Georgia Tech Data Breach Potentially Exposed 1.3M Users’ Personal Data

Given the in-state free tuition program in Georgia and the sheer number of applicants Georgia Tech receives each year, this breach could be quite significant and wide reaching.  This is yet another example of a large data repository with PII that many people never even consider when managing the safety of personal information.

https://www.tripwire.com/state-of-security/security-data-protection/georgia-tech-data-breach/

TikTok to pay record fine for collecting children’s data

This is a noteworthy fine, both in terms of the overall enforcement of the COPPA Act and as a general wake up call for parents.  Privacy and data loss concerns surrounding social media are very real and affect children and teens everyday.  Better situational understanding is needed and precautions are warranted.

https://nakedsecurity.sophos.com/2019/03/04/tiktok-to-pay-record-fine-for-collecting-childrens-data/

TurboTax Hit with Cyberattack, Tax Returns Compromised

We are in the heart of tax season, so a compromise of this type and significance is particularly concerning and timely.  Please take note and manage your identity information and review process carefully, especially if you use or have used this service in the past.

https://www.darkreading.com/threat-intelligence/turbotax-hit-with-cyberattack-tax-returns-compromised/d/d-id/1333954

Breached Virginia Bank Struggles to Recover Losses – Hit Twice in 8 Months

This is an interesting case, and many will be very interested to see how this plays out in the legal system.  It is also a great example of the potential pitfalls of relying on cyber insurance to “protect” against cyber crime.  It is unknown how much effort and expense the bank has invested in cyber protections, so it is unfair to judge the overall outcome of this breach.  A big thank you to Mr. Krebs and the team at KnowBe4 for covering this story and sharing their insights.

https://krebsonsecurity.com/2018/07/hackers-breached-virginia-bank-twice-in-eight-months-stole-2-4m/

https://blog.knowbe4.com/breach-you-once-shame-on-you.-breach-you-twice-still..-shame-on-you

Hitherto unknown marketing firm exposed hundreds of millions of Americans’ data

There is no scenario where the phrase “stored and accessed online” should not be accompanied by the phrase “protected by or behind a firewall”.  This potential breach is yet another reminder that we all have a responsibility to protect and safeguard individual and customer data, especially in an online environment.  There really are no exceptions.

https://www.tripwire.com/state-of-security/security-data-protection/hitherto-unknown-marketing-firm-exposed-hundreds-of-millions-of-americans-data/

Panera Bread Slammed After Keeping Massive Data Leak Quiet for Eight Months

No only is this yet another example of a significant breach of personal customer information, but it appears Panera worked very hard cover up this breach.  Please be diligent in reviewing your personal information if you utilized this service from their website.  Thank you to Mr. Krebs for his excellent reporting.

https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/

https://threatpost.com/panera-bread-slammed-after-keeping-massive-data-leak-quiet-for-eight-months/130921/

FedEx S3 Bucket Exposes Private Details on Thousands Worldwide

This is sad on so many levels.  These types of bucket breaches are far too frequent and far too costly in terms of data exposed.  There needs to be a better policing mechanism and businesses need to work on more effective security migration strategies when acquiring other organizations.

https://www.infosecurity-magazine.com/news/fedex-s3-bucket-exposes-private/

https://gizmodo.com/119-000-passports-and-photo-ids-of-fedex-customers-foun-1823035669