Human communication

violations at Cox Communication and DDC. Data breach in South Australia. A case of human error.

In one look.

  • Report: breach at Cox Communication.
  • Report: violation of test subject at DDC.
  • Data breach in South Australia.
  • A case of human error.

The Cox Communications intrusion is likely a social engineering attack.

U.S. digital cable and telecommunications provider Cox Communications has confirmed that a threat actor gained access to customer data by posing as a customer support agent. Cox learned of the incident in October, and while details are few, it’s likely the intruder used social engineering strategies to infiltrate Cox’s internal systems. The breach notification reads: “We immediately launched an internal investigation, took steps to secure affected customer accounts, and notified law enforcement of the incident.” Potentially exposed data includes customer names, contact details, Cox account numbers, usernames, PINs, and security questions and answers. Bleeping Computer asked Cox for details regarding the number of affected customers and how the breach occurred, but received no response.

DNA Diagnostics Center is experiencing a test subject data breach.

The US paternity testing company DNA Diagnostics Center (DDC) data breach has potentially exposed the data of more than 2.1 million people. CPO Magazine explains that the attacker compromised a database archive containing test subject data collected between 2004 and 2012, and potentially exfiltrated data from the database between May 24 and July 28. The compromised data includes full names, social security numbers, credit and debit card information. , financial account numbers and system passwords. On the positive side, no genetic data has been stolen. DDC’s statement attempted to downplay the impact of the incident, noting that the breached system is no longer in use and the data in question had been acquired from another entity. “DDC acquired certain assets of this national genetic testing organization in 2012 which included certain personal information, and therefore the impacts of this incident are not associated with DDC,” the testing company said.

South Australian government hit by third party attack.

The ransomware attack by payroll software provider Frontier Software compromised the data of tens of thousands of employees in South Australia (SA), possibly including political leaders like Prime Minister Steven Marshall. ABC reports that Frontier, which has been providing payroll services to the South African government since 2001, fell victim to ransomware last month and hackers have already posted stolen data to the dark web. Treasurer Rob Lucas said, “The highest from the highest to the lowest from the lowest and everyone else among us is potentially affected except teachers and the Department of Education. (The education department, fortunately, does not use Frontier’s services.) Government officials say their primary goal is the well-being of employees and that employee pay cycles should not be interrupted at any time. the aftermath of the attack. questioning the security of South African government systems. Shadow Treasurer Stephen Mullighan commented: “It is now clear that the Liberal government of Marshall cannot be trusted to protect South Australian data … The government must explain why a security breach has occurred four a few weeks ago is only revealed now.

Violation of the school district caused by human error.

The accidental exposure of student data in an Ohio school district ended with the retirement of the offending staff member, Fox 8 Cleveland WJW reports. A letter to parents explained that the staff member, intending to send each student’s transcripts to their parents, accidentally sent all families the partial transcripts of the entire class from terminal, including student names, contact details, grades, student identification numbers and state test scores. The staff member was immediately placed on administrative leave with pay and subsequently announced his retirement. The Federal Office of Student Privacy Policy at the United States Department of Education and the Ohio Department of Education have been notified and commended the district for handling the incident.