Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Personal Information. Show all posts
Ransomware
Data Breach Personal Information PowerSchool breach Ransomware

Hackers Resurface with PowerSchool Data, Target Schools Again with New Threats

 


Hackers behind the 2024 cyberattack on PowerSchool have returned, this time going after individual schools. They're now threatening to leak private data unless schools pay them ransom.

PowerSchool is a major digital platform used in the education sector. It provides services to over 17,000 schools in more than 90 countries, helping around 50 million students. In December 2024, the platform suffered a major data breach where hackers managed to steal large amounts of sensitive information. Reports confirmed that the attackers accessed personal data of about 62 million students and 9 million staff members across more than 6,500 school districts in the US and Canada.

At that time, PowerSchool made the controversial decision to pay the attackers in hopes that the stolen data would be deleted. According to the company, it was not a decision taken lightly. They believed that paying the ransom was the best way to keep the private information from being made public. They were told by the hackers—and shown evidence — that the stolen data would be destroyed. However, it now appears that those promises were not kept.

Recently, schools have reported receiving direct messages from cybercriminals, warning them that the stolen data could be released if more ransom is not paid. These threats are based on the same data from the December breach, suggesting that the attackers never deleted it in the first place.

The stolen information includes highly personal details such as names, Social Security Numbers, home addresses, and even health-related information. This kind of data can be used to commit fraud or identity theft, which puts both students and staff at serious risk.

To reduce the chances of identity misuse, PowerSchool is offering two years of free credit and identity monitoring services to those affected. They also expressed regret for the situation and said they are working closely with law enforcement to handle the latest round of threats and prevent further damage.

This situation stresses upon the danger of trusting cybercriminals, even after a ransom is paid. It also shows how long the effects of a data breach can last, especially when sensitive personal information is involved.

Read more »
Scams
Data Breach express VPN Google Online Personal Information Scams

This Free Tool Helps You Find Out if Your Personal Information Is Exposed Online

 


Many people don't realize how much of their personal data is floating around the internet. Even if you're careful and don’t use the internet much, your information like name, address, phone number, or email could still be listed on various websites. This can lead to annoying spam or, in serious cases, scams and fraud.

To help people become aware of this, ExpressVPN has created a free tool that lets you check where your personal information might be available online.


How the Tool Works

Using the tool is easy. You just enter your first and last name, age, city, and state. Once done, the tool scans 68 websites that collect and sell user data. These are called data broker sites.

It then shows whether your details, such as phone number, email address, location, or names of your relatives, appear on those sites. For example, one person searched their legal name and only one result came up. But when they searched the name they usually use online, many results appeared. This shows that the more you interact online, the more your data might be exposed.


Ways to Remove Your Data

The scan is free, but if you want the tool to remove your data, it offers a paid option. However, there are free ways to remove your information by yourself.

Most data broker sites have a page where you can ask them to delete your data. These pages are not always easy to find and often have names like “Opt-Out” or “Do Not Sell My Info.” But they are available and do work if you take the time to fill them out.

You can also use a feature from Google that allows you to request the removal of your personal data from its search results. This won’t delete the information from the original site, but it will make it harder for others to find it through a search engine. You can search for your name along with the site’s name and then ask Google to remove the result.


Other Tools That Can Help

If you don’t want to do this manually, there are paid services that handle the removal for you. These tools usually cost around $8 per month and can send deletion requests to hundreds of data broker sites.

It’s important to know what personal information of yours is available online. With this free tool from ExpressVPN, you can quickly check and take steps to protect your privacy. Whether you choose to handle removals yourself or use a service, taking action is a smart step toward keeping your data safe.

Read more »
Workplace
Amazon Employee Personal Information Privacy Workplace

Over 21 Million Employee Screenshots Leaked from WorkComposer Surveillance App

Over 21 Million Employee Screenshots Leaked from WorkComposer Surveillance App

An app designed to track employee productivity by logging keystrokes and taking screenshots has suffered a significant privacy breach as more than 21 million images of employee activity were left in an unsecured Amazon S3 bucket.

