Remember when it was announced that more than four million federal employees in the country were part of a massive data breach last month? Well, turns out that was just one of two rather large data breaches to hit the Office of Personnel Management, with the newly announced second, larger hack affecting upwards of 21 million current and former employees, as well as prospective employees, their families and others who applied for federal background investigations in the last 15 years. [More]
There are millions of federal employees in the country, and not just in Washington, DC. The government is a big bureaucracy and a big employer — and that makes it a nice, juicy target for a big data breach. [More]
Anthem Says Data From As Far Back As 2004 Exposed During Hack, Offering Free Identity Theft Protection
A week after health insurer Anthem announced that it was the latest victim of a security breach, the company revealed that hackers had access to tens of millions of customers’ data going back as far as 2004. [More]
Any data breach is bad, but the more personal they are — and the more widespread — the worse. And by both metrics, the hack just announced by major health insurer Anthem is particularly terrible. [More]
Amidst concern from users and industry trade groups over private information changing hands between WhatsApp and its new overlords at Facebook, the wireless messaging service’s CEO and founder is attempting to assuage fears in a new blog post promising that the company won’t sell users out. [More]
As if it wasn’t bad enough that 10 million credit card numbers may be at risk due to a hacker’s takedown of PlayStation Network, Sony is also facing a data hemorrhage on another front. Sony Online Entertainment — maker of EverQuest — confirmed another data breach has left 12,700 non-U.S. credit card numbers and 10,700 bank account numbers exposed. [More]
If you’re unhappy with the latest Facebook privacy settings but don’t want to kill your account completely, ReadWriteWeb has highlighted two services–both Facebook apps–that might give you back some control. They’re not perfect solutions, though. The Green Safe app scrapes all your data into a stand-alone tab that only your friends can access, but it also means a third-party developer will replace Facebook as your data holder (the app will use your data to serve ads as well). The Give Me My Data app lets you export all of your Facebook content so that you don’t lose anything if you disconnect your profile from Facebook’s pages. [More]
We’re starting to think Amex doesn’t take this whole “data security” thing very seriously. First they confused a customer, and us, a few months ago with their random confirmation phone call, where they demanded a customer turn over bank account information over the phone without giving him a way to verify they were really Amex. Now a reader says the company has “for years” been sending him someone else’s account info via email, including the customer’s name and the last 5 digits of his account number. J.R. writes, “Seriously, I’ve seen better security on a video game forum.”
“Lisa” writes, “I recently found out that I was a victim of identity theft.” What shocked her, and us as well, is that after Capital One notified her that they’d approved the card with another address, they followed up by sending their fraud claim to the criminal’s address instead of Lisa’s.
People! Always wipe your cell phone before you sell it, give it away, or trade it in. Do not assume or expect that someone else will do this for you! This was just one of the mistakes that led to Rachel Swanson being called by strangers several weeks after she thought she donated her old phone to charity. But the store that handled the donation, and the company responsible for actually processing the donated phones, screwed up their parts, too. Here’s how it was supposed to have work, and what you should always do before donating your phone to any organization.
Google has announced that they’re shortening the duration that they keep personal data on users from 18 months to 9 months. Yay! “It’s no big deal—we’ve already got more personal info on you than we know how to monetize,” said a Google official in a totally fabricated (yet plausible) statement. [Reuters]
Gmail recently rolled out a change to its settings, where now you can permanently turn on SSL encryption. Do it now—your personal data will thank you for it. Besides, it’s going to get a lot easier to hack Gmail sessions very soon, because some guy is planning on releasing a hacking tool to the public in order to force Google to implement better security. [monkey_bites]
Stein Mart was caught “printing expiration dates and/or more than the last five digits of credit cards on receipts,” and was subsequently hit with a class action lawsuit for exposing sensitive customer data. Now they’ve settled by agreeing to run coupons in local newspapers. It gets better: instead of a flat 20% off coupon, the store is requiring minimum-purchase amounts that reduce the savings if your purchase falls between the arbitrarily set thresholds.
- $10 off a purchase of $50 or more
- $20 off a purchase of $100 or more
- $30 off a purchase of $150 or more
We need a new federal law that says class action lawyers have to be compensated in the same manner as their clients. Give those hard working guys and gals some $30-off coupons, please!
Remember TJX’s gigantic security breach problems last year, where data on 94 million accounts was stolen? Good for you, because apparently TJX doesn’t. A former employee of a TJX store in Lawrence, Kansas was fired recently for posting anonymous complaints online about the current sorry state of his store’s security, which included the store manager writing server login and password information on a sticky note, and the store resetting employee passwords to blank fields.
Pssst, wanna make an easy $20? Just give all your bank account and personal data over to ConsumerSay, a consumer opinion and behavior tracking firm owned by Lightspeed Research. Jen, who sometimes fills out surveys for freebies and cash, got an email from them offering her $20 for only 5 to 10 minutes of her time. Oh, and all of her financial transaction data.
Computerworld is reporting that “a series of SQL injection attacks” on a third-party e-commerce company’s servers has compromised the personal data of customers who shopped at Major League Soccer’s MLSgear.com website. One affected customer told us he received a letter from MLSgear.com letting him know what had happened and offering him free credit monitoring services for a year, which is apparently the standing corporate response to personal data theft.