At a glance.
- Meta's “Oops.”
- Sexual assault victims exposed in Suffolk County police data breach.
- Maryland regional bank suffers data breach.
Meta says “Oops.”
The Wall Street Journal reports that Meta has booted or disciplined over two dozen of its employees and contractors over the last year for allegedly hijacking the accounts of Facebook users. Some of the culprits were security guards in Meta facilities who had been given access to the Online Operations mechanism, affectionately called “Oops,” an internal tool used by employees attempting to help users who were having difficulties logging into their accounts. In some cases, the now-fired employees accepted thousands of dollars in bribes from hackers in exchange for access to the accounts. Meta spokesman Andy Stone explained, “Individuals selling fraudulent services are always targeting online platforms, including ours, and adapting their tactics in response to the detection methods that are commonly used across the industry,” and added that Meta “will keep taking appropriate action against those involved in these kinds of schemes.” The abuse of the Oops mechanism is indicative of Facebook’s customer service issues, which has increasingly led frustrated users who are having account issues to resort to the Oops channel as a last resort. Intended to be used only on a limited basis, the channel serviced about 50,270 tasks in 2020, up from just 22,000 three years earlier.
Sexual assault victims exposed in Suffolk County police data breach.
The police force in Suffolk County, England has disclosed that a leak led the exposure of the data of sexual assault victims. Tech Monitor reports that hundreds of individuals had their names, addresses, dates of birth and details of the alleged sexual offences committed against them published on the public-facing police website. According to a Suffolk Constabulary spokesperson, “Suffolk Police were made aware that some personal information, which should not have been uploaded, could be accessed by the constabulary website. This matter was quickly resolved and the information can no longer be accessed. We take our obligations under the data protection act very seriously.” Though the data were only viewable for a short period of time, the Suffolk Rape Crisis organisation says it was long enough to “put women at risk of further violence.” The charity added, “Survivors of sexual violence who have reported to the police are entitled to lifetime anonymity.” It’s unclear how or why the data were exposed, but the Suffolk Police have launched an inquiry and the breach has been reported to the Information Commissioner’s Office. Police and crime commissioner Tim Passmore has issued an apology, stating, “I want to make it clear I am extremely sorry and issue an unreserved apology for anyone who might have been affected…I can understand the huge concern it might have caused people who have been victims of this sort of terrible crime.”
Maryland regional bank suffers data breach.
Middletown Valley Bank, located in the US state of Maryland, has reported that an unauthorized party gained access to files containing sensitive customer info on the bank’s computer network. According to a report submitted by the bank to the Montana Attorney General, Middletown Valley learned of the breach on October 1, upon which they shut down sections of the network and launched an internal investigation to determine what info had been accessed. The compromised data include customer names, financial account numbers, Social Security numbers, driver’s license numbers, passport numbers, and other identifying information necessary for applying for bank products and services. JD Supra adds that the bank began notifying impacted customers about the incident on November 14.