Hackers Breach Catholic Agency’s Security, Stalk 2-Year-Old Indiana Girl, and Access U. of R.I. Women’s Emails


Just another week in ThreatWatch, our regularly updated index of noteworthy data breaches.

In case you missed our coverage this week in ThreatWatchNextgov’s regularly updated index of cyber breaches:

Hack Attack Hits Catholic Agency Workers

The problem surfaced in late July, when IT staff for the Michigan Catholic Conference found a suspicious file deep within the organization's computer network. 

Work sites affected included Catholic churches, schools, hospitals, orphanages and diocesan offices. 

It is likely the attackers got away with employee names, Social Security numbers, dates of birth, addresses and monthly wage amounts. 

“I cannot tell you how many prayers have been said in this organization in the last two weeks about this,” said David Maluchnik, communications director for the Michigan Catholic Conference. “God forbid, if something like this were to happen again, the only information that a hacker would get is a series of numbers” and not employee names. 

Man Stalks Child through Baby Monitor Video

After an Indianapolis couple forgot to change a factory pre-set username and password on their baby monitoring system, a hacker was able to access the device’s video camera with relative ease.

The Denmans were using the system to keep an eye on their 2-year-old daughter.

On Wednesday, the child was playing at home with her mother when, suddenly, music started coming from the baby monitor. The song that was playing: “Every Breath You Take” by The Police.

Jared Denman said, “He started doing sexual noises on the camera.”

An online search for families similarly victimized led to the discovery of several videos with the same song playing over the speakers. “It agitated me a lot because who is to know if those people are even aware that the videos have been posted online,” Denman said.

Travel Operator Thomson Leaks Customer Data

The U.K. vacation services company accidentally exposed personal information on 458 clients in an email. 

The data affected includes customer home addresses, telephone numbers and flight dates.

A statement from the company said it is aware of having wrongly exposed "a small number of customers' information.

"The error was identified very quickly and the email was recalled, which was successful in a significant number of cases…We are urgently investigating the matter to ensure that this situation will not be repeated."

Thousands of Women’s Email Accounts Hacked at University of Rhode Island

A data breach potentially compromised the usernames and passwords of predominantly female current and former students.

"We've determined that the file contains almost entirely females -- 97 percent," said Linda Acciardo, URI's communications director. Without elaborating, she called that fact "an additional concern."

The breach has potentially exposed not only school email addresses and passwords, but also personal email addresses and passwords, such as those for Facebook, Yahoo and Gmail.

(Image via / Shutterstock.com)