Oh, wonderful. The American Dental Association (ADA) says it may have inadvertently mailed malware-laced USB thumb drives to thousands of dental offices nationwide. The problem first came to light in a post on the DSL Reports Security Forum. DSLR member “Mike” from Pittsburgh got curious about the integrity of a USB drive that the ADA mailed to members to share updated…
Month: April 2016
Another Greenshades client discloses breach of employee info
Add University of the Southwest to your list of those notifying current and former employees that their W-2 or payroll information was accessed without authorization from their vendor, Greenshades. But don’t jump to conclude that the fault is with Greenshades, because the tax filing vendor says the problem is not with them. Following up on previous breach…
Amazon denies Movimiento Cuidadano’s claim that they were “hacked”
DataBreaches.net is not alone in being outraged that in response to a massive data leak that put the information of 87 million Mexican voters at risk, Movimiento Ciudadano appears to be falsely claiming that the voter data list they stored on Amazon cloud was “hacked.” The political party has been repeating that false claim on Twitter and in…
American Samoa Domain Registry Was Exposing Client Data Since the mid-1990s
Catalin Cimpanu reports: A British security researcher that goes online only by the name of InfoSec Guy revealed today that American Samoa domain registry ASNIC was using an outdated domain name management system that contained a bug allowing anyone to view the personal details of any .as domain owner. The researcher also claims that anyone…
Breach Response Portal Added by Massachusetts Regulator
Cynthia J. Larose of Mintz Levin writes: Pursuant to the Massachusetts data breach notification statute, M.G.L. 93H, notices must be provided to the affected resident, the Attorney General’s office and to the Office of Consumer Affairs and Business Regulation (OCABR). It is not enough that Massachusetts has a sui generis breach notice content statutory requirement (you must tell affected residents of the…
Movimiento Ciudadano admits it was their copy of the Mexican voter list on AWS, tries to deflect blame to researcher
A reader kindly informed me that Movimiento Ciudadano, one of the political parties that had legitimate access to Mexico’s voter data list, has admitted it was responsible for the leak on Amazon. Except that as I read more, I realized they weren’t really admitting they were responsible for the leak. I’ve been trying to read/translate a number…