It appears we have another criminal prosecution under HIPAA. In May 2014, ProMedica disclosed that almost 600 Bay Park Hospital patients were to be notified of an insider breach. In June, police announced that no criminal charges would be filed because their investigation found that no patient information such as social security numbers or financial…
Month: April 2015
Wellesley College data dumped; server vulnerable to SQLi
So yesterday, TeaMp0isoN’s timeline looked like this (click on image to enlarge): Then this happened: Creds to @_TeaMp0isoN_ For Vulnerability Alert. Login Drop. [url redacted by DataBreaches.net] — Chief (@Puttied) April 5, 2015 The data dump was prefaced with this message: DB Drop BY Chief(@Puttied). Site : http://mobius.wellesley.edu/ This is their latest Login DB as…
Tewskbury Police Pay Ransom After CryptoLocker Lockup
Jayne W. Miller reports that when Tewksbury Police discovered that the department’s network had been locked up by CryptoLocker last December, the town decided to pay the $500 bitcoin ransom. Of course, that’s exactly what experts recommend folks NOT do, as it only encourages more attacks on others, but hey, this is the same town that just…
Should security providers be held liable for data breaches?
Krishna Bahirwani reports: Black Hat Asia ended with a discussion started by Black Hat founder Jeff Moss on if security providers, should be held liable for data breaches, because of the critical data they claim to “secure”. The recent number of hacking incidents everywhere have made this a widespread issue and security professionals worldwide have…
Employees have no qualms in selling corporate passwords
Taylor Amerding reports: Plenty of people are careless with their own personal passwords – using the same one for multiple sites, and/or making them so simple that they are comically easy to crack – but hardly anyone would intentionally sell them for a few bucks to someone they know would use them to do them…
Change.org springs a leak, exposes private e-mail addresses [updated]
Earlier this week, Dan Goodin reported: Online petitions service Change.org has a website bug that’s disclosing e-mail addresses that presumably belong to current or former subscribers. Search results suggest the number could be thousands, but a Change.org official said it was about 100. The disclosure bug was active at the time this post was being…