Employee responsible Vodafone customer data leak

Vodafone’s customer records were able to be accessed on the company’s online database after a breach of security.

The company says it is resetting passwords every day to make sure the system is secure. But its  probably an employee responsible for sharing a password that allowed personal information to become available on the internet.
It is unknown how many people have been affected.
Vodafone chief executive Nigel Dews says the company will refer anyone caught to the Australian Federal Police.
“It could be someone who works in our stores or one of our dealers,” he said.
“If that’s the case, we will come down with the full force of the law.
“People know and understand and are well trained in our procedures and protocols and it’s very important they aren’t breached.”
Mr Dews says an investigation is underway and a report will be issued today or tomorrow.
“I don’t want to speculate about the outcome of the investigation, but I do want to reassure our customers that we are investigating quickly and thoroughly,” he said.
“If there are things that we can do to make our data safer, we will implement those with the highest priority.”

Google – Data liberation front

The Data Liberation Front is an engineering team at Google whose singular goal is to make it easier for users to move their data in and out of Google products.  We do this because we believe that you should be able to export any data that you create in (or import into) a product.  We help and consult other engineering teams within Google on how to “liberate” their products.

Find more information on how you can liberate your personnal data from Google services and apps:

http://www.dataliberation.org/

http://dataliberation.blogspot.com/

http://twitter.com/dataliberation

100 Leaked Body Scans

First ever: “body scanners” images have been made public following a Gizmodo investigation which has revealed 100 of the photographs saved by the U.S. Marshals operating “improperly” a Gen 2 millimeter wave scanner from Brijot Imaging Systems, Inc.. The machine in the Orlando, Florida, courthouse had saved images of the scans of public servants and private citizens.

Full article on Gizmodo (including all images) available here

Tokyo police leaked data

Tokyo – Japan

Internal documents on terrorism investigations by the Metropolitan Police Department may have been leaked on the Internet via file-sharing software, according to police sources.

The documents are likely part of those compiled by a section in charge of investigating international terrorism in the MPD’s Public Safety Bureau, the sources said.

The documents found online reportedly include investigative data and contain personal information on people who are believed to be ordinary citizens.

The MPD was investigating the route of the suspected leak and trying to confirm whether the documents are genuine and if they had been compiled by the section.

According to a senior MPD official, the documents found on the Internet include a list of section members and investigative documents. The documents, which were in the form of data files, are accessible to anyone on the Internet.

The alleged leak came to light Friday night with a tip from an outsider. “At least,” an MPD official said, “judging from the contents, they [the documents] are not recent.”

The section in question was established in October 2002 in the wake of a series of international terrorist attacks, including the Sept. 11, 2001, attacks on the United States.

Currently, the section is gathering information about international terrorism in preparation for the summit meeting of the Asia-Pacific Economic Cooperation forum to be held in Yokohama in November.

In 2007, investigative documents were found to have been leaked from a privately owned personal computer of a senior MPD police officer.

The MPD has since prohibited all members from using file-swapping software.

“We are investigating the contents of the allegedly leaked documents,” a senior MPD official said. “I can’t comment on details now.”

 

More information available here

Like Facebook, MySpace Apps Also Leak Personnal Data

The Wall Street Journal caught MySpace leaking user data through apps.
Who does that sound like, huh? Who got caught by The Wall Street Journal just a few weeks ago doing the same thing? Facebook of course.

The data on the MySpace app allows the app owner to get the user id of the players which can lead to them discovering things like the user’s actual MySpace name and photos(the stuff you can see anyway if you visit anyone’s page on MySpace).

Funny to notice: its the parent company of The Wall Street Journal which owns MySpace ….

Facebook caught 'red handed'‎ in privacy breach

Many of the most popular applications, or “apps,” on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people’s names and, in some cases, their friends’ names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found.

The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings. The practice breaks Facebook’s rules, and renews questions about its ability to keep identifiable information about its users’ activities secure.

Full story available here

ACS firm, fighting for copyright law enforcement leak few emails

The firm

ACS:Law, the infamous law firm which has been sending out dubious letters threatening to take people to court for file sharing, has had a massive database of its emails leaked onto the web.

The leak

The ACS:Law web site was taken down by a denial of service (DDoS) attack earlier in the week.Someone discovered that before the site was restored a backup file containing the emails had been left in an open directory. Inevitably this was downloaded and widely distributed on file sharing networks(torrent network file sharing).

The collection includes the incoming and outgoing emails of Andrew Crossley and his employees, complete with attachments, and contains masses of information about how ACS:Law goes about its business and how much money it makes, plus embarrassing personal details.

The content

The leak reveals Crossley discussing how he might buy a Ferrari (he decides on a less impressive Jeep in the end) and talk about how the company can most efficiently track and record the thousands of alleged offenders, with an amusing exchange where he thinks two people can process 200 cases a day and is politely informed by an employee that they would have to work without breaks to achieve this target.

There are abusive emails to his ex-wife, personal contact details, passwords to Paypal and other sites, and it also appears that Crossley is a fan of loopy conspiracy theorist David Icke. Perhaps those inter-dimensional lizards are also guilty of file sharing?

More seriously there is discussion about how they could “scare” people into paying by pursuing them directly, and allegedly an email with attached file containing the names and addresses of thousands of Sky broadband users (plus the names of pornographic movies they’re supposed to have downloaded) which if true constitutes a serious breach of the data protection act.

All data (365Mo file large) available here

Whole story available here

Nasdaq reveal DuPont suffers data leak

A senior DuPont (DD) executive said Tuesday that the company suffered an internal data leak that led to charges against a staffer at the diversified science group.

Doug Muzyka, chief science officer, said the employee had pled guilty to the unspecified leak, with more details to be revealed in the coming weeks.
http://www.google.com/finance?q=NYSE:DD

Original post

Credit card holder data stolen for 3400 customers

HEI Hospitality, which owns and operates a range of high-end hotels including the Marriott, Sheraton and Westin, has sent letters to around 3,400 customers to reveal that their credit card data may have been stolen or compromised.

It was revealed by the firm that an intrusion into point-of-sale systems at a handful of its properties earlier this year could have allowed cardholder data to be illegally accessed.

It is believed that the intrusion could have exposed a large amount of information to hackers, including credit card types, numbers, expiration dates and security codes.

Yet while the file security issue is one of grave concern, a representative from HEI confirmed last week that there seem to have been no reports of any information being misused, with the chain keeping a close eye on developments over the coming weeks.

Last week, Greater Manchester Police concluded that a USB stick found outside of their station did not, as the Daily Star claimed, contain anti-terror information after it was analysed by the force.

Data leak – pensioners’ personal information exposed

Last week some 22,000 retired Delaware governmental employees opened innocuous looking letters informing them, in boldface type, that their Social Security numbers and their Birth Date were posted on the Internet for four days, viewable to anyone in the world including those who would use the information to commit fraud.

More details available here