UPDATED: Hacker Claims to Have Taken Sensitive Data from City of Providence
GoLocalProv News Team
UPDATED: Hacker Claims to Have Taken Sensitive Data from City of Providence
It is unknown what data, if any, is under the control of the City of Providence, but as three years ago the City of Providence accidentally gave GoLocalProv the Social Security numbers to thousands of retired City Workers.
The message posted Sunday morning on the city's website read:
GET THE LATEST BREAKING NEWS HERE -- SIGN UP FOR GOLOCAL FREE DAILY EBLASTSorry You g0t Hacked by g0tchack
ALL SENSITIVE DATA & DATABASE FOR SALE!! 1 BTC
contact: [email protected]
"The Providence Police Department, in conjunction with the RI State Police Cyber Crime Division are investigating an incursion in to the public portion of the City’s website," said city spokesperson Evan England in a statement. "It appears that the incursion is limited to information contained in the public-facing portions of the website ; there is no indication that City’s back-end database has been compromised."
The hacker provided the following screengrab of data obtained (SEE BELOW), but neither the city nor the hacker issued any further statements on Sunday. The city's website was back up and running approximately several hours after the hack.
In March of 2012, GoLocal reported that the City of Providence has released thousands of Social Security numbers:
The City of Providence on Tuesday accidentally released the Social Security numbers of nearly 3,000 former employees in response to a public records request.
In February, GoLocalProv filed an Access to Public Records Act request to obtain information about pension recipients in the capital city. The city’s legal team responded by e-mailing a .pdf file which listed every retiree, their retirement date, the date they began receiving a cost-of-living-adjustment (COLA), and the amount they receive each month.
The list also included columns for Social Security numbers and employee identification numbers that appeared to be redacted, but when the document was enlarged, the numbers were clearly on display. A closer review revealed that the city had only altered the “highlight” color of the document and that a change to the color revealed every retiree’s most personal information.
It is unclear how many copies of the file, which is accessible to any reporter or member of the public who requests it, have been sent out. It is also unclear if such a mistake has been made in the past.
Editor's note: This story was originally published at 11:14 am on October 13, 2015
Editor's Note: Updated Monday 12:19 a.m.
10 Big Companies with Recent Major Security Breaches
Epsilon
March 2011
Tens of millions affected
In March 2011, Epsilon, the world's largest permission-based email marketing service, announced that the names and email addresses of customers of Citigroup, TiVo, and many other U.S. companies, were exposed in a huge data breach. The hack affected names and email addresses stored in over 108 retail stores, major financial firms and non-profit organizations like College Board. At the time of the incident, Epsilon had more than 2,500 clients sending 40 billion emails annually.
Result: Epsilon notified clients of the breach on April 1. Epsilon's clients then notified their customers of the hack. Epsilon has stated that 50 clients were affected, but the exact number of names and email addresses has not been released. Computerworld.com estimated that "tens of millions" of people were affected.
Sony
April 2011
77 million customers affected
In the spring of 2011, Sony was hacked through its through its PlayStation Network twice. The first security breach exposed customers' personal information to hackers, but not their credit card information. The second hack, disclosed in late April, did result in customers' credit card information being stolen. The pair of hacks affected 77 million people.
Result: Two weeks after the breach, Sony released a PlayStation 3 firmware update as a security patch. The firmware required users to change their password.
Global Payment Systems
March 2012
7 million customers affected
In the spring of 2012, the credit card processor service Global Payment Systems discovered that 1.5 million credit card records had been stolen from its system. Additionally, roughly 5.5 million consumer records were compromised, bringing the total to 7 million.
Result: As a result of the breach, Global Payments was delisted until it could prove it was in compliance with security standards. In April 2013, the payment card networks returned Global Payments its client list after it proved it was compliant with security standards.
Zappos
January 2012
24 million customers affected
In early 2012, the online retail store Zappos announced that it had been hacked, exposing the names, addresses, phone numbers, partial credit card numbers, and email addresses of 24 million customers.
Result: One day following the cyberattack, Zappos sent emails to all customers directing them to change their passwords.
Adobe Systems
October 2013
152 million customers affected
In October, the computer software company Adobe disclosed that hackers obtained personal data for almost 38 million of its customers, including names, credit and debit card numbers, and expiration dates. In November, it was discovered that the hackers had posted the personal data of more than 150 million Adobe users.
Adobe Call Center: 1-800-833-6687
For more information, Rhode Islanders may contact the Consumer Protection Unit at the Office of Attorney General at 401-274-4400 or by email at [email protected].
Target
December 2013
110 million customers affected
In December, Target announced that 40 million customer accounts were hacked stealing encrypted PIN numbers, credit and debit card numbers, card expiration dates, and the embedded code on the magnetic strip on the back of cars. Additionally, 70 million customers' personal information was compromised.
Target Call Center: 1-800-440-0680
For more information, Rhode Islanders may contact the Consumer Protection Unit at the Office of Attorney General at 401-274-4400 or by email at [email protected].
Neiman Marcus
January 2014
1.1 million customers affected
In January, high-end retailer Neiman Marcus revealed more than 1.1 million customers were affected in hack. Between July 2013 and October 2013, customer payment cards could have been potentially visible to hackers. Additionally, 2,400 unique customer payment cards used at Neiman Marcus stores were subsequently used fraudulently.
Neiman Marcus Call Center: 1-888-888-4757
For more information, Rhode Islanders may contact the Consumer Protection Unit at the Office of Attorney General at 401-274-4400 or by email at [email protected].
Yahoo
January 2014
Up to 81 million U.S. users
Late last month, Yahoo disclosed that Yahoo's email customers may have had their passwords compromised through a third-party application. The web company recently identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts, and notified RI Attorney General Peter Kilmartin. Upon discovery, the Company took action, urging users to reset passwords on impacted accounts.
Yahoo Call Center: 1-800-318-
Michaels Stores
January 2014
Number of affected customers yet to be determined
In January, Michaels Stores announced that it is investigating a possible data security breach that may have led to customers' debit and credit card information being compromised. Michaels has more than 1,250 locations in the United States, including four in Rhode Island.
Michaels Stores Call Center: 1-800-642-4235
For more information, Rhode Islanders may contact the Consumer Protection Unit at the Office of Attorney General at 401-274-4400 or by email at [email protected].
White Lodging - Marriott, Hilton, Sheraton, Westin
February 2014
Number of affected customers yet to be determined
This week, the hospitality company White Lodging Services announced that a data breach occurred at 14 of its properties including Marriott, Radisson, Renaissance, Sheraton, Westin and Holiday Inn franchises around the country. Compromised information may have included names printed on credit or debit cards, the actual numbers, the security codes and expiration dates.
White Lodging Call Center: 219-472-2900.
For more information, Rhode Islanders may contact the Consumer Protection Unit at the Office of Attorney General at 401-274-4400 or by email at [email protected].
