This Week's InfoSec Newsletter - Dec. 23

Dec 23, 2021 8:34:00 AM | Weekly Report This Week's InfoSec Newsletter - Dec. 23

In our last incident report of 2021, cell services, government password sharing, and more.

In our last incident report of 2021, we break down what happens when the government shares your passwords with a third party, and why you might want to reconsider which company you use for your cell phone service.

🏥 That hit a nerve

Over 535,000 patients of the Texas Ear, Nose and Throat Specialists ("Texas ENT") medical group had their personal data compromised after unauthorized parties gained access to the company's computer systems. While the PII compromised was rather expansive, including patient names, procedure codes, and Social Security numbers, no medical records were taken. Texas ENT has mailed letters to impacted customers, and has reported the breach to the US Department of Health and Human Services.

Read the full story

 

🎮 Cheat codes

Video game developer Ubisoft has announced that a recent data breach has compromised the personal information of players of Just Dance. Resulting from a server misconfiguration, the breach enabled unauthorized access to such player information as profile and device IDs as well as video recordings that users would have saved publicly for sharing on social media, or within the Just Dance community. So not too much to worry about on the PII front, but a serious issue nonetheless. Ubisoft has confirmed that the issue was “quickly resolved”.

Read the full story

 
🤼 Knockout

Pro Wrestling Tees, a website that sells—you guessed it—pro wrestling merchandise, has begun informing customers that it got knocked out by a data breach last month. The online retailer wrote in its letter to customers that some credit card numbers were compromised, and that it was initially made aware of the attack by communication from law enforcement. Pro Wrestling Tees is offering complimentary identity theft protection services to those impacted and has set up a telephone hotline.

Read the full story

 

🔐 585 million passwords

In what may seem like a rather unusual move, the UK’s National Crime Agency ("NCA") has shared more than 585 million compromised passwords with Have I Been Pwned ("HIBP"), the data breach monitoring service. The passwords, collected during investigations by the NCA’s National Cyber Crime Unit (NCCU) were shared with HIBP in order to help “individuals and companies worldwide seeking to verify the security risk of a password before usage”. Troy Hunt, the founder of HIBP, goes more in-depth on this story on his blog, adding that the FBI will also take part in sharing compromised credentials.

Read the full story

 

📱 Sorry, you're breaking up

Verizon, America’s largest wireless network carrier, is looking to convince its 120 million customers that sharing all of their data with the company in exchange for rewards and a more personalized experience is a good idea. If you are a Verizon customer, here’s what you should do: opt out. The program, called Custom Experience, records web browsing and app activity as well as location data of any opted-in customer. To opt-out, change your settings within the “Manage privacy settings” of your My Verizon app, or on the Verizon website.

Read the full story

 

Want to receive this newsletter weekly? Subscribe for the latest news on data breaches and privacy legislation.