadget staff, a few of us received notices that we aren’t among those impacted, but most weren’t so lucky. Still, there are questions about how secure the site itself is, since it requests the last six digits of each person’ social security number (and guessing first three isn’t as hard as you might think). Also, it doesn’t appear to work particularly well , responding to test and “gibberish” input with a claim that it’s part of the breach also. The best information on how to respond is available from the FTC . The government agency lays out solid next steps, like checking your credit report for any suspicious entries, as well as placing a freeze (there’s more advice on that here ) and/or fraud alert on your account with the major credit bureaus. This will make it harder for a thief to create a fake account for you and should force creditors to verify your identity. Finally, it’s important to file your taxes early, before a scammer potentially can. Source: Equifax , FTC

View article:
Equifax tries to explain its response to a massive security breach

Nevada site bug leaks medical marijuana applicant data

Nevada residents applying to sell medical marijuana got just got an unpleasant surprise. The state’s Department of Health and Human Services has confirmed that a vulnerability in a website portal leaked the data of more than 11, 700 applicants, including their driver’s license and social security numbers. Officials have taken down the relevant site until they fix the flaw, but there’s a concern that fraudsters might have seen the info and used it for malicious purposes. The scale of the leak might be modest. A spokesperson tells ZDNet that the data represented just a “portion” of one data base among several. And when Nevada voted to legalize medical marijuana in 2000, it’s possible that some of the information is outdated. Even so, this underscores a common problem with government data: frequently, agencies are their own worst enemies thanks to avoidable security holes and imperfect policies. Source: ZDNet

View post:
Nevada site bug leaks medical marijuana applicant data

Acer admits hackers stole up to 34,000 customer credit cards

If you bought an Acer device from the company’s store in the last year, there’s a chance that your credit card info was hijacked. The Taiwan-based company informed California’s attorney general that attackers made off with the “name, address, card number, expiration date and three-digit security codes” of users between May 12, 2015 and April 28, 2016. It sent form letters to the 34, 500 affected customers, all of whom are in the US, Canada and Puerto Rico. The theft isn’t particularly large and no social security numbers were taken. However, it’s one of the few we’ve seen involving a major PC company’s online store. Acer hasn’t yet revealed how it happened, but such breaches are usually a result of employees opening infected email, not any fancy hacking . While the breach was still ongoing, Acer recently held an event to reveal its latest laptops and desktop computers. If you bought something from its stores soon after, you may want to ensure that your credentials weren’t stolen. Via: ZDNet Source: US Attorney General

Read More:
Acer admits hackers stole up to 34,000 customer credit cards

US Army National Guard reveals they, too, recently suffered data breach

The compromised data includes Social Security Numbers, Dates of Birth, and Home Addresses. Read the rest

See more here:
US Army National Guard reveals they, too, recently suffered data breach