News Stories about Data Loss
--Attackers Breached Dow Jones and Other News Publications for Stock
(October 17, 2015)
According to a Bloomberg news story, Russian cyberattackers breached systems at Dow Jones & Co. and other news organizations to steal information that helped them make lucrative transactions in the stock market. The FBI, the Secret Service, and the Securities and Exchange Commission (SEC) launched an investigation into the breaches more than a year ago. Dow Jones has issued a statement in which they said they had "been unable to find evidence of any such investigation." The breach is considered by sources to be far more serious than the breach Dow Jones Disclosed last week.
--Was CIA Director's eMail Breached?
(October 19, 2015)
Authorities are looking into reports that someone broke into the email account of CIA Director John Brennan. The New York Post published an interview with a high school student who claims to have broken into Brennan's AOL email account and stolen files. The teenager claims he managed to trick Verizon into resetting Brennan's account password.
--Uber Breach Investigation
(October 8, 2015)
Uber is investigating the breach of a database that contains information about the company's drivers. A report from Reuters says that one suspect is Uber rival Lyft. Uber inadvertently posted the database key on a GitHub page before the breach. When Uber realized what had happened, it sent a subpoena to GitHub demanding information about people who visited that particular page during the period the key was visible. Someone using an IP address associated with Lyft's Chief Technical Officer accessed the page. However, that IP address is not the same as the one used in the attack on Uber's database.
--USPS Employees and Phishing
(October 7, 2015)
Just months after US Postal Service employee data were compromised with the help of a phishing attack, 25 percent of a sample of USPS employees fell prey to a compliance and awareness phishing security exercise. Just seven percent of employees who received the suspicious email reported it to the USPS Computer Incident Response Team, which is a requirement.
Most of the employees who received the test email had not completed their annual security awareness training.