After a public comment period, the Federal Trade Commission has approved a final order resolving the Commission’s complaint against Oracle alleging that the company deceived consumers about the security provided by updates to its Java Platform Standard Edition software. The settlement was first announced in December 2015. In its complaint, the FTC alleged that Oracle was aware…
Month: March 2016
WA: Olympia man suspected of stealing hard drives from federal offices
Amelia Dickson reports: A Thurston County judge has set bail at $10,000 for Nicholas W. Perring, an Olympia man suspected of stealing hard drives containing names and Social Security numbers from a federal office. […] According to court documents, Perring is suspected of breaking into four offices, all at 701 Capitol Way S., on two…
NZ: Case note 269784: Employee repeatedly accessed health records without proper reason
There has been a new finding in an investigation by the Privacy Commissioner of New Zealand that is especially worth noting for it’s “small breach, big impact” value. Because the health agency is not named, it’s not clear to me whether this incident had been reported in the media and on this site previously: The…
Vulnerabilities in a Third-Party Healthcare Payment Processor
Randy Westergren looked into Christiana Care’s online payment portal, which involves a third party payment processor developed by BYL Companies, LLC. What Randy found was very concerning, and he promptly notified BYL of his findings. You can read his write-up of it all on his site. So here’s the thing: how many people may have actually exploited the vulnerability…
NY: Nurse who took pics of patients’ private parts at Syracuse hospital turns in license
James T. Mulder reports a follow-up on a very disturbing patient privacy breach: A nurse who took photos of an unconscious [SUNY] Upstate University Hospital patient’s penis with her smart phone has turned in her nursing license. The state Education Department announced it has approved a request from Kristen Johnson, 27, of Fulton to surrender her…
Grand Ole Opry Parent Company Falls Victim to Phishing Scam
Today’s reminder that we’re not done with all the phishing that snagged employee W-2 data. Nashville’s Ryman Hospitality Properties has fallen victim to a fraudulent phishing scam that resulted in employees’ IRS W-2 information, which includes Social Security numbers, being disclosed externally, Billboard has learned. The company is parent to entertainment brands the Grand Ole Opry, Nashville’s historic Ryman Auditorium and legendary…