From Code.org’s blog, yesterday: Some volunteer email addresses compromised 🙁 On Friday night we discovered and fixed an error in the Code.org site that allowed access to our volunteer email addresses. This wasn’t a case of hackers breaching our security systems, rather it was our mistake of leaving volunteer email addresses accessible via the web…
Month: March 2016
Security Researchers Challenge Claims Data Breaches Increasing
Impressions on the rate of incidents based on headlines can be misleading. Because more media outlets now report on incidents doesn’t mean that the actual rate of incidents has increased over years, as Robert Lemos reports: In April 2015, the U.S. Department of Energy responded to Freedom of Information Act (FOIA) request from USA Today by releasing…
OH: Information on some Geauga Medical Center patients improperly accessed
Andrew Cass reports: A former University Hospitals employee improperly accessed medical information of 677 patients at UH Geauga Medical Center, including personal information, according to a news release from UH. The information that may have been accessed includes names, dates of birth, medical record numbers and health information related to medications. According to the release,…
Karmanos Cancer Center discloses lost flash drive contained patient info
It’s 2016. Why are people still mailing unencrypted flash drives with protected health information? This should be an automatic monetary penalty from OCR. It’s not, but it should be by now. Fox47 in Detroit reports that the Barbara Ann Karmanos Cancer Center is notifying 2,808 patients and family members after they lost an unencrypted flash drive…
Malware suspected in Bangladesh bank heist: officials
Serajul Quadir reports: Investigators suspect unknown hackers installed malware in the Bangladesh central bank’s computer systems and watched, probably for weeks, for how to go about withdrawing money from its U.S. account, two bank officials briefed on the matter said on Friday. More than a month after hackers breached Bangladesh Bank’s systems and attempted to…
HawkingTech.com compromised – again
Well, I emailed Hawking Technology (HawkingTech.com) on March 8 and again on March 10, and they never replied, but because some of their data have been publicly dumped, I may as well post this. There were over 25,000 rows with fields for username, password, and email address in the data dump. The passwords were MD5 and easily cracked, including…