Monday, July 20, 2015

My requests to NJ Dept. Of Homeland Security and NJ AG re: Jersey Shore waterpark's cybersecurity breach

source

Via Bamboozled: Breakwater Beach security breach puts hundreds of employee documents online by Karin Price Mueller, NJ Advance Media for NJ.com, July 9, 2015:
Hundreds of documents containing personal information of some employees at Jenkinson's Breakwater Beach Waterpark at Casino Pier in Seaside Heights have been available online to anyone who clicks in the right place, Bamboozled has learned.

The documents include copies of Social Security cards, driver's licenses, birth certificates, passports, student IDs, tax forms, seasonal work agreements, minor consent forms and employment eligibility forms from the Department of Homeland Security.

..."In a word, 'Wow,'" said Mitch Feather of Creative Associates, a Madison-based cybersecurity firm after reviewing the web site. "This is a case that everything is here for somebody to do an impersonation."

...Earlier this week, (Peter) Heimlich checked the Breakwater Beach site...(and) came across the personnel information.

"It couldn't have been easier (to find)" he said.

...We asked Feather, the cybersecurity expert, to take a look at the site before it was shut down.

"The site had exposed a treasure-trove of information," Feather said.

He said anyone could take the documentation and set up loans, health insurance and more, all in a victim's name.

Feather said cyber incidents like these should be reported to the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) at www.cyber.nj.gov/report, or you can email njccic@cyber.nj.gov.
Last week I sent the following identical requests to that agency and to the NJ Attorney General's Division of Consumer Affairs.