Stop IT Incompetence masthead.
Stop IT Incompetence motto.

Data Breaches tab.

Not black hat hacker Einstein, bad coding clown.

Data Breaches

Whenever there is a data breach (hacking), to cover up their negligence the (ir)responsible organization claims it was a "sophisticated" hacking, pretending it was done by hacker geniuses — so there was nothing the organization could have done about it — and not by the organization's IT incompetence. But data breaches are caused by IT incompetence, i.e. IT incompetents, not black hat hacker Einsteins. Period.

To understand IT incompetence and thus data breaches be sure to read the Principles of IT Incompetence, particularly Why Stop IT Incompetence? Data Breaches.

Then read the Expert News articles and blurbs below about particular data breaches.

Southern Nuclear power plants Vogtle, Hatch, and Farley photos, Chernobyl meltdown photo, Russian President Vladimir Putin photo, hacker image, Russian flag, Bitcoin logo, Southern Nuclear CIO Martin Davis photo, woman clown photo, Southern Nuclear logo on white flag, NRC logo on white flag, NRC CIO David Nelson photo, masked clown photo.

Ransomwared Nuclear Power Plants Upwind of Major U.S. Cities

By Duane Thresher, Ph.D.          June 6, 2021

On the 77th anniversary of D-Day, in memory of those who actually fought and died to protect America.

As I emailed to news outlets in the major cities downwind of the very possibly ransomwared nuclear power plants, in summary of U.S. Surrenders in IT War, Starts Paying Tribute to Russia:
You are aware of the Russian-backed hacking and ransomwaring of Colonial Pipeline and the devastating effect on the south and east coast.

The Colonial Pipeline executive responsible for allowing this is IT incompetent Chief Information Officer (CIO) Marie Mouchet, whose only education is as an elementary school teacher. Before she became Colonial Pipeline CIO several years ago she was CIO for Southern Nuclear, which operates three nuclear power plants (currently two reactors each):

Colonial Pipeline facility photo, Colonial Pipeline logo on white flag, Southern Nuclear facility photo, Southern Nuclear logo on white flag, Russian President Vladimir Putin photo, hacker image, Russian flag, Bitcoin logo, Colonial Pipeline CIO Marie Mouchet photo, woman clown photo, FBI Cyber Division head Bryan Vorndran photo, masked clown photo, President of United States Joe Biden photo, invalid Captain Christopher Pike photo from original Star Trek series.

U.S. Surrenders in IT War, Starts Paying Tribute to Russia

By Duane Thresher, Ph.D.          May 31, 2021

On Memorial Day, in memory of those who actually fought and died to protect America.

Colonial Pipeline Company is a corporation headquartered near Atlanta Georgia, like also-hacked Equifax is. Like most large corporations, it is incorporated in Delaware, to take advantage of their corporate law and proximity to Washington DC. Colonial Pipeline Company's largest shareholder is Koch Industries, the private corporation owned by the Koch brothers, well-known conservative donors. The majority of Colonial Pipeline Company however, is owned by foreigners. Colonial Pipeline owns a critical pipeline, actually two, that runs from a refinery near Houston Texas (been there) up the East Coast to New York City (lived there), through major cities, including Atlanta, or with branches to them, including Richmond Virginia (been and go there) and Washington DC (been and go there). One pipeline carries gasoline, for cars at filling stations, and one pipeline carries diesel fuel, for trucks at filling stations, and jet fuel for airplanes, including directly to major airports along the way. If the flow of Colonial Pipeline is interrupted, transportation in the most densely populated part of the U.S. can be dangerously interrupted. Colonial Pipeline is thus a strategic military target.

Microsoft/ABPAC/India logo, Brad Smith photo, Satya Nadella photo, John Thompson photo, David Brock photo, Suzan DelBene photo, Kurt DelBene photo, evil business clown, Kevin Scott photo, Rajesh Jha photo, hacker, Outlook logo, Exchange logo, federal seals, HACKED.

Microsoft Guilty But Protected by NSA, AB PAC, India, and DelBenes

By Duane Thresher, Ph.D.          March 22, 2021

IT incompetent Microsoft is guilty of The Doomsday Microsoft Government Email Data Breach and Doomsday II: The Massive Microsoft Email Data Breach Sequel and should be in serious, even terminal, legal and public relations/business trouble for it, but remains untouchable. This is because Microsoft is being protected, for several reasons, by those in and closely tied to the federal government. First, Microsoft has become inherent in federal government IT over the decades and it's too late for the federal government to do anything but defend Microsoft, no matter how disastrously IT incompetent they are. Second, Microsoft has colluded with the National Security Agency (NSA) to spy on Americans and is being rewarded for that by the federal government. Third, Microsoft, via its IT incompetent leadership, including those from India, has paid for many elected federal officials. These include U.S. Representative Suzan DelBene from Washington state, home of Microsoft, who used to be a Microsoft executive, and whose husband Kurt DelBene is a longtime Microsoft executive, except for when he was appointed by the federal government to implement, which was hacked at implementation; see Hacked. While at Microsoft, IT incompetent Kurt DelBene managed both Outlook, implicated in The Doomsday Microsoft Government Email Data Breach, and Exchange, implicated in Doomsday II: The Massive Microsoft Email Data Breach Sequel. Not to mention — and no one does — Microsoft liberally supports the dirty tricks political action committee, AB PAC.

