Reading Time: ~ 2 min.
Point-of-Sale Breach Targets U.S. Cannabis Industry
Late last month, researchers discovered a database owned by
the company THSuite that appeared to contain information belonging to
roughly 30,000 cannabis customers in the U.S. With no authentication, the
researchers were able to find contact information as well as cannabis purchase
receipts, including price and quantity, and even scanned copies of employee and
government IDs. Though many of the records were for recreational users, medical
patients were also involved in the breach, which could prompt additional investigations
regarding HIPAA violations.
Ransomware Attack Shuts Down Florida Libraries
At least 600 computers belonging to the library
system of Volusia County, Florida were taken offline after falling victim
to an unconfirmed ransomware attack. While the libraries were able to get 50
computers back up and running, many of their core functionalities are still
offline for the time being. Though officials still have not confirmed that
ransomware was the cause of the shutdown, the attack is similar to ones
targeting multiple California libraries less than a week earlier.
UK Government Allows Gambling Firms Access to Children’s Data
The Information Commissioner’s Office (ICO) was recently
informed of a data breach
that could affect nearly 28 million students in the UK. A gambling firm was
apparently given access to a Department for Education database by a third-party
vendor to complete age and ID verification, though it is unclear just how much
information they were gathering. Both firms and the Department for Education
have begun examining this breach to determine if this requires a full GDPR
International Law Enforcement Efforts Take Down Breach Dealer Site
In a combined effort from multiple law
enforcement agencies in the U.S. and Europe, two individuals who operated a
site that sold login credentials from thousands of data breaches were arrested.
Immediately following the arrests, the domain for WeLeakInfo was taken down and
all related computers were seized by police, who then promptly put up an
official press release and request for any additional info on the site or
owners. WeLeakInfo, which boasted access to over 12 billion records, was
originally hosted by a Canadian company, but was quick to employ Cloudflare to
continue their nefarious dealings privately.
UPS Store Exposes Customer Data
UPS Stores across the U.S. fell victim to a phishing attack that compromised
sensitive customer information over the last four months. This incident stems
from a malicious phishing attack that allowed some individuals to compromise store
email accounts, which then allowed access to any documents that had been
exchanged between the accounts and customers, from passports and IDs to
financial info. Fortunately, UPS has already begun contacting affected
customers and is offering two years of credit and identity monitoring.