Archive for the ‘PII’ Category

Still available via Google Analytics: Data slurped from 4 million browsers

July 24th, 2019
Still available via Google Analytics: Data slurped from 4 million browsers

Enlarge (credit: Aurich Lawson / Getty)

Six days after Ars revealed an online service selling links to tax returns, prescription refills, and reams of other sensitive information collected from more than four million browsers, the data remains available to existing customers—thanks, in part, to essential assistance from Google Analytics.

In a July 11 email, Nacho Analytics founder and CEO Mike Roberts told customers the site suffered a permanent data outage after its third-party supplier was no longer available. The site would no longer accept new customers or provide new data, he said, but customers who kept accounts open would still be able to access any existing data they bought previously.

As the redacted screenshots below demonstrate, the existing data is imported directly into customers’ Google Analytics accounts. That existing data can include the same sensitive information that led to Nacho Analytics being shut off in the first place. The first image shows the names of medical patients who obtained lab results through a Dr. Chrono, a patient care cloud platform that contracts with medical services. The one below that shows non-public project management issues taken from inside Tesla’s network, funneled to Nacho Analytics, and then imported into Google Analytics.

Read 7 remaining paragraphs | Comments

Posted in Biz & IT, data, personally identifiable information, PII, Privacy | Comments (0)

EPIC files restraining order to block voter fraud commission’s data swoop

July 7th, 2017

States join EPIC in pushing back against president’s call for voter data amid concerns about scope and security of the request

Posted in Donald Trump, identity fraud, identity theft, Law & order, PII, Presidential Advisory Commission on Election Integrity, voter fraud | Comments (0)

In-Flight Entertainment System Flaws Put Passenger Data at Risk

December 20th, 2016

IOActive researchers disclosed vulnerabilities in Panasonic Avionics In-Flight Entertainment systems that could be abused to manipulate flight data shown to passengers, or steal their personal information.

Posted in aircraft security, credit card data, IOActive, Panasonic Avionics IFE, PII, Ruben Santamarta, vulnerabilities | Comments (0)

Let’s Encrypt Accidentally Spills 7,600 User Emails

June 13th, 2016

Certificate authority Let’s Encrypt blamed a bug for accidentally disclosing the email addresses of a couple thousand of its users this weekend.

Posted in email addresses, Leaked emails, Lets Encrypt, PII, Web Security | Comments (0)

CBS Sports App Transmitted Data Unencrypted

April 13th, 2016

CBS recently fixed a vulnerability in its popular Sports application that could have exposed users to man-in-the-middle attacks and inadvertently leaked personal data.

Posted in CBS, CPS Sports, data leakage, Mobile Security, PII, unencrypted, vulnerabilities | Comments (0)

HIV dating app leaks sensitive user data, threatens infection when alerted

December 16th, 2015

Hzone threatened to infect the admin for a site that planned to write about its week-long spillage of a laundry list’s worth of PII.

Posted in Chris Vickery, CSO, Data leak, data leakage, data loss, DataBreaches.net, Dating Apps, Hzone, MongoDB, online dating, PII, responsible disclosure, Security threats, Tinder, Vulnerability | Comments (0)

ID thief who scooped data on 200 million Americans jailed for 13 years

July 15th, 2015

Hieu Minh Ngo whose websites put personal information on over 200 million US citizens up for sale has been sentenced to 13 years in prison.

Posted in data loss, Experian, Featured, Hieu Minh Ngo, identity theft, Law & order, PII, Security threats, Tax Fraud, US Department of Justice | Comments (0)

Twin prodigies-turned-hackers face long jail terms after pleading guilty

July 1st, 2015

The youngest ever to graduate from George Mason University, they put their talents to use at schemes like inflating gift card value and stealing credit card data.

Posted in Featured, George Mason University, Gift Cards, guilty, keylogger, Law & order, Muneeb Akhter, PII, prodigies, Sohaib Akhter, State Department | Comments (0)

US regulator says Anthem “refuses to cooperate” in security audit

March 9th, 2015

Anthem, the health insurance giant that recently suffered a massive data breach, is “refusing to cooperate” with US regulators attempting to conduct vulnerability scans and configuration tests on its IT systems.

Posted in Anthem, Blue Cross, Blue Shield, data breach, data loss, Featured, firewall, health insurance, healthcare, identity theft, Law & order, PII, US Office of Personnel Management, vulnerability testing, WellPoint | Comments (0)