Microsoft logo, Brad Smith photo, Satya Nadella photo, blindfolded clown lawyer photo, James Duff photo, blind leading blind justice off a cliff, hacker, federal seals, PACER logo, CM/ECF logo, HACKED.

Federal Judiciary Reacts To Hackers: Evidence Tampering OK, Exposing NSA Surveillance Not

By Duane Thresher, Ph.D.          March 17, 2021

As I showed in Hackers Own The Federal Legal System, the federal judicial system has been taken over by hackers and the federal judiciary has admitted to this and reacted. Their reaction were orders on Highly Sensitive Documents (HSDs) reworded from a directive by the same IT incompetent agency — the Administrative Office of the United States Courts (AO), particularly its director appointed by the Chief Justice of the Supreme Court — that allowed itself to be hacked in the first place and is responsible for taking care of all documents (evidence documents and court documents), now all electronic, in the federal judicial system. These orders completely ignore the document tampering — to change court decisions — that will now occur, which was the main focus of Hackers Own The Federal Legal System, and only try to keep confidential the documents, HSDs, they consider important. What the AO considers HSDs that they will really try to protect now and non-HSDs that they will leave to the hackers, since they have been hacked permanently and undetectably, is outrageously self-serving. How the AO plans to keep HSDs confidential, when they already have a procedure for sealed and confidential documents that was hacked, is dangerously IT incompetent.

Microsoft logo, Brad Smith photo, Satya Nadella photo, Abbott and Costello cops photo, Davison Douglas and David Novak photo, Outlook logo, Exchange logo, PACER logo, CM/ECF logo, hacker, federal law seals, HACKED.

Hackers Own The Federal Legal System

By Duane Thresher, Ph.D.          March 12, 2021

One of the most important implications of The Doomsday Microsoft Government Email Data Breach and Doomsday II: The Massive Microsoft Email Data Breach Sequel is that hackers "own" the U.S. federal legal system, which consists of the legal departments and agencies of the executive branch and the entire judicial branch of the federal government. These organizations all used Microsoft email in some way so had their networks of computers hacked into, permanently and undetectably. The very foundation of the legal system, and what is assumed by it, is that police evidence (usually documents) and court documents have not been tampered with, but hackers can now undetectably tamper with these documents at will since these documents are all digital (a.k.a. electronic) and on computers these days. All judicial decisions are now questionable (including in some of my own cases), as some enterprising defense lawyer will soon point out to his guilty client's advantage. It's far worse than even Equifax Dead: Hacked So Credit Reports Worthless. Additionally, many court documents contain sensitive information that could be used to hurt the people involved and is supposed to be kept confidential, and all this is now available to hackers. The only solution is to go back to paper only documents, mailing them, and physical security for them. This will not only make the legal process more secure, but more fair, as guaranteed by the Fifth Amendment right to due process.

Microsoft logo, Microsoft Exchange logo, Microsoft CEO Satya Nadella, China/Russia/India flags, hacker, the world, HACKED.

Doomsday II: The Massive Microsoft Email Data Breach Sequel

By Duane Thresher, Ph.D.          March 8, 2021

Only IT incompetent megacorporation Microsoft could have an oxymoron like Doomsday II, the sequel to the end of the world, in this case the sequel to The Doomsday Microsoft Government Email Data Breach. But perhaps it should be seen as taking doomsday on the road. The first Microsoft email doomsday data breach destroyed U.S. Government IT and the sequel is being called a global crisis, having also destroyed the IT of foreign governments and institutions. At least the IT incompetent media realized this time that it was Microsoft's fault — they call it the Microsoft Exchange Cyberattack — which they didn't last time. The first Microsoft email doomsday data breach was due to Microsoft's Outlook email, in all its various guises, and this sequel Microsoft email doomsday data breach is due to Microsoft's Exchange, which is their email server. Here I explain all this and how they are related.

Microsoft logo, Microsoft Outlook logo, Microsoft CEO Satya Nadella, China/Russia/India flags, hacker, 16 federal government department and agency seals, HACKED.

