Purchasing LifeLock, Identity Guard or IdentityForce via links from our site earn us a commission and supports our efforts. Thank You!

Identity Theft Labs

Data Breaches

Ok, we don’t write about data breaches too much anymore…. quite frankly, we couldn’t keep up if we wanted to….. not when there are a couple hundred each year. Occasionally we talk about a large one or one that received media attention here. For a chronology of data breaches please see DataLossDB.

Please see our identity theft protection reviews to learn about the companies that can help protect you from identity theft even if your information was exposed in a data breach.

Put the Dog Down: The POODLE SSLv3 Vulnerability

Late last week, the news had broken that POODLE SSLv3 had been attacked and the system compromised. A vulnerability within POODLE SSLv3 allows attackers to decrypt encrypted website connections, allowing them access to online accounts, social networks, and email. Google, Firefox, and other browsers are currently disabling it until a solution is reached. For more information and a full report, please click here.

850K Oregonian Jobseekers Got More Then Their Resumes Exposed

The Oregon Employment Department’s WorkSource Oregon Management Information System (WOMIS) recently discovered a vulnerability that compromised the private information of over 850,000 registrants. While the system was taken down and patched before all 1.9 million jobseekers’ accounts were compromised, there are still many affected by this breach. Much of the information stored is personal info used in filling out job applications such as names, addresses, social security numbers, and so on.

So far there are no reports that any of the data has been used, but all the affected accounts have been requested to change their passwords and other security information. The Department also offered identity theft protection to the affected jobseekers if requested. Read more about this story here.

“Operation Deathclick” and How It Compromises U.S. Defense

Cyber-espionage has put a new application to an old technique: malvertising. Reports have been given regarding “Operation Deathclick,” an advanced persistent threat targeting the United States Defense industry. Using malvertising, the attackers objective appears to be intellectual property threat and not the usual ad fraud that is usually associated with malvertising. For more details on this story and a full report, click here.

Hackers Already Got Your Credit Card, Don’t Let Them Get Your Medical Records

Over the past year, many retailers have suffered from hackers obtaining the credit card information of several customers. In fact, the hackers have done so well that the black market on credit care info has become inflated. Miscreants are paying LESS MONEY to other miscreants for credit card information than ever before.

So where do they go next? Probably your doctor’s office. Medical information is some of the most private material a person can have (which also includes your address, birthdate, social security number, etc.) and most hospitals still use machines and software that are several generations old. That older software cannot protect itself from modern day hacker techniques.

So what’s the solution? While HIPAA regulations and other organizations are doing what they can, their security is still at risk. Write to your congressmen, contact local hospitals to see what you can organize, find out where to donate funding for newer computers and securer software. Read more about this issue and other solutions here.

Play Videos and Keep Building Apps: ColdFusion and Flash Player Flaws Fixed

This past Tuesday, Adobe provided updates for Flash Player and ColdFusion in order to tweak some bugs and should be able to automatically install in Chrome, IE, and IE 10. There are also “hot fixes” available for ColdFusion versions 9.0 through 11 that prevents unauthorized local users to bypass IP address access control restrictions. Read more about these updates here.