National Public Data Published Its Own Passwords
New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. Read More
DoD Issues Proposed DFARS Rule to Implement CMMC 2.0
The most notable aspects of the Proposed DFARS Rule are its emphasis that the CMMC level specified in a particular solicitation and contract “is required for all information systems, used in the performance of the contract, that will process, store, or transmit” FCI or CUI. Read More
TP-Link finds itself in congressional crosshairs over ties to China
Open-source information indicates that the company may represent a serious threat to U.S. ICTS security. Read More
US businesses struggle to obtain cyber insurance, lawmakers are told
Rising premiums and restrictive policies are creating uncertainty among American businesses about whether insurance policies will cover breaches. Read More
Vulnerability disclosure policies eyed for federal contractors in Senate bill
The legislation would require federal contractors to adhere to NIST’s guidelines on VDPs. Read More
Don’t Mess With Texas Privacy: AG Sues GM for $18 BILLION
The state of Texas … accused the automaker of installing technology on more than 14 million vehicles to collect data about drivers, which it then sold to insurers and other companies without drivers’ consent. Read More
Most Ransomware Attacks Now Happen at Night
The reason for launching attacks at night, and at weekends, is simple: try to ensure there are limited IT staff around to handle detection and response. Read More
MIT delivers database containing 700+ risks associated with AI
Called the AI Risk Repository, the goal, its creators say, is to provide an accessible and updatable overview of risk landscape. Read More
Toyota confirms data breach after info leaked on cybercrime forum
Carmaker confirms losing hundreds of gigabytes of sensitive customer data. Read More
Plane tracker FlightAware admits user passwords, SSNs exposed for years
Notification omits a number of key details. Read More
Deadbeat dad faked his own death by hacking government databases
Hoped to dodge child support payments, now faces 81 months inside – and a bigger bill than ever. Read More
In April, a cybercriminal named USDoD began selling data stolen from NPD. In July, someone leaked what was taken, including the names, addresses, phone numbers and in some cases email addresses for more than 272 million people (including many who are now deceased).
NPD acknowledged the intrusion on Aug. 12, saying it dates back to a security incident in December 2023. In an interview last week, USDoD blamed the July data leak on another malicious hacker who also had access to the company’s database, which they claimed has been floating around the underground since December 2023.
Following last week’s story on the breadth of the NPD breach, a reader alerted KrebsOnSecurity that a sister NPD property — the background search service recordscheck.net — was hosting an archive that included the usernames and password for the site’s administrator.
Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.