The Doomsday Microsoft Government Email Data Breach

By Duane Thresher, Ph.D.          February 22, 2021

As Apscitu has been warning for years, since its inception, particularly through Stop IT Incompetence, the IT Incompetents Hall Of Shame (Government, Business, and Media), and Apscitu Mail, there has been a doomsday data breach of the federal government's email and (then) networks, and this was due to government IT incompetence, not the supposedly sophisticated foreign government hackers. This doomsday data breach was finally admitted to by the federal government starting in December 2020 and continuing, but may have been going on undetected for many months or even years and may still be going on undetected.

Those who have even a clue about this data breach, which doesn't include the media, are calling it the most massive — and not just yet another most massive — (thus worst) data breach in history, whose vast effects will be the major national security risk for many years into the future, if the United States survives it at all; hence "doomsday data breach". ...

Apscitu Puzzle #6.

Apscitu Puzzle #6 — For Halloween

          October 31, 2020

A terrifying puzzle for Halloween. If it doesn't terrify you, that in itself is terrifying.

Download a pdf of Apscitu Puzzle #6 here. For puzzle background and discussion, which may help doing the puzzle, see the March 14, 2020 article, Introducing Apscitu Puzzles, including doing Apscitu Puzzle #1 if you haven't yet.

Apscitu Puzzle #5.

Apscitu Puzzle #5 — For 9/11

          September 11, 2020

In honor of the 3000 who needlessly died from IT incompetence. (I, Dr. Duane Thresher, was living in Manhattan on 9/11, directly under the flight path of the low-flying planes, which shook my apartment building.)

Download a pdf of Apscitu Puzzle #5 here. For puzzle background and discussion, which may help doing the puzzle, see the March 14, 2020 article, Introducing Apscitu Puzzles, including doing Apscitu Puzzle #1 if you haven't yet.

Experian hacked Sep 2013 - Sep 2015; hacked Oct 2013 - Sep 2015. Hacked

By Duane Thresher, Ph.D.          July 25, 2020, the Obamacare website, was launched in October 2013. Its launch was universally considered a monumental disaster and this was largely due to the IT incompetence of the website's foreign (Canadian) developers. There had been great concern would be hacked. When that didn't happen immediately it was taken as proof that its IT was secure. However, absence of evidence is not evidence of absence. Most hackers want to steal sensitive data, particularly identity data, undetected, and go to a lot of trouble for the undetected part, since it means they can continue to steal data, which is constantly updated, for years. Data breaches are thus often not discovered, and made public, until years later, if ever. In early March 2020, I made the shocking discovery, reported nowhere else, that, via Experian, had been hacked from its launch in October 2013 until September 2015, i.e. for 2 years.

No Twitter, fake Trump tweeting, nuclear explosion, Twitter dunce, hash, Apscitu.

Apscitu Warned of Twitter Hacking Two Years Ago

By Duane Thresher, Ph.D.          July 24, 2020

It was reported that in mid-July, Twitter, in its worst data breach yet, was hacked such that hackers could tweet from the accounts of the rich and powerful — e.g. Jeff Bezos, Elon Musk, Bill Gates, Joe Biden, Barack Obama — in order to fool their followers into sending the hackers money via Bitcoin. Over two years ago I warned, including the Trump Administration, about the dangers of the rich and powerful using Twitter in Trump Using Twitter is a National Security Risk (February 2018) and about how IT incompetent Twitter was in How Twitter Made a Hash of Passwords (May 2018).

As reported, badly, by the IT incompetent media, once the hackers had control of the accounts of such rich and powerful Twitter users, they made tweets like "Everyone is asking me to give back. You send me $1,000, I send you back $2,000." along with a Bitcoin account number (address). While it is difficult to trace the owner of a Bitcoin account, how much is in the account is (by design) public knowledge and easily checked. Apparently this Twitter Bitcoin scam was quite successful — people believe such rich and powerful people wouldn't lie — garnering over $120,000 in just a few hours.

Apscitu Puzzle #2.

Apscitu Puzzle #2 — For The Coronavirus Scare

          April 15, 2020

A puzzle to do during, and a puzzle relevant to, the Coronavirus Scare, the most destructive delusion ever perpetrated by the media, politicians, and scientists; one for the books, like Extraordinary Popular Delusions and the Madness of Crowds. See Coronavirus and Spam: The Fear Is Worse Than The Disease.

Download a pdf of Apscitu Puzzle #2 here. For puzzle background and discussion, which may help doing the puzzle, see the March 14, 2020 article, Introducing Apscitu Puzzles, including doing Apscitu Puzzle #1 if you haven't yet.

NSA seal, CIA seal, IT, clown, airliners crashing into World Trade Center towers.

