Welcome to The Dashlane Tech Check for July 28, 2017–it’s also SysAdmin Day! In this week’s special edition, we’ll you up on the latest advancements in technology, information about the latest security breaches, and we’re providing you with a last-minute gift guide for SysAdmin Day!
Data Breach Alert
Swedish government scrambles to contain the political damage from a massive data leak, which exposed military operatives and more
According to The New York Times, Sweden’s government is scrambling to contain damage from a massive data leak, which has exposed the identities of undercover operatives working for the Swedish police and the Swedish security service known as Sapo. Other exposed information includes names of people working undercover for a special intelligence unit of the Swedish armed forces.
The New York Times also reports that the breach was disclosed after a local newspaper reported that the former director of the Swedish Transport Agency (STA) was fired for negligently handling classified data after outsourcing its IT infrastructure to IBM in April 2015. The STA allegedly did not adopt the proper safeguards to manage huge databases of sensitive information, which included the names of undercover operatives, as well as details about Stockholm’s transportation systems and critical infrastructure, data on government/military vehicles, personal data of Air Force pilots, and much more.
Nearly 6.5 Million records leaked from Kansas state government system
The Kansas Department of Commerce’s employment service suffered a data breach compromising almost 6.5 million records. According to Digital Trends, of those records, approximately 5.5 million records from 10 different states, including Arkansas, Arizona, Idaho, and Vermont contained social security numbers. The data breach was confirmed this past March.
Italy’s UniCredit suffers two cyber attacks in less than 10 months
UniCredit, Italy’s largest lender, was the target of two cyber attacks in the past 10 months, exposing the personal and banking details for approximately 400,000 customers according to The New York Times. It’s currently unclear how the hackers access the data, but UniCredit did confirm the attack was carried out by a third-party partner.
Wells Fargo accidentally leaks records of 50,000 clients
Wells Fargo leaked sensitive documents for at least 50,000 of the bank’s wealthiest customers, exposing their names, social security numbers, and sensitive financial information. According to Engadget, a lawyer for Wells Fargo accidentally sent 1.4 GB of files on a CD to Gary Sinderbrand, a former financial advisor who subpoenaed the company as part of an ongoing lawsuit against some current employees.
Hundreds of companies’ salary information exposed thanks to a Google Groups setting
An audit from a security intelligence firm found that hundreds of companies may have accidentally shared private information due to a setting in Google Groups. Business Insider reports that companies from IBM to Fusion Media Group inadvertently shared personally identifiable information in the publically accessible messages in Google Groups, including sales pipeline data, names, email addresses, street addresses, employee salary compensation and customer passwords. “The companies affected by this issue mistakenly chose the ‘public on the internet’ sharing setting, making all information contained in the messages accessible to anyone on the web,” according to RedLock.
A four-star Kentucky hotel hit by a credit card data breach
The Galt House Hotel in Louisville, Kentucky discovered a data breach potentially compromising guests’ credit card information, according to The Associated Press. The breach is the result of malware in the payment card processing system. Guest staying at the hotel from December 21, 2016, to April 11, 2017, may be affected.
What in the (security) world?
Here’s what made headlines this week in the world of digital identity, security, and privacy:
Cloud-to-Cloud brute force attacks target Office 365 users
According to Infosecurity Magazine, hackers conducted persistent cloud-to-cloud brute-force attacks against high-value Microsoft Office 365 users at 48 different organizations. The attackers strategically targeted several senior employees across several different departments, and attempted to use different versions of employees’ usernames in an effort to log in.
A Wisconsin company offers its staff implants to replace keys and passwords
A Wisconsin company, Three Square Market, is giving employees the option to insert a chip that can pay for breakroom snacks, provide front-door access, and even sign into their PCs. Engadget reports that the company insists the implant is not GPS enabled and all of its data is encrypted and can only be accessed if a hacker gets under your skin–literally. So far, more than 50 employees have volunteered to try the implants.
Happy SysAdmin Day
We want to thank all of the System Admins that work night and day to keep our networks and systems secure, our computers up and running, and our office printers jam-free! Here are a few ways you can show your SysAdmin how much you appreciate them.
Have any thoughts on any of the news I shared? Leave me a comment below and make sure to visit our blog next week for another edition of The Dashlane Tech Check.
Also, don’t forget to follow us on Twitter to always be in the know! In our last Tech Check,$37 million worth of crypto-currency was stolen in two separate hacks in the same week! Here’s how it all went down.