From the stop-me-if-you’ve-heard-this-one-before dept: Over on Daily Dot this morning, I reported that the FBI executed a search warrant at the home of researcher Justin Shafer. Shafer’s name will be familiar to regular readers of DataBreaches.net because he exposed a long-standing security vulnerability in Dentrix software and challenged Henry Schein’s claims that their product provided “encryption.” Our combined efforts resulted in…
Month: May 2016
NI Prison Service: data breach ‘not serious security threat’
Vincent Kearney reports: A data breach involving the personal details of hundreds of Northern Ireland Prison Service employees has been described as “a major embarrassment”. However, the BBC understands it is not being treated as a major security breach. A junior employee at the Department of Justice sent a spreadsheet with names and dates of…
Heads Up Internet: Time to Kill Another Dangerous CFAA Bill
Jamie Williams writes: The Computer Fraud and Abuse Act (CFAA), the federal “anti-hacking” statute, is long overdue for reform. The 1986 law—which was prompted in part by fear generated by the 1983 technothriller WarGames—is vague, draconian, and notoriously out of touch with how we use computers today. Unfortunately, Sens. Sheldon Whitehouse and Lindsey Graham are on a mission…
8th Circuit Upholds Data Breach Coverage for Bank Loss Following Hacker’s Fraudulent Transfer
Ken Kronstadt and Crystal