Breach of ? 47k Asiana Airlines passports & bank details

Asiana Airlines’ passengers had images of their scanned passports showing data as old as September 2014 from an exposure of its website which revealed attachments from customer query emails. The exposure appears to have been from the Frequently Asked Questions (FAQ) section of their website and files saved their since May 2015.
Immediately after the discovery, Asiana temporarily shut down its server for the FAQ section.
Korea Internet and Security Agency has launched an external investigation to look at the violation of Korea’s 2011 Personal Information Protection Act.
Other websites which may face the same investigative scrutiny that were built by Asiana are Air Busan and Air Seoul.

Passport of Asiana Air Customer
Passport of Asiana Air Customer

Easy Giving – Support the Cause

Just a reminder that shopping is a new and easy way to give to Information Security Pro. At infosecpro.causenetwork.com, over 1,000 stores donate up to 10% of every purchase back to us. It is just that easy, and it does NOT cost you any extra.

Please go to infosecpro.causenetwork.com now, add the site to your “favorites”, and remember us when you need to shop. We’re really humbled by your generosity, and the difference you’re making in the information security world. Thanks for being a supermember of the Information Security Pro community.

Thank you for your ongoing support.

download

105 busted in global credit card fraud

What do the UK, Netherlands, Germany, Belgium, and Malaysia all have in common?
If you answered "a Credit Card syndicate which was disrupted by Europol's European Cybercrime Centre (EC3)" then you are correct.

The Organized Criminal Group (OCG) which was creating and abusing counterfeit credit cards all across Europe and in Malaysia recently had 3,000 counterfeit cards confiscated along with jewelry, cash, and fake passports.  

OCG was created in Malaysia and has been committing credit card fraud schemes by abusing less secure locations for shopping such as duty-free shops in airports and electronic stores and buying high priced ticket items.  Through cooperation of American Express with the EC3 and local law enforcement around the globe, the investigation running since end of 2015 was able to successfully capture 105 suspects.

Carbonite account email and passwords breaches

Users of the online backup service Carbonite have been assigned new passwords.

(Below) Carbonite sent a notification and put a statement on their website that they’re creating new passwords for all users due to a password-reuse attack much related to its lack of a required 2-factor authentication aka (2FA.)

Notification of Carbonite breach
Notification of Carbonite breach

Information Assurance & Cyber Security Research and Education, a 501(c)(3)