December 7, 2017
Stanford, Rutgers Data Breaches Expose Employee and Student Info – California and New Jersey, United States
Data breaches have been discovered at both Stanford University and Rutgers University, exposing personal records of thousands of faculty members and students. At Stanford, a misconfiguration of permissions on file-sharing platforms is to blame for several data breaches. A student staff member of the Stanford Daily discovered a data breach and reported it to campus privacy authorities on November 9. The student was able to access unidentified sexual assault reports which were being collected under the Clery Act from 2005 to 2012. The data was stored on the Andrew Filed Sharing platform and was accessible to any AFS user, including those outsides of Stanford. While the University Privacy Office and the Graduate School of Business IT teams investigated the November 9 exposure, they discovered a file on November 21 which contained names, birthdates, Social Security numbers and salary information for nearly 10,000 non-teaching university employees from an August 2008 snapshot. Confidential financial aid information for MBA students was accessible as well. Although the school says it has no “direct evidence” that the personally identifiable information was accessed, notification letters were sent to all potentially impacted employees and students. The school is also offering credit monitoring and fraud protection services. School officials say they will put in place automated periodic permissions and file content scanning as well as regular manual reviews by content owners. Content owners will also be required to complete an awareness and training program.
Mad River Township Fire and EMS in Enon Had Their Data Hacked and Encrypted with Ransomware – Ohio, United States
The Mad River Twp. Fire and EMS station is without years of data after its server was breached and encrypted with ransomware. Chief Elmer Beard said the virus was found in August and the department has tried to work out solutions to get the information unencrypted. The hackers demanded payment for the information in Bitcoin, which translates to thousands of dollars he said. The data impacted is from information collected by officials when residents used EMS or fire services, Beard said. “It is unknown as to how many individuals would have been affected had the data been transferred from the server. Since the data breach, we have been working with our IT vendor to improve the security on our server and network.” It does not appear information was stolen, he said, instead the hackers encrypted the data, so no one can read it. The department elected not to pay the ransom because they were unsure if they would actually get the information back, Beard said.
TSA Tightens Security Ahead of Holiday Travel – New York, United States
Thousands of Americans plan on traveling this holiday season, and airport security is tighter than ever. The Transportation Security Administration is just doing its job to ensure nothing suspicious gets on a flight. But around the holidays, that security can sometimes be overbearing, according to some flyers. “To me, it was terrible,” Georgia Dixon said. Dixon has diabetes and was hoping she could board her flight with small items to keep her feeling well. “Some candy; some juices.” But most of her items had to be thrown out. “I was upset,” she said. “I was annoyed. I started swearing.” With the holidays approaching, more people than ever will be packing extra luggage, including gifts for loved ones. Lee Hood said he doesn’t wrap his presents when making a trip. “I think TSA would rip them all up,” he said. And he might be right. TSA said that if an item is wrapped and they can’t identify it through an X-ray, they’ll take it out and unwrap it. Baked goods like cookies or pie is another thing TSA will double check if it’s being brought on a flight. Be prepared for them to swab the outside of the item to ensure you aren’t concealing anything inside.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, please subscribe.