Lucian Constantin reports: A vulnerability in an Android component shipped with phones that use Qualcomm chips puts users’ text messages and call history at risk of theft. The flaw was found by security researchers from FireEye and was patched by Qualcomm in March. However, because the vulnerability was introduced five years ago, many affected devices…
Month: May 2016
UK: Employers vicariously liable for data breaches caused by rogue employees
Tim Hickman and Stephen Ravenscroft of White & Case LLP write: In April 2016, the High Court of England and Wales issued its judgment in Axon v Ministry of Defence [2016] EWHC 787 (QB). The court emphasised (albeit obiter) the fact that employers can be liable for data breaches caused by rogue employees (in the present case,…
Northwestern U. notifies employees after breach involving W-2 Express
So, as I had guessed, it’s not just Stanford University and Kroger who are notifying employees that criminals managed to access the database of W-2 Express, an Equifax service. While the W-2 Express database does not appear to have been hacked, criminals have managed to access it by using login credentials possibly acquired in other…
I never meant harm, says student who hacked Canada Revenue to show vulnerability to Heartbleed virus
There’s an update to the hack of the Canada Revenue Agency, first disclosed in April 2014 and the young man who was charged in the case. Jane Sims reports: A student computer whiz who stole 900 social insurance numbers from the files of the Canada Revenue Agency to demonstrate its online vulnerability pleaded guilty and apologized on…
Mail.ru denies mass password breach; researcher stands by findings
Eric Auchard of Reuters reports: Russia’s top Internet company, Mail.ru said on Friday a sliver of its users’ email accounts was vulnerable while denying that tens of millions of other users were at risk after researchers found its data circulating among cyber criminals. […] In a statement, the Moscow-based company said its own study of…
Ohio Department of Mental Health and Addiction Services (OhioMHAS) notifies patients of PHI exposure
This April 22nd notice seems to have flown under the media radar: The Ohio Department of Mental Health and Addiction Services (OhioMHAS) today notified the public of a privacy incident involving protected health information (PHI). The issue involves a February 2016 postcard sent to consumers of mental health services inviting participation in a satisfaction survey….