DHS issues emergency directive over DNS hacking concerns

(Jan 23, 2019) The U.S. Department of Homeland Security issued an emergency directive over concerns federal agencies could be exploited to gain access to platforms used to manage domain name system records, CyberScoop reports. The agency has ordered federal civilian agencies to secure login credentials for all internet domain records. A compromised DNS server could be used to send users to websites infected by malware. Sources close to the situation state six civilian agency domains have recently been compromi... Read More

Security researcher finds unprotected server containing 108M betting records

(Jan 23, 2019) A security researcher discovered more than 108 million betting records on an unprotected server, ZDNet reports. Justin Paine found an ElasticSearch server with no authentication to protect the information. The exposed data included users’ names, phone numbers, email addresses, account balances, birthdates and browser information. Paine found the server likely belonged to a single entity that managed several online casinos where customers could bet on card and slot games. Meanwhile, BlackRock was... Read More

Hacker threatens incoming missile attack through smart camera

(Jan 23, 2019) A California family discovered their wireless smart-home camera was hacked by an individual who sent a fake warning of an incoming missile attack from North Korea, warning them they had to evacuate, The Daily Dot reports. After an initial panic, the family called 911 to confirm the report, only to find out it was a hoax. Upon calling Nest’s customer service, the family was told their device was likely compromised and was advised to change the password.Full Story... Read More

Bug revealed some users' 'protected' tweets

(Jan 18, 2019) Twitter announced the platform incorrectly revealed some users’ tweets that were designed to be private when using the “Protect your Tweets” setting, TechCrunch reports. A bug affecting Android users disabled the setting, turning “protected” tweets into public tweets. Users who had updated their account between Nov. 3, 2014, and Jan. 14, 2019, may have been impacted by the bug. Upon discovery, Twitter fixed the issue, alerted users, and turned the setting back on.  Full Story... Read More

Woman says sexual trauma history leaked in Nova Scotia FOI data breach

(Jan 18, 2019) A woman who was a victim of the Nova Scotia government’s freedom-of-information website data breach has spoken out after she discovered information on the sexual trauma she suffered as a child was leaked in the incident, CBC News reports. The woman said she originally received nearly 300 pages of documents in February 2018 about her ordeals, about two months before she was informed her data was compromised in the FOI website breach. "The nature of my request had already been about sexual trauma,... Read More

Rose releases report on Health PEI breach

(Jan 18, 2019) Prince Edward Island Information and Privacy Commissioner Karen Rose released her report on Health PEI’s response to the discovery of a former employee who illicitly accessed the records of 353 patients, CBC News reports. Rose noted Health PEI does carry out random audits of employees to determine how they access the system; however, she deemed the audits inadequate after it was revealed the employee continued their inappropriate behavior for three years. "There is room for improvement in their ... Read More

Coalition calls for update to Nova Scotia laws in response to FOI breach

(Jan 18, 2019) The Right to Know Coalition has released a report on the Nova Scotia freedom-of-information data breach, Halifax Today reports. After more information about the breach was released by the privacy commissioner of Nova Scotia, Right to Know Coalition President Michael Karanicolas said the breach had a wider scope than initially reported. Karanicolas added the province's privacy laws need to be updated. "We have [25-year-old] laws that date from just a couple years after the commercial internet was... Read More

NPC to investigate potential passport data breach

(Jan 17, 2019) The National Privacy Commission of the Philippines will investigate a claim from Foreign Affairs Secretary Teodoro Locsin Jr. that stated a terminated contractor had taken the personal data of passport holders, Philstar reports. Meanwhile, an official for the Department of Information and Communications Technology announced it has also started an investigation of the passport data breach, and Sens. Antonio Trillanes IV and Risa Hontiveros have filed separate resolutions urging the Senate to cond... Read More

Data breach exposes 7 years of FBI information

(Jan 17, 2019) Forbes reports that three terabytes of unprotected data from the Oklahoma Securities Commission were discovered by a researcher with cybersecurity firm UpGuard. The data included millions of files, much of which contained sensitive U.S. Federal Bureau of Investigation information dating back seven years, as well as emails dating back 17 years and personally identifiable information. A spokesperson for the FBI said, “Adhering to Department of Justice policy, the FBI neither confirms nor denies an... Read More

Singapore's PDPC administers record fines over SingHealth data breach

(Jan 15, 2019) Singapore’s Personal Data Protection Commission has fined Integrated Health Information Systems $750,000 and SingHealth $250,000 for the data breach that affected 1.5 million SingHealth patients, The Straits Times reports. The penalties are the two largest administered by the PDPC. The agency said in a statement both organizations are responsible for the protection of patients’ information. "Even if organisations delegate work to vendors, organisations as data controllers must ultimately take re... Read More