Data broker protection rule quietly withdrawn by CFPB

The Consumer Financial Protection Bureau CFPB has decided to withdraw a 2024 rule to limit the sale of Americans’ personal information by data brokers. In a Federal Register notice published yesterday, the CFPB said it "has determined that legislative rulemaking is not necessary or appropriate at...

A Close Up Look at the Consumer Data Broker Radaris

If you live in the United States, the data broker Radaris likely knows a great deal about you, and they are happy to sell what they know to anyone. But how much do we know about Radaris? Publicly available data indicates that in addition to running a dizzying array of people-search websites, the...

Rails has possible Sensitive Session Information Leak in Active Storage

Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...

It’s Still Easy for Anyone to Become You at Experian

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly h...

Class Action Targets Experian Over Account Security

A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that...

Vermont Taxpayers Warned of Data Leak Over the Past Three Years

The Vermont Department of Taxes may have been exposing taxpayer data that could be used in credential scams for more than three years due to a vulnerability in its online tax filing system. A notice PDF posted on the department’s website warned taxpayers who filed a Property Transfer Tax return...

Worse than Equifax: Personal records of 340M people leaked online

By Waqas Last year the credit reporting firm Equifax revealed how unknown This is a post from HackRead.com Read the original post: Worse than Equifax: Personal records of 340M people leaked online...

Turns out Equifax breach was way bigger than initially thought

By Carolina On July 29th Equifax, a consumer credit reporting agency in the United This is a post from HackRead.com Read the original post: Turns out Equifax breach was way bigger than initially thought...

Equifax Website Hacked To Deliver Malware-bearing Flash Update

By Waqas In May 2017, the website of renowned credit reporting service This is a post from HackRead.com Read the original post: Equifax Website Hacked To Deliver Malware-bearing Flash Update...

FTC Releases Alerts on Protecting Against Identity Theft

The Federal Trade Commission FTC has released two alerts to educate consumers on recommended protections against identity theft after the recent data breach at Equifax. Users should consider placing security freezes with the three major credit reporting agencies: Equifax, Transunion, and Experian...

Equifax sued for Billions after 143 million data hack

By Uzair Amir As reported yesterday, the credit reporting agency Equifax was hacked This is a post from HackRead.com Read the original post: Equifax sued for Billions after 143 million data hack...

Zaxby's Chicken Chain Warns of Possible Credit Card Thefts

At least 100 restaurants’ customers are at risk of credit and debit card fraud after a U.S. fast food chain announced it’s found data-swiping malware on some of its franchises’ computer hard drives. Zaxby’s Franchising, Inc. alerted customers via a news release that credit card processing compani...

FTC Bares Teeth, Levies $800k Fine Against Data Brokerage Firm

In a first-of-its-kind ruling, the Federal Trade Commission FTC told data brokerage firm Spokeo it has until tomorrow to hand over $800,000 to the Treasurer of the United States. The ruling came in a case addressing the sale of personal Internet information for the purpose of job applicant...

Data Breach Notification Bill Included in New White House Proposal

The White House on Thursday proposed a new federal data breach notification law in an attempt to clarify a mish-mash of laws already on record. The notification comes as part of a much-delayed cybersecurity legislative proposal unveiled on Capitol Hill this week. The sweeping reform comes nearly...

California Bill Ups the Ante on Breach Notifications

The new bill requires that the company include the type of personal information exposed in the breach; the date or estimated date of the breach; a general description of the incident itself; and toll-free numbers and addresses for credit reporting agencies if the breach included social security...