An app for tracking employee productivity by logging keystrokes and capturing screenshots was hit by a major privacy breach resulting in more than 21 million images of employee activity left in an unsafe Amazon S3 bucket. 

Experts at Cybernews discovered the breach at WorkComposer, a workplace surveillance software that monitors employee activity by tracking their digital presence. Although the company did secure access after being informed by Cybernews, the data was already leaked in real time to anyone with an internet connection, exposing the sensitive work information online of thousands of employees and companies. 

WorkComposer is an application used by more than 200,000 users in various organizations. It is aimed to help those organizations surveil employee productivity by logging keystrokes, monitoring how much time employees spend on each app, and capturing desktop screenshots every few minutes. 

With millions of these screenshots leaked to the open web raises threats of vast sensitive data exposed: email captures, confidential business documents, internal chats, usernames and passwords, and API keys. These things could be misused to target companies and launch identity theft scams, hack employee accounts, and commit more breaches. 

Also, the businesses that have been using WorkCompose could now be accountable to E.U GDPR (General Data Protection Regulation) or U.S CCPA  (California Consumer Privacy Act) violations besides other legal actions. 

As employees have no agency over what tracking tools may record in their workday, information such as private chats, medical info, or confidential projects; the surveillance raises ethical concerns around tracking tools and a severe privacy violation if these screenshots are exposed. 

Since workers have no control over what tracking tools may capture in their workday, be it private chats, confidential projects, or even medical info, there’s already an iffy ethical territory around tracking tools and a serious privacy violation if the screenshots are leaked.

The WorkComposer incident is not the first. Cybernews have reported previous leaks from WebWork, another workplace tracking tool that experienced a breach of 13 million screenshots. 

Read more »
Personal Information
data security device protection Device Security Information Security Mobile Security Password Privacy Personal Information

How to Protect Your Smartphone During US Border Crossings

 

Crossing into the United States has become riskier since the start of Trump’s second administration. Foreign visitors and US visa holders are increasingly being detained, questioned, or deported. As uncertainty grows, travel demand from Canada and Europe has dropped sharply. Regardless of why you are traveling, US Customs and Border Protection (CBP) has the authority to search phones and other electronic devices at the border. 

While other countries also inspect devices, the volatile US policies have led travelers and companies to reconsider what they carry. Canada has issued travel warnings, and journalists are advised to prepare for device searches. At the border, CBP can demand PINs or biometrics to unlock devices. US citizens and green card holders can refuse without being denied entry, although this may trigger additional questioning or device seizure. Visa holders and visitors, however, face detention or deportation if they refuse a search. Travelers must assess their own risk based on legal status, nationality, profession, and online activity. 

To minimize risk, disable facial recognition or fingerprint unlock before traveling and use only a PIN. Update your phone’s software to make it harder to crack. Carry a paper boarding pass and keep your phone off or out of sight when approaching agents. One strategy is to travel with a separate device, either by wiping an old phone or buying a new one. Build a limited digital footprint on the travel phone—use separate emails, social media accounts, and encrypted messaging apps like Signal. 

However, the device should not appear suspiciously clean; normal usage should be simulated to avoid drawing attention. Another option is to clean your primary phone before traveling by backing up and deleting sensitive data and unnecessary apps. After returning, you can restore your phone from backup. However, mistakes in this process can leave traces of personal information vulnerable during inspection. Even if you don’t make major changes, basic steps like deleting old apps, updating software, limiting social media use, and keeping important documents printed can protect your privacy. 

Experts warn that travelers should assume border agents may scrutinize online presence and past posts. As device searches become more common at US borders, preparing ahead of travel has become critical for safeguarding personal information.
Read more »
Stolen Data
Cyberattack Cybersecurity Data Breach health data medical records Personal Information Ransomware Social Security Stolen Data

Sunflower and CCA Suffer Data Breaches, Exposing Hundreds of Thousands of Records

 

Sunflower recently disclosed a cyberattack on its systems, revealing that hackers gained access on December 15 but remained undetected until January 7. 

