Byron Acohido reports; Ethical hacker Bryan Seely of Seattle-based Seely Security showed how MBIA has long been exposing details of municipal bond and investment management accounts in a way that made it easy for criminals to transfer funds from existing accounts into newly created ones they control. There’s no evidence any theft took place, only because the…
Month: October 2014
Cyberswim notifying online customers of breach at web host (UPDATED)
Uh oh. Any consumer notification template that reports a breach due to malware injection on the web host’s server and/or includes [INSERT SITE NAME HERE] doesn’t bode well, especially when the compromise lasted for more than three months before being detected. See Cyberswim‘s template notification letter, here (pdf). I don’t see any notification on their web site…
Did MCCCD leadership shut their eyes to a database security assessment for plausible deniability in litigation?
A former Maricopa County Community College District employee alleges executive leadership closed their eyes to a report on their database security conducted after their massive data breach in 2013 so they would have plausible deniability in any litigation. As a result, the employee alleges, the findings were never shared with those tasked with securing MCCCD’s data assets. In November…
HHS Names New ONC Privacy Chief
Marianne Kolbasuk McGee reports: The Department of Health and Human Services has appointed Lucia Savage, an attorney at insurer United Healthcare, as the new chief privacy officer of the Office of the National Coordinator for Health IT. ONC is best known for its work on guidelines for the HITECH Act’s electronic health records incentive program, but its projects are changing…
Lawyers Ask California's Supreme Court to Review Medical Data Breach Case
Marisa Kendall reports: It’s time for the state’s highest court to determine when to hold a medical care provider liable for compromised patient data, according to plaintiffs lawyers who lost a privacy case against Sutter Medical Foundation this summer. The lawyers argue state appellate courts are at odds over whether the theft of patient records…
Dropbox passwords leak: Hundreds of accounts hacked after third-party security breach (update – not Dropbox accounts)
Update: leaked login credentials claimed to be associated with Dropbox accounts are not Dropbox accounts, according to Dropbox. Rose Troup Buchanan reports: Hundreds of passwords to Dropbox accounts have been leaked in the latest security breach, with hackers threatening to release millions more account details in exchange for Bitcoin. Hackers, who were apparently able to access logins and…