The Guardian: Major breach found in biometrics system used by banks, UK police and defence firms. “The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.”
CBS News: CBS News investigation finds fraudulent court orders used to change Google search results. “A Google search can reveal negative information about anyone or any company. Since it’s difficult to change those results, many small businesses are paying thousands to so-called reputation management companies to make negative web pages disappear. Much of the work is legitimate, but a CBS News investigation into online reputation management found some companies hired to clean up Google searches appear to be engaging in criminal activity.”
USA Today: Equifax data breach settlement: How to file a claim for $125 or free credit reporting. “If you were affected by the 2017 Equifax data breach, you can now file a claim for a piece of the settlement. The credit-reporting company has agreed to pay between $575 million and $700 million to settle state and federal investigations related to a massive security incident that exposed the personal information of more than 147 million Americans two years ago.” The site includes a form where you can enter your last name and the last six digits of your social to see if you are entitled to claim. I looked myself up and GUESS WHAT….
Krebs on Security: First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records. “The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.”
CNET: Cloud database removed after exposing details on 80 million US households. “In a blow to consumers’ privacy, the addresses and demographic details of more than 80 million US households were exposed on an unsecured database stored on the cloud, independent security researchers have found. The details included names, ages and genders as well as income levels and marital status. The researchers, led by Noam Rotem and Ran Locar, were unable to identify the owner of the database, which until Monday was online and required no password to access. Some of the information was coded, like gender, marital status and income level. Names, ages and addresses were not coded.”
Wired: An Email Marketing Company Left 809 Million Records Exposed Online. “Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed, plaintext marketing data—including 763 million unique email addresses. The pair are going public with their findings today. The trove is not only massive but also unusual; it contains data about individual consumers as well as what appears to be ‘business intelligence data,’ like employee and revenue figures from various companies.”
Michigan State University has developed a smartphone app to help Flint, Michigan residents deal with the Flint water crisis. “Among the app’s features is a ‘find’ operation that allows the user to search for the closest water stations, free water filters and sources of nutritious food, and then pull up a map for directions.”