Personal Information Exposed due to Flaw in Website

The personal information of almost 100,000 people was exposed on a website used for obtaining high school transcripts. The site responsible for this information leak is called NeedMyTranscript.com. NeedMyTrnascripts.com takes requests from all 50 states, and covers almost 18,000 high schools throughout the country. The data exposed includes names, dates of birth, addresses, e-mail addresses, phone numbers, mothers’ maiden names and the last four digits of the users’ Social Security numbers. There is no indication if the data has been actually been stolen by anyone, or if it was just exposed. The data seems to have been exposed due to a flaw in the websites design. It seems that some users when trying to access their transcript encounter an error after signing in. The error message contained a link to a sub directory on the website. This sub directory contained links to the data of almost 100,000 other users.

Kyle Slifer

http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/21/personal-information-of-almost-100000-people-exposed-through-flaw-on-site-for-transcripts/

Advertisements

Jimmy John’s Data Breach

On September 24 the restaurant chain Jimmy John’s released a statement confirming a credit card breach that affected stores all over the states. Jimmy John’s estimates that about 324 stores where affected. Information exposed is believed to be card numbers, cardholder names, verification codes, and the cards expiration date.

It is believed that card an intruder stole log in information from point of sail vendors  and used their credentials to remotely install malware onto the point of sale systems. When costumers used their cards on purchases in the store the malware would capture data from the cards magnetic strip.  This malware has been removed from most of the afflicted systems.

-Kyle Slifer

http://www.databreachtoday.com/jimmy-johns-confirms-data-breach-a-7356

http://www.databreachtoday.com/vendor-100-restaurants-breached-a-7364