Security News

In addition to that portal, data was exposed on several other online dashboards provided the state, including: Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate, and Gun Violence Restraining Order dashboards. The Cali DOJ noted that the dashboards and data were available to the public "For less than 24 hours," and the information exposed included names, dates of birth, gender, race, driver license numbers, addresses, and criminal histories.

LockBit ransomware gang promises bounty payment for personal data. In a new twist on the ransomware game, the LockBit cybercrime group has launched a bug bounty program promising money to people willing to share sensitive data that can be exploited in ransomware attacks.

A Japanese contractor working in the city of Amagasaki, near Osaka, reportedly mislaid a USB drive containing personal data on the metropolis's 460,000 residents. It's unknown how good of a time the man had, but he did reportedly end up passing out in the street, Japanese news source NHK reported the company who employed him as saying, elaborating on an incident report from the Amagasaki city government.

People have become much more sensitive about privacy and are more concerned about who has access to their data, but at the same time they are constantly sharing that information online, whether by logging into a website, by posting something on social media, by creating a new account, etc. In this video for Help Net Security, Nong Li, CEO at Okera, explains what it means for average consumers to share data, what this means in regards to trust, and how that data is going to be used.

A privacy rights org this week lost an appeal [PDF] in a case about the sharing of Bulk Personal Datasets by MI5, MI6, and GCHQ with foreign intelligence agencies. The decision means a contested part of a 2018 ruling by the IPT will stand: that safeguards and rules around data collection between 2015 to 2017 by the state agencies meant that sharing that data was legal - "Compatible with article 8 of the European Convention of Human Rights."

Meyer Corp., maker of Farberware and the largest cookware and bakeware distributor in the U.S., has begun notifying 2,747 employees that a cyberattack that occurred on Oct. 25 compromised their personal data. While the report given to the Maine Attorney General doesn't specifically name the culprit behind the attack, the Conti ransomware group had already announced on its leak site on Nov. 7 it was in possession of the employee data files, according to a report this week on the cyberattack.

The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims. Sites used in these attacks are designed to closely resemble official government platforms to trick the targets into giving away their info, infecting them with malware, and claiming unemployment benefits on their behalf.

An outage affected all of its sites, testimony from a whistleblower this week could put the company back in the legal hotseat, and now it's come out that private and personal data from more than 1.5 billion Facebook users was found for sale on a hacker forum. Reported by privacy research company Privacy Affairs, the data found for sale doesn't indicate that the seller actually broke into Facebook's systems, nor that its data tied to any other data breach.

The UK's Ministry of Defence has launched an internal investigation after committing the classic CC-instead-of-BCC email error - but with the names and contact details of Afghan interpreters trapped in the Taliban-controlled nation. The horrendous data breach took place yesterday, with Defence Secretary Ben Wallace promising an immediate investigation, according to the BBC. Included in the breach were profile pictures associated with some email accounts, according to the state-owned broadcaster.

A cyberattack against T-Mobile has compromised the personal information of almost 50 million people, according to the carrier. In an update posted on Tuesday, the company said that certain customer data had been accessed and stolen by unauthorized individuals and that the data did include some personal information for a wide range of customers.