Here's a roundup of this week's data breach news:
Kmart – Last Friday, Kmart slipped the news that the retailer had been the latest victim of a credit card breach into a late afternoon SEC filing. Soon after, Kmart released an official statement and posted information for customers on its website. Kmart believes the breach began in early September, and customer credit card numbers were stolen, while the number is not yet known. Per usual, the retailer is apologizing and offering free credit monitoring to affected customers.
POODLE – While two recent vulnerabilities have had dramatic names like Shellshock and Heartbleed, the latest big vulnerability to gain public attention has a much less threatening name—POODLE—which stands for Padding Oracle on Downloaded Legacy Encryption. Perhaps appropriately, POODLE is thought to be less serious than Heartbleed. It allows hackers to watch your web browsing if you’re using SSL version 3, an outdated encryption standard used on some browsers. The vulnerability affects clients rather than servers, allowing someone to hack another person on the same wireless network, if that person is running a web browser with SSL v3. The vulnerability was discovered by Thai Duong, Bodo Moller and Krzysztof Kotowiczi, three
Oregon Employment Department – Social Security numbers belonging to more than 850,000 individuals who were job searching with WorkSource Oregon may have been compromised in a breach to the Oregon Employment Department’s website. The OED discovered the breach on October 6, thanks to an anonymous tip received concerning a vulnerability on the OED’s WorkSource Oregon Management Information System (WOMIS) website. In response, the OED shut down the website for the day and is continuing to investigate.
UC Davis Health System – All it takes is a single email to end up with a data breach you are mandated to report. At UC Davis, a physician’s email account was hacked, exposing among other correspondence a single email containing the information of 1,326 patients. All those patients are now being notified of the breach. UC Davis’ System IT team spotted irregular account activity at the end of September and investigated, discovering the breach. No Social Security numbers or financial information was compromised, and UC Davis has notified government agencies.
Sausalito Yacht Club – At least 500 members of a California yacht club are being notified that their personal information may have been compromised when a hacker gained accessed to the club’s member roster. The roster contained names, contact information, member numbers, and amounts charged to members’ accounts. And for some, failing to pay their dues to the club became even more costly, as financial information for members who had had overdue balances for more than 60 days was also exposed in the breach. Sausalito Yacht Club is investigating and strengthening its security system.
