breach

Yale oversight exposes 43,000 Social Security numbers

Names and Social Security numbers of 43,000 Yale University students, faculty, staff, and alumni were accessible via the Google search engine for about 10 months, according to the school newspaper.

The problem was discovered June 30 and university officials disclosed it on August 12, offering affected individuals two years of free credit monitoring and identity theft insurance even though they said there was no indication that the information had been exploited, the Yale Daily News reported last week.

The data, mostly belonging to people who worked for the university in 1999, was stored on a file transfer protocol (FTP) … Read more

Hackers strike government cybersecurity contractor

Hackers flying the AntiSec banner today released what they said was 400 megabytes of internal data from a government cybersecurity contractor, ManTech, as part of their campaign to embarrass the FBI every Friday, as well as target other government agencies and their partners.

"Today is Friday and we will be following the tradition of humiliating our friends from the FBI once again. This time we hit one of their biggest contractors for cyber security: Mantech International Corporation," the hackers said in a statement on PirateBay.

"What ManTech has to do with the FBI? Well, quite simple: In … Read more

Report: Breach exposes data of 35 million S. Koreans

Personal information of 35 million South Koreans has been compromised as a result of a hacking attack on the company that runs the country's biggest social network and a major Web search engine, according to reports.

SK Communications, which operates the Cyworld social-networking site and the Nate portal site, said today that the hacking and exposure of names, phone numbers, e-mail addresses, resident registration numbers, and passwords, originated from malicious code that appeared to come from China, The Korea Herald reported.

"The company has confirmed that a leak of customers' information has taken place due to hacking on … Read more

Anonymous, LulzSec spawn 'one of worst' quarters

Cyberattacks from Anonymous and LulzSec and breaches against everyone from Sony to Lockheed Martin turned the second quarter into "one of the worst on record," according to a new report from Panda Security.

Released this week, Panda's second-quarter report (PDF) examined the security landscape from April to June and highlighted a string of alarming incidents.

Pointing to the attacks by Anonymous and LulzSec against the likes of Sony, the U.S. Chamber of Commerce, the Spanish police, and several government sites, Panda said that the line between "hacktivism" and criminal behavor has gotten fuzzier.

Panda clearly questioned the methods of the new breed of hackers, saying that Anonymous calls its actions "peaceful protests," even though such actions are illegal. Also mincing no words with LulzSec, Panda said that "if you took the most irresponsible and brainless members of Anonymous and put them all together, they would be considered the most refined gentlemen compared to LulzSec."

Though LulzSec recently announced that it would be ending its attacks, the group urged other hackers to carry on the fight via operation Anti-Security, or AntiSec.… Read more

Washington Post says job seeker data was breached

About 1.27 million user IDs and e-mail addresses belonging to people looking for employment on The Washington Post Jobs Web site were affected by a data breach last week, the newspaper says.

"We discovered that an unauthorized third party attacked our Jobs website and was able to obtain access to certain user IDs and e-mail addresses. No passwords or other personal information was affected," the company said in a notice on its site. "We are taking this incident very seriously. We quickly identified the vulnerability and shut it down, and are pursuing the matter with law … Read more

Report: Morgan Stanley warns 34,000 clients of data breach

Morgan Stanley Smith Barney has warned 34,000 customers that their addresses, account and tax ID numbers, and other data--including Social Security numbers for some--may have been stolen, the Credit.com news site reported today.

The data was reportedly on two CD-ROM discs that were password-protected but not encrypted, according to two letters Morgan Stanley sent to customers on June 24. The package containing the CDs was intact when it arrived at the New York State Department of Taxation and Finance but the CDs were missing when the package arrived on the desk of its intended recipient, Jim Wiggins, a … Read more

PSN, Qriocity back online in Japan Wednesday

This week Sony's home turf becomes the final country to regain access to PlayStation Network and Qriocity after a cyberattack in April forced the company to rebuild its security system.

Sony said Monday that it will fully restore PSN and Qriocity to its customers in Japan tomorrow. This follows Sony doing a "phased" restoration of access to some services in Japan at the end of May.

Sony was forced to shut down the security of PSN and Qriocity after a cyberattack on the network in mid-April compromised the personal data of more than 77 million customers. Sony … Read more

For Hulu, Facebook Connect becomes a security headache

Hulu acknowledged this afternoon that an attempt to integrate itself with Facebook didn't go exactly as planned.

Far from aiding the "entire social experience," which the video streaming service had promised in its announcement earlier in the day, the attempted integration allowed some Hulu users to access other users' accounts.

In a followup blog post this afternoon, Hulu Vice President Richard Tom said the security breach was the result of a programming error, not malicious activity, and did not expose passwords or credit card numbers.

"When we launched our Facebook Connect feature early this morning, we … Read more

Sony: Brand perception 'clearly improving again'

Sony CEO Howard Stringer had an upbeat attitude during his company's annual shareholders meeting today, saying that the company's brand is on the upswing following the PlayStation Network security breach.

"Our brand perception, you'll be happy to know, is clearly improving again," Stringer told investors during the meeting in Tokyo, according to the Associated Press. He went on to point out that 90 percent of Sony's PlayStation Network users have come back to the service.

Stringer also sees Sony's online services as an engine of growth despite those attacks, according to Bloomberg.

The … Read more

Anonymous ready to roll in post-LulzSec world

Anonymous is picking up where the apparently disbanded LulzSec left off.

The hacking organization released information to the Web last night that came from the Cyberterrorism Defense Initiative's Security and Network Training Initiative and National Education Laboratory (Sentinel) program. The Sentinel program is administered by the U.S. Department of Homeland Security and the Federal Emergency Management Agency (FEMA) to "educate technical personnel in cyberterrorism response and prevention."

The Sentinel training program was designed for workers in public safety, law enforcement, state and local government, and public utilities. Health care professionals and employees at colleges and universities … Read more