T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360
At a glance.
- What was the T-Mobile hacker thinking?
- EU cautions against using browser histories in credit assessments.
- IoT security camera bug.
- EskyFun data exposure.
- FBI describes Hive ransomware.
Alleged T-Mobile attacker reveals himself.
A hacker is claiming responsibility for the massive recent T-Mobile data breach, and his review of the cell phone provider’s security systems is less than favorable. John Binns, an American man living in Turkey, told the Wall Street Journal that he used a simple, publicly available tool to penetrate T-Mobile’s “awful” defenses. He scanned T-Mobile’s websites for vulnerabilities then sussed out an unprotected T-Mobile router where he found credentials that granted him access to one hundred of the company’s servers. Binns has not disclosed whether he was paid to carry out the hack or whether he successfully sold the data, but he claims his motivation was not monetary. He says his goal was to “make noise” in order to draw attention to his purported mistreatment by the US government, including an alleged kidnapping that landed him in a “fake” mental institution.
EDPS advises against using internet histories for credit assessment.
The European Data Protection Supervisor (EDPS) has declared that an individual’s personal internet history data should not be used in assessing credit scores, The Record by Recorded Future reports. “[T]he EDPS considers that inferring consumers’ credit risk from data such as search query data or online browsing activities cannot be reconciled with the principles of purpose limitation, fairness and transparency, as well as relevance, adequacy or proportionality of data processing,” the agency asserts. The EDPS also advised against using health data or any other special category of personal data under Article 9 of the General Data Protection Regulation, as it could lead to unfair treatment of consumers. The advisory was in response to a blog post published by the International Monetary Fund last year that claimed examining this sort of data could lead to more accurate credit assessments.
Bug detected in IoT security cameras.
Nozomi Networks Labs has disclosed the discovery of a critical Remote Code…