Security News

The value of PII and how it still fuels malign activities in the digital ecosystem
2021-08-10 03:00

The COVID-19 pandemic engendered new vulnerabilities in the digital ecosystem for threat actors to exploit, resulting in items like vaccines, fraudulent vaccine certificates, and other COVID-19 related items being sold in dark marketplaces and underground forums, a Constella Intelligence report reveals. The research analyzed the value of personally identifiable information, drawing links between the breach economy, PII, and a range of emerging digital threats to executives and brands.

‘I’m Calling About Your Car Warranty’, aka PII Hijinx
2021-08-04 21:34

Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts. Researchers created 300 fake identities, signing them up on 185 legitimate websites ranging from Target to Fox News, with each identity used on a single website.

Skyflow PII Data Privacy Vault ensures regulatory compliance for sensitive data
2021-07-22 02:30

Skyflow launched PII Data Privacy Vault, a zero trust data vault for securely handling sensitive customer information. The PII Data Privacy Vault includes the new Skyflow Data Governance Engine, which enables fine-grained access control to data based on roles, policies, or attributes.

mHealth apps consistently expose PII and PHI through APIs
2021-02-12 05:00

The Knight Ink vulnerability research study details findings, and also notes that the results are particularly worrisome given the increased reliance on mHealth apps during the global pandemic, which in turn is drawing threat actors to mHealth apps as an attack surface of choice. "Observers with Pew Research noted that mHealth apps are now generating more user activities than other mobile device apps such as online banking and job searching. Observers also note that patient IDs and PHI are more lucrative in dark web markets than credit card data."

Redefining PII as We Trade Convenience for Risk in a Contactless World
2020-10-08 17:14

There has long been a tension between our willingness to give up personal information, security and privacy and our desire for convenience. How the security community and policymakers react to this shift will determine whether this expanded concept of PII is simply enabling new forms of consumer convenience, or something more dystopian.

Hacker indicted for stealing 65K employees’ PII in medical center hack
2020-06-22 12:55

A Michigan man has been indicted for the 2014 hack of the University of Pittsburgh Medical Center's HR databases and theft of employees' personal information - information that he allegedly wound up selling on the dark web to crooks who used it to file thousands of bogus tax returns. The theft involved personally identifying information belonging to 65,000 employees from the medical center's PeopleSoft human resources management system.

Amtrak breached, some customers’ logins and PII potentially exposed
2020-06-03 15:09

Amtrak, the national rail service for the US, has suffered a data breach that may have exposed some customers' logins and other personally identifiable information, the service has disclosed. The rewards program enables customers to earn points - by spending on travel, hotels, car rentals and more - that they can then apply to Amtrak purchases.

BigID’s Data Pipeline Discovery solution helps orgs monitor sensitive PII and PI transmission
2019-11-20 03:30

BigID, the leader in data-centric personal data privacy and protection, announced the industry’s first data discovery solution for data pipelines. BigID’s privacy-aware Data Pipeline Discovery...

Senator Demands Review of How DHS Shares PII With Contractors
2019-10-28 13:33

Sen. Maggie Hassan Asks GAO to Scrutinize DHS' Third-Party Security PracticesSen. Maggie Hasan, D-N.H is demanding that the U.S. Government Accountability Office review how the Department of...

Travel database exposed PII on US government employees
2019-10-23 10:32

A property management company owned by hotel chain Best Western has exposed 179 GB of sensitive travel information on thousands of travelers.