September 19, 2018 - A security research firm has reported the discovery of an exposed database containing nearly 11 million Yahoo email addresses according to ZDNet. The database also contained other personally identifiable information including names, partial physical addresses and gender information. Although the company owning the database was not named, the database is believed to belong to a digital marketing firm in California.
Based on other information in the 43 Gigabytes of unencrypted data, it appears that this same database was stolen and held for ransom at an earlier point. You might think that once you agreed to pay a ransom to get your computer data back that you'd then implement better security to make sure that never happened again. That apparently wasn’t on the cards here.
Whether or not this breach would trigger state data breach laws is unclear. In the data-set displayed on ZDNet, the record they showed had a field for street address, but that field was empty. If none of the records contain a full street address, this breach may not have reached the notification threshold. And it doesn't appear that the database contained anywhere near the amount of information needed to commit identity theft.
In California, personally identifiable information (PII) is defined as full name, or first initial or first initial and last name in combination with and SSN, driver's license number, account or credit card number in combination with security or PIN codes, medical information, and insurance information. California doesn't consider your street address to be part of PII but other states do.
What is clear is that nearly 11 million Yahoo email addresses were available for the taking to anyone who wanted them. If your address was included, there's a pretty good chance that you're going to see an increase in the amount of spam that you receive.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
|