During this time, sensitive personal and medical data — including names, addresses, dates of birth, Social Security numbers, driver’s license details, medical records, and health insurance information—were compromised. According to its filing with the Maine Attorney General’s Office, the breach impacted 220,968 individuals.

Meanwhile, CCA experienced a similar data breach in July last year. The organization reported that cybercriminals stole extensive patient information, including names, addresses, dates of birth, driver's license numbers, Social Security numbers, diagnoses, lab results, prescriptions, patient ID numbers, and provider details. The breach affected 114,945 individuals, as per its filing with Maine’s Attorney General’s Office.

The Rhysida ransomware group has claimed possession of 7.6TB of Sunflower’s data, including a 3TB SQL database, according to The Register. With the data still listed online, it suggests that either negotiations are ongoing or have collapsed. However, as of now, there is no confirmed evidence of the stolen data being misused on the dark web.

Following these incidents, both organizations have taken steps to strengthen cybersecurity measures to prevent future breaches.
Read more »
Scamming
Cyber Crime Personal Information Psychology Scamming

Scammers Still Use the Same Tricks, Just in New Ways

 



As technology furthers, scams are becoming more advanced, but the way scammers manipulate people hasn't changed. Despite using modern tools, they still rely on the same psychological tactics to deceive their victims.  

Clinical psychologist Dr. Khosi Jiyane explains that scammers understand how human behavior works and use it to their advantage. Even though scams look different today, the methods of tricking people remain similar.  


Thinking You're Safe Can Make You a Target  

One major reason people fall for scams is the belief that it can't happen to them. This mindset, known as optimism bias, makes people think they're less likely to be scammed compared to others.  

Because of this, people often ignore clear warning signs in suspicious emails, messages, or offers. They assume they’re too smart to get fooled, which lowers their guard and makes it easier for scammers to succeed.  


Scammers Play on Trust  

Another trick scammers use is truth bias, where people naturally believe what they are told unless there's a clear reason to doubt it. Scammers pretend to be trustworthy figures like bank officials or family members to gain trust.  

By appearing credible, they can convince people to share personal information, make payments, or click harmful links without hesitation. This works even on cautious people because trust often overrides suspicion.  


Creating Urgency to Trick You  

Scammers often create a sense of urgency to rush people into making quick decisions. Messages like "Act now to protect your account!" or "Claim your prize before time runs out!" are designed to trigger panic and fast responses.  

Dr. Jiyane explains that when people feel rushed, they think less critically, making them easier targets. Scammers use this tactic, especially during busy times, to pressure people into acting without verifying facts.  


How to Protect Yourself  

The best way to avoid scams is to always pause and verify before taking action. Whether you receive a call, email, or message asking for personal information or urgent action, always confirm with the source directly.  

It’s also important to stay aware of your vulnerability. No one is completely immune to scams, and understanding this can help you stay cautious. Avoid making quick decisions under pressure and take time to think before responding.  

By staying alert and verifying information, you can reduce the risk of falling for scams, no matter how convincing they appear.

Read more »
Personal Information
aviation BreachForums Data Breach Data Hackers data security Data Theft Hacker attack Personal Information

ICAO Investigates Potential Data Breach Amid Cybersecurity Concerns

 

The International Civil Aviation Organization (ICAO), a United Nations agency tasked with creating global aviation standards, has disclosed an investigation into a potential cybersecurity incident. Established in 1944, ICAO works with 193 member states to develop and implement aviation-related technical guidelines. The agency announced its inquiry on Monday, following reports of unauthorized access linked to a well-known cybercriminal group targeting international organizations.  

In its statement, ICAO confirmed it is examining allegations of a security breach and has already implemented precautionary measures to address the issue. While the organization did not provide specific details, it assured the public that a comprehensive investigation is underway. Additional updates will be shared once the preliminary analysis is complete. The investigation coincides with claims by a hacker using the alias “natohub,” who posted on BreachForums, a well-known hacking forum, alleging they had accessed and leaked ICAO’s data. 

