Hackers Pocket Credit Cards While Processing USPS Mail, Snap Selfies with Dying Patients and Leak DNC Donor Voicemails
Just another week in ThreatWatch, our regularly updated index of noteworthy data breaches.
In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:
Former USPS Worker Allegedly Ripped Credit Cards from Envelopes to Buy Designer Handbags, Cars
An ex-U.S. Postal Service processing clerk has been charged with stealing credit cards from undelivered mail while working at a USPS center in California.
Chinh Vuong, 48, allegedly made at least $6,000 a month by selling the credit cards. He is accused of then spending the money on luxury items including designer handbags, boots and cars.
It’s unclear how long he had been illegally opening mail to pocket payment cards and sell the data. But during at least one year, he allegedly stole 6,240 credit cards by stuffing them into his waistband and then carrying them out to his car on his break.
Vuong had worked as a mail clerk since 1989.
As part of the scheme, he would steal cards issued to customers of Chase Bank and American Express and then sell 11 cards for $500, or 132 cards for $5,000, court documents say.
Beginning in June 2015, he allegedly sold hundreds of cards to two people whom he thought were customers but actually worked as law enforcement informants.
Last October, authorities searched his home and seized 199 stolen credit cards and luxury items bought using money from the scam, including two BMWs and about two dozen handbags made by brands including Prada, Louis Vuitton and Gucci, prosecutors said.
Paramedics Snapped Selfies with Unconscious Patients inside Ambulances
A pair of Emergency Medical Services personnel in Florida allegedly used their cellphones to take selfies and videos with patients inside ambulances, over an 8-month period.
Former Okaloosa County, Florida, paramedic Kayla Renee Dubois, 24, was arrested July 21, while the other suspect, Christopher Wimmer, 33, turned himself in to police that afternoon.
In one instance, Wimmer allegedly held open the eyelid of a sedated patient for a selfie. Investigators say he also posed with an elderly woman with her breast exposed.
Two of the patients pictured have died and three photos appear consensual. Of the remaining patients, 19 are female, 17 are male. Five of the individuals are homeless.
A 2-month long investigation was launched May 13, 2016, after a public safety official in Okaloosa County learned of the allegations from three other Emergency Medical Services employees a week earlier. A criminal investigation revealed "the defendants exchanged texts challenging each other to produce more selfies and to 'step up' their game."
"The patients were intubated sedated and otherwise unconscious," Okaloosa County Sheriff Larry Ashley said. "It was a sick juvenile game, I don't know any other way to describe it ... It was a game of who can be the most vile, who can I get a picture with, it's humiliating."
"This has more to do with an invasion of privacy and respect than anything," he added.
Selfies were shared with three other paramedics involved and possibly millions more on social media.
One of the victims was an Okaloosa County Sheriff's Deputy.
Officials said most of the victims have been notified and it was a complete violation of the Health Insurance Portability and Accountability Act.
County officials say all personal cellphones have now been banned from ambulances. Each EMT is provided a work cellphone. On those devices, the option to record video and take pictures is disabled.
U.S. Citibank Employee Erases Company's Servers, Crippling 110 Branches
The now former worker has been sentenced to nearly two years in jail after pleading guilty to issuing commands that wiped the configuration files on 10 core routers on the financial institution’s internal network.
The hack Lennon Ray Brown, 38, executed in December 2013 affected data network and phone access at branches nationwide – about 90 percent of all Citibank branch offices.
Brown's actions came after he had been reprimanded for poor performance by a manager.
He uploaded a series of commands to Citibank's Global Control Center routers, deleting the config files for nine of the routers and causing traffic to be re-routed through a set of backup routers. While there was not a complete outage, the re-routing led to "congestion" on the network and at branch offices, according to court records.
Brown said the following in a text message to a coworker shortly after the incident:
They was firing me. I just beat them to it. Nothing personal, the upper management need to see what they guys on the floor is capable of doing when they keep getting mistreated. I took one for the team.
Sorry if I made my peers look bad, but sometimes it take something like what I did to wake the upper management up.
WikiLeaks Uploads DNC Voicemails from Annoyed Donors
In one of the 29 hacked Democratic National Committee audio messages released, a funder complained the party was pandering to then-presidential nominee Bernie Sanders.
The series of voicemails show funders “plying top-level officials for favors,” CNN reports.
For example, a woman supporting Democratic presidential nominee Hillary Clinton phoned the party’s finance director and said she was angry the party was letting liberal activist and prominent Sanders surrogate Cornel West have a seat on the party's platform-writing panel.
"I'm furious about what you are doing for Bernie Sanders, he's getting way too much influence. I'm on a fixed income, I spent over $300, donated to Hillary, what I see is the DNC bending over backwards for Bernie and Bernie is the worst person in the world to even be running in the Democratic Party, because he's not a Democrat," said the unidentified woman in a voicemail sent to the director’s DNC email account.
The voicemails are related to the 20,000-some hacked DNC emails that WikiLeaks published earlier this week, which indicated elements within the supposedly neutral DNC were working to help Clinton clinch the nomination.
Most of the released voicemails amount to innocuous messages from one person trying to reach someone else.