At a glance.
- Data cleanup on aisle 5.
- Election software CEO charged with embezzlement.
- Hacking down the family tree.
- College student sentenced for stealing explicit photos.
- Ex-police officer abuses power to blackmail Snapchat users.
Data cleanup on aisle 5.
Australian grocery chain Woolworths disclosed on Friday that its online retailer MyDeal experienced a breach that potentially exposed the data of nearly 2.2 million users, the Star reports. The intruder used compromised user credentials to access the MyDeal customer relationship management system, which contains customer names, email addresses, phone numbers, delivery addresses, and in some instances dates of birth. Woolworths says its website and other related platforms were not impacted, and that all affected customers have been contacted. As ABC notes, the incident comes just one month after millions of customers of Australian telecom giant Optus were exposed in what some are calling the largest data breach in the country’s history.
Election software CEO charged with embezzlement.
As we previously noted, Eugene Yu, CEO at election worker scheduling software maker Konnech, was arrested last week under suspicion of data theft. NPR.org reports that Yu has now been charged with conspiracy to embezzle public funds and grand theft by embezzlement of public funds. Prosecutors say that a massive data breach led Konnech to give its contractors in China access to sensitive data on election workers, and that in doing so, Konnech violated not only its contract with Los Angeles County, but also criminal law. It’s worth noting that the prosecution does not allege that Yu stole money, but rather that he misappropriated government funds. Konnech has come under fire from election conspiracy theorists who have circulated unfounded claims that Konnech has ties to the Chinese Communist Party, and the company’s defense attorney says the prosecution is relying on dubious information from these election deniers. A Los Angeles Superior Court judge has ordered Yu to remain in home confinement because he allegedly poses an "extensive flight risk" due to his "deep ties to China."
Hacking down the family tree.
FamilySearch, a genealogy website operated by The Church of Jesus Christ of Latter-day Saints, says an intruder gained unauthorized access to its network in March. As Komando explains, an investigation has been underway, and law enforcement this week lifted its confidentiality restrictions, allowing FamilySearch to share the incident with the public. The company says a state-sponsored hacking group could be behind the breach, and compromised data includes usernames, legal names, gender, email addresses, and dates of birth.
College student sentenced for stealing explicit photos.
A Puerto Rico judge has sentenced a former University of Puerto Rico student to thirteen months in prison for cyberstalking his female classmates, Bleeping Computer reports. The defendant, Iván Santell-Velázquez, admitted to hacking the email and Snapchat accounts of over one hundred students by engaging in phishing and spoofing schemes. As iTech Post explains, he then used his access to steal nude photos from the accounts, which he shared on Twitter and Facebook and, in at least one case, harassed the victim over text. US Federal Bureau of Investigation Special Agent in Charge Joseph González stated, “Cyberstalking can have a major impact on its victims, which can range from suicidal ideation, fear, anger, depression, to PTSD. This is why, at the FBI we are committed to investigating these terrible crimes and we urge the public to report incidents to law enforcement immediately."
Ex-police officer abuses power to blackmail Snapchat users.
On a similar note, Bryan Wilson, a former Louisville Metro Police Department (LMPD) officer in the US state of Kentucky, pled guilty in June hacking the Snapchat accounts of several women to steal sexually explicit photos, and the recently released court documents shed light on the case. Wilson obtained information about the victims through Accurint, a powerful data-combining software issued to law enforcement agencies, to which Wilson still had access for some time after he left the LMPD. As the Louisville Courier Journal explains, He then passed the data on to a hacker, who used the info to gain access to the women's private Snapchat accounts and steal explicit images and videos. Wilson then used the content to blackmail the women into sending him more explicit content, and in one case he forwarded stolen images to a victim’s employer. A statement from the police department says that after the incident, procedures were implemented to ensure all access to such software is suspended once a member separates from LMPD. The court documents state, "Wilson caused his victims untold psychological trauma, not only by extorting them and publishing their explicit photographs and videos online, but also by demeaning and insulting them during his text exchanges…" the document states. Prosecutors asked for Wilson’s sentence to be lightened in exchange for his guilty plea in another federal case in which he violated the civil rights of pedestrians through the arbitrary use of force.