Edgepark Medical Supplies in Ohio (RGH Enterprises) is notifying some patients that their personal information, including full credit card number in approximately 126 cases, may have been acquired in March 2013 due to a malware infection that evaded detection by their anti-virus software until December 2013. Upon discovery, the malware was removed and patients’ passwords…
Month: January 2014
David Nosal sentenced; case narrowed the definition of “exceeding authorized access” under CFAA (update1)
I’ve been following the David Nosal case on this blog since April 2011, when the Ninth Circuit held that an employee who violates his employer’s computer use policy is guilty of “exceeding authorized access” to the employer’s computer under the federal anti-hacking statute, CFAA. In June 2011, Nosal filed a petition for rehearing en banc (see…
INFORMATION SECURITY: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent – GAO Report
From the summary of GAO’s findings in INFORMATION SECURITY: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent (PDF, 67 pp.) The eight federal agencies GAO reviewed generally developed, but inconsistently implemented, policies and procedures for responding to a data breach involving personally identifiable information (PII) that addressed key practices specified…
The Coupons App – Android Coupons App leaks your personal information to everyone – Appthority
In this bad app report we’ll be looking at one of the most popular coupon apps for Android, and how it shares private data it collects from mobile devices. This app also illustrates how privacy issues can extend beyond just the servers used by the app from using HTML5, by mishandling private data, they have…
Hackers use Amazon cloud to scrape mass number of LinkedIn member profiles
Dan Goodin reports: LinkedIn is suing a gang of hackers who used Amazon’s cloud computing service to circumvent security measures and copy data from hundreds of thousands of member profiles each day. Read more on Ars Technica.
HHS Issues Proposed Rule on HIPAA and Firearm Background Check Reporting
Rachel Grunberger and Anna Kraus write: On January 7, 2014, the Department of Health and Human Services (HHS) published a notice of proposed rulemaking to modify the HIPAA Privacy Rule to expressly allow certain disclosures to the National Instant Criminal Background Check System (NICS). As we previously reported, this was one of the executive actions…