Florida-based Unity Recovery Group is notifying patients of a HIPAA breach that involved disclosure of their protected healthy information to providers outside their network without prior written consent. The breach apparently began in April 2014 and continued for a full year, until it was discovered in April of this year, as their letter explains: We…
Month: May 2015
Safe and Vault Store Suffers Cyber Security Breach
Ionut Ilascu reports: An online vendor of physical safes and vaults has been hit by cybercriminals who planted malicious code on its eCommerce website and captured details of orders placed by customers. Although SafeandVaultStore touts its products as “the ultimate theft deterrent,” it looks like it failed to protect its online assets and left sensitive information belonging to…
Tidbit developer responds to settlement
Earlier today, I posted the press release from New Jersey about its settlement with Tidbit’s developer, Jeremy Rubin. Here’s his take on the issues and settlement: There are some good and bad parts of the settlement. Although I am unhappy with how it reads at a glance — it seems like a defeat — under closer inspection, you can…
Hacker accesses Gaana.com user data after site fails to respond to security alerts
Gwyn D’Mello reports that an online music site was hacked to make a point after they failed to secure their site despite multiple warnings: A white hat hacker used an exploit to gain access to Gaana.com user credentials, because they neglected to fix a security bug he reported. It seems Gaana.com was hacked a few…
New Jersey Settles Charges Against Tidbit Developer; Software Accessed New Jersey Computers Without Users’ Knowledge or Consent
Acting Attorney General John J. Hoffman and the New Jersey Division of Consumer Affairs obtained a settlement with the developer of “Tidbit,” a software code designed to help websites generate revenue by using their viewers’ computers to mine for the virtual currency known as Bitcoin. A New Jersey Division of Consumer Affairs investigation has found…
Dutch upper house approves data breach reporting requirement
Telecompaper reports: The Dutch upper house of parliament has approved a legislative amendment on tightening requirements for reporting data breaches and increasing the privacy regulator CBP’s sanctions powers. The lower house approved the legislation in February. Under the changes, a data breach must be reported to the CBP if it impacts security and has a…