Google Fine Leads Breach Roundup

Germany Says Company Violated Privacy
Google Fine Leads Breach Roundup

In this week's breach roundup, a German government agency has fined Google for a privacy breach involving its Street View service. Also, hackers compromised an Associated Press Twitter account on April 23, falsely tweeting that two explosions at the White House injured President Obama.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

Google Fined Over Privacy Breach

The Hamburg Commissioner for Data Protection and Freedom of Information in Germany has fined Google €145,000 for a privacy breach. Google from 2008 to 2010 allegedly collected information from Wi-Fi networks while photographing roads and houses for its Street View service, according to a notice issued by Johannes Caspar, Hamburg, Germany's privacy commissioner.

"In my opinion, it is in fact one of the largest known data breaches ever," Caspar said.

Information collected illegally includes e-mails, passwords, photographs and chat logs, according to information provided by Google during an investigation into the incident.

"Cases like this clearly show that the sanctions provided by the Federal Data Protection Act are not sufficient to sanction such serious data breaches," the notice says.

Hackers Compromise AP Twitter Account

Hackers compromised an Associated Press Twitter account on April 23, falsely tweeting about 1 p.m. EDT that two explosions at the White House injured President Obama (see: Social Media Needs 2-Factor Authentication).

The news caused the Dow index to sink by nearly 1 percent in minutes. When word surfaced that the tweet was a fake, the stock market quickly rebounded.

A group called the Syrian Electronic Army took credit for the attack, which on its English-language website lists the AP hack under the label "Latest Penetrations."

A White House official expressed concern over the incident. "Obviously, it's an example of how the public and private sector must continue to work together to promote norms of behavior in cyberspace and to protect ourselves against malicious actions."

7 Sentenced in Skimming Scheme

Seven individuals were sentenced April 17 for skimming credit card information from Chicago area locations, which was then used to make fraudulent purchases.

The defendants illegally obtained the information from the cards of patrons visiting Chicago area restaurants and attractions, including Wrigley Field, home of the Chicago Cubs baseball team, according to a statement from Illinois Attorney General Lisa Madigan.

All seven defendants pleaded guilty for their involvement in the crime. More than $200,000 worth of purchases were made using the stolen information, the statement said.

Four of the defendants were sentenced to prison time, while the other three received felony probation sentences, according to the statement.

The scheme's organizer paid the defendants - employees at the establishments - to skim credit card information of customers using a small credit card reader provided to them, the statement says. The employees swiped 175 cards using the readers. Woods then reproduced counterfeit credit cards.

Telecom Company Warned Over Breach

The Australian Communications and Media Authority has given a formal warning to AAPT Limited, a telecommunications company, alleging that it failed to adequately protect the privacy of its customers' personal information that was exposed during a third-party hacking incident.

The government agency investigated AAPT after media reports in July 2012 described the hacking incident. Based on its investigation, ACMA found that AAPT did not protect the personal information of some of its small business customers whose billing and related personal information it had collected, according to a statement.

The personal information was stored in a server offsite managed by a third party that was victim of a hacking incident. AAPT notified about 1,400 individuals whose information was compromised in the breach.

Compromised information included credit card details, names, addresses, Medicare numbers, e-mail addresses, and driver's license numbers, according to a report issued by ACMA.

Armed Robbery Compromises Pharmacy Info

Sensitive pharmaceutical information was taken from a Kmart Store in Little Rock, Ariz., during a recent armed robbery.

An individual entered the store during closing hours and demanded all money and other valuables that were stored in a locked safe. Among the valuables was "certain electronic media" that backed up the pharmacy's computer system, which contained confidential information related to prior customer prescriptions, the company said in a release.

That compromised pharmaceutical information includes customers' full name, address, date of birth, prescription number, prescriber, insurance cardholder ID and drug name, according to the release. Certain prescriptions also contained the customer's Social Security number.

All affected customers were sent notification letters regarding the incident. The company did not specify how many customers were affected.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.