According to the claims, the leak comprises 42,000 documents containing sensitive personal information, including names, dates of birth, addresses, phone numbers, email addresses, and employment records. Another source suggested the leaked archive is approximately 2GB and contains data linked to 57,240 unique email accounts. ICAO has not verified the authenticity of these claims but has emphasized the seriousness with which it is handling the situation. 

This development follows a pattern of cyberattacks on United Nations agencies in recent years. In April 2024, the United Nations Development Programme (UNDP) launched an investigation into a ransomware attack reportedly orchestrated by the 8Base group. Similarly, in January 2021, the United Nations Environment Programme (UNEP) experienced a breach that exposed over 100,000 records containing personally identifiable information. Earlier, in July 2019, UN networks in Vienna and Geneva suffered a significant breach through a SharePoint exploit. 

That attack compromised sensitive data, including staff records, health insurance details, and commercial contracts. A senior UN official later described the incident as a “major meltdown.” These recurring incidents highlight the increasing vulnerability of global organizations to cyber threats. Despite their critical roles in international operations, such institutions remain frequent targets for cybercriminals. 

This underscores the urgent need for robust cybersecurity measures to protect sensitive data from exploitation. As ICAO continues its investigation, it serves as a reminder of the evolving threats facing international organizations in a rapidly digitizing world. Enhanced vigilance and collaboration are essential to safeguarding global systems against future cyberattacks.
Read more »
Personal Information
Data Breach Data Services database Internet Personal Information

Database Service Provider Leak Results in Exposing Over 600,000 Records on Web

Database Service Provider Leak Results in Exposing Over 600,000 Records on Web


SL Data Services, a U.S.-based data broker, experienced a massive data breach, exposing 644,869 personal PDF files on the web. The leaked records included sensitive information such as personal details, vehicle records, property ownership documents, background checks, and court records. Alarmingly, the exposed files were not encrypted or password-protected.

Cybersecurity expert Jeremiah Fowler discovered the breach, identifying sample records in the 713.1 GB database. Remarkably, 95% of the documents were labeled as “background checks.”

"This information provides a full profile of these individuals and raises potentially concerning privacy considerations," Fowler stated.

Details of the Leaked Data

The breached documents contained the following sensitive information:

  • Residential addresses
  • Contact details and emails
  • Employment data
  • Full names
  • Social media accounts
  • Family members
  • Criminal record history

Fowler confirmed the accuracy of the residential addresses associated with named individuals in the leaked files.

How the Leak Happened

According to Fowler, property reports ordered from SL Data Services were stored in a database accessible via a web portal for customers. The vulnerability arose when a threat actor, knowing the file path, could locate and access these documents.

SL Data Services used a single database for multiple domains without proper segmentation. The only separation was through folders named after the respective websites. After Fowler reported the breach, database access was blocked for a week, but during that time, over 150,000 additional records were exposed. It remains unclear how long the data was publicly accessible or what information was accessed by unauthorized parties.

When Fowler contacted SL Data Services, he was only able to reach call center agents who denied the breach, claiming their systems used SSL and 128-bit encryption. Despite these assurances, the exposed records suggest serious lapses in data security practices.

The Risks of Exposed Data

Fowler warned about the dangers posed by the leaked information:

"The criminals could potentially leverage information about family members, employment, or criminal cases to obtain additional sensitive personal information, financial data, or other privacy threats."

Publicly exposed data allows threat actors to:

  • Launch phishing campaigns or social engineering attacks
  • Fake identities using stolen information
  • Target victims whose data appeared in background check documents

Staying Safe

To protect personal data when working with data brokers, Fowler recommends the following:

  1. Research Data Storage Practices
    Understand how the company stores and secures sensitive data.
  2. Conduct Vulnerability Scans
    Ensure the broker performs regular scans to detect potential security issues.
  3. Request Penetration Testing
    Verify whether the company tests its systems to prevent unauthorized access.

Conclusion

This breach underscores the importance of robust data security practices for companies handling sensitive information. By adopting proactive measures and holding data brokers accountable, both organizations and consumers can mitigate the risks of future breaches.

Read more »
Subscribe to: Posts (Atom)