Gaming Site Hack Leads Breach RoundupSensitive Info Posted Online; Hackers Leak Job Seeker Details
In this week's breach roundup, user information from gaming site Gamigo has been posted online four months after the site experienced a breach. Also, hackers stole data files containing information on users of ITWallStreet.com, a website for IT professionals seeking jobs with Wall Street firms.
Gaming Site Breach Affects 8 Million
A four-month-old data breach affecting gaming site Gamigo recently led to 8 million e-mail addresses and encrypted passwords being posted online. As a result of an attack in March, usernames, e-mail addresses and encrypted passwords were recently posted to InsidePro, an online password forum; they were subsequently removed. The information was taken from an older database by unauthorized intruders, says Dennis Hartmann, a Gamigo spokesman. "As far as we can tell, the published records contained no new data," he says.
Breach Affects IT Job Searchers
A hacker has posted online 12 data files containing detailed information on 50,000 users of ITWallStreet.com, a website for IT professionals seeking jobs with Wall Street firms. The compromised information includes full names, mailing addresses, e-mail addresses, usernames, hashed passwords and phone numbers, according to the news site eSecurity Planet.
Hacking group TeamGhostShell is taking credit for the breach.
Laptop Theft Spurs Encryption Ramp Up
Boston-based Beth Israel Deaconess Medical Center reports a breach involving a physician's unencrypted personal laptop that was stolen from his office. The device contained information on 3,900 patients, who are being notified of the incident.
Data on the laptop included brief summaries of medical information used for administrative purposes within the medical center, but the device did not store complete records, patient financial information or Social Security numbers, according to a statement from the medical center. Also included on the stolen laptop were approximately 230 administrative employees' records.
In the wake of the incident, Beth Israel Deaconess is stepping up efforts to make sure that its policy requiring encryption of all mobile devices, including personal ones used for work-related purposes, is actually followed.
Mailing System Error Affects Maine Residents
Personal information for 79 Maine residents who applied for public assistance or updated information via a web portal was inadvertently mailed to the wrong recipients, according to the state's Department of Health and Human Services. The cause of the breach was an error in the automated mailing system. Social Security numbers and bank account information were included in some instances.
DHHS staff called affected individuals and offered identity theft insurance, free credit reports and daily monitoring of credit at no cost to those affected. Those who received the incorrect information were also sent letters with a postage-paid envelope instructing them to return the information. "They are legally obligated to return it and we have reminded them that identity theft is a crime," DHHS said in a statement.