9/11 Was Due to IT Incompetence

By Duane Thresher, Ph.D.          September 11, 2019

Today is the 18th anniversary of 9/11, which occurred in 2001. I was living in New York City (Manhattan) at the time, where both World Trade Center towers were brought down by foreign terrorists in hijacked airliners. I had been to the publicly-accessible tower top many times and it was weird trying to navigate the city without the towers. Living in NYC right after 9/11, waiting for the next attack, was scary.

The National Security Agency (NSA) and the Central Intelligence Agency (CIA) are the U.S. Government organizations tasked with protecting us from foreign threats like 9/11. Their spectacular failure to prevent 9/11 — which all the evidence indicates should have been possible — was due to IT incompetence.

Booz Allen logos, NSA IT seal, Edward Snowden, DHS Cyber seal, Fake, SEC C*O seal, bandit clown.

Booz Hacks Fed IT, Makes It Incompetent, Insecure, Bankrupt

By Duane Thresher, Ph.D.          November 15, 2018

Booz Allen Hamilton (a.k.a. Booz) was just awarded a $2.5 billion 10-year IT (which includes cybersecurity) contract by the Securities and Exchange Commission (SEC), with the help of the IT incompetent SEC Chief Information Officer (CIO) Chuck Riddle and the IT incompetent SEC Chief Information Security Officer (CISO) Andrew Krug, who are both former Booz employees (a.k.a. Boozers). High school dropout and traitor Edward Snowden, who hacked the National Security Agency (NSA) then fled to Russia to avoid capture and execution for espionage, was also a Booz employee at the time. IT incompetent Jeanette Manfra, Department of Homeland Security (DHS) Assistant Secretary for Cybersecurity, is also a former Booz employee. All, except possibly Snowden, are in line to be rewarded with high-paid executive positions at Booz after they go through the government-business revolving door once again.

Yahoo then Facebook dunce CISO Alex Stamos.

Yahoo-Then-Facebook CISO Alex Stamos Allows Yet Another Massive Data Breach

By Duane Thresher, Ph.D.          September 29, 2018

Yesterday, Facebook admitted to yet another massive data breach; 50 million user accounts compromised. Alex Stamos was (Jun 2015 – Aug 2018) Facebook's Chief Information Security Officer (CISO a.k.a. CSO) when the hole that allowed the breach was introduced into Facebook's code (Jul 2017). Stamos was (Mar 2014 – Jun 2015) also CISO of Yahoo during their two massive data breaches (late 2014); 500 million and 1 billion user accounts compromised. Stamos staggeringly exemplifies another aspect of IT incompetence: being overwhelmingly more interested in imposing his political beliefs on customers than in being competent at his high-paid IT job.

Left: Twitter logo bird wearing dunce cap and hash mark.  Right: A can of roast beef hash.

How Twitter Made a Hash of Passwords

By Duane Thresher, Ph.D.          May 4, 2018

Yesterday it was reported that Twitter user passwords may have been exposed, at least to Twitter employees, which may be a bigger security risk than you think, and any Twitter hackers. The descriptions of the technical aspects of this story in the IT incompetent media have been awful, to say the least. Here is the best description, one boiled down to its understandable essentials, from an actual IT expert.

When you are at your computer or smartphone and want to log in to Twitter you enter your password into the browser or app. (Probably you have your computer or smartphone remember the password for you but that is not important here.)

Photo of Equifax's tombstone.

Equifax Dead: Hacked So Credit Reports Worthless

By Duane Thresher, Ph.D.          April 5, 2018

Last year Equifax allowed the worst data breach in history and the legal fallout continues. Everyone assumes that the worst result of the Equifax hacking was that hundreds of millions of people, including those at sensitive government agencies, like national security agencies, had their most personal financial information given to hackers. That is indeed horrendous but that may not be the worst of it. No one has considered that with Equifax hacked its credit reports are worthless, even illegal, since the Equifax hacking may have been to change credit reports, not just steal data.

Everyone knows how important credit reports are. They are essentially used to determine where you can work and live. Even before the hacking, Equifax had major problems making sure the data it gathered was correct, and had been successfully sued numerous times for getting it wrong and harming people. Trying to discover what data for hundreds of millions of people has been changed by hackers is well beyond the capabilities of Equifax IT.

Photos of James Comey and Michael Horowitz.

FBI Hacking Investigation Negligence Lawsuit

By Duane Thresher, Ph.D.          February 22, 2018

My family and I, particularly our young daughter, were the victims of not one but two(!) health insurance company data breaches: Montana Department of Public Health and Human Services and Premera Blue Cross. At the time (2013 – 2015) these were two of the worst data breaches ever.

It was officially pretended that identity theft was the only concern from these so only cheap credit monitoring (probably using the now-hacked Equifax) for a couple of years needed to be offered as a remedy. However, child abductors, including pedophiles, find this information invaluable since it includes names, addresses and medical records, which is personal information that greatly aids a child abductor.