This Week in Data Breaches: BlackRock, Nest, Google, and FBI Documents
It has been another busy week in data security news with reports on hacks and leaks coming in rapid-fire succession on a near daily basis. From millions of phone logs and text messages being exposed to a massive leak of FBI data in Oklahoma, here we round up the latest in data news.
BlackRock Exposes Confidential Data on 20,000 Advisers
BlackRock, a global investment management firm, has leaked data on 20,000 of its advisers, including their names, email addresses, and other confidential information. The data was exposed in three spreadsheets that were inadvertently posted to the BlackRock iShares website, listing all of BlackRock’s advisers and the amount of assets under their management. As Bloomberg notes, “BlackRock and LPL are the latest financial firms to be ensnared in a data issue affecting a key part of their business...Keeping information secure is an increasingly important issue at financial firms, forcing them to brace against both cyber attacks and human error.”
Read more from Bloomberg.
Oklahoma Government Leaks FBI Documents
According to security researchers, an Oklahoma Department of Securities (ODS) server left terabytes of confidential government data and information related to FBI investigations exposed for more than a week in the beginning of December. Exposed records went as far back as 1986 and contained email inbox backups, spreadsheets of IT credentials, remote access credentials, security filings, and ODS investigation details. According to Forbes, along with ODS records there were also “copies of letters from subjects, witnesses and other parties involved in FBI investigations.” Some of the companies named in the FBI files included AT&T, Goldman Sachs, and Lehman Brothers.
Read more from Forbes.
Voipo Leaks Millions of Call Logs and Text Messages
Voipo, a voice over the internet provider, left a database containing 6.7 million call logs, 6 million text messages, and 1 million unencrypted passwords exposed. Security researcher Justin Paine discovered the exposed database last week and immediately alerted the company, who quickly took the ElasticSearch database offline. Some of the more than ten gigabytes of customer data dated to as far back as May 2015. The exposed database also made it possible for two-factor codes and password reset links sent by SMS to be intercepted and used by hackers to access customers accounts on other websites.
Read more from TechCrunch.
Nest Security Cameras Hijacked by Hackers
Hackers were able to infiltrate dozens of Nest security cameras, using their unauthorized access to spy on and prank unwitting owners. Wired reports that one family was told by an unknown voice over their Nest cam that “North Korean missiles were en route to Ohio, Chicago, and Los Angeles,” while others were told to subscribe to PewDiePie’s YouTube channel. Hackers were able to gain access to the security cameras with username and password combinations exposed in data breaches on other websites, using a technique known as “credential stuffing.” In total, more than 300 Nest cams were exposed.
Read more from Motherboard.
Facebook Faces Record FTC Fine
In December, five members of the Federal Trade Commission met to discuss an investigation into whether Facebook violated its 2011 consent decree. The FTC’s 2011 settlement required Facebook to obtain explicit consent from users before their information was shared with third parties, which the company appeared to be in violation of when the Cambridge Analytica scandal broke in March of last year. Commentators believe that Facebook could potentially face the largest FTC fine on record, possibly running into the hundreds of millions.
Read more from the New York Times.
Google Fined $57 Million Under the GDPR
France’s data protection authority, the CNIL, has issued Google a $57 million fine for failure to comply with the GDPR. The CNIL’s fine is the largest issued under the European Union’s General Data Protection Regulation (GDPR). In a statement, the CNIL said, “Despite the measures implemented by Google...the infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations.”
Read the full statement.
Bloom: Take Back Control of Your Data
At Bloom, we are giving you the tools to take back control of your data.
Bloom enables you to own, authorize the use of, and protect your data using the latest advancements in blockchain technology. With Bloom, the risk of your data being exposed in a data breach or leak is greatly reduced. No more centralized data storage. No more selling off your data to the highest bidder. No more risking identity theft. Your identity, and your highly sensitive personal and financial information, is securely safeguarded on your own personal device using cutting-edge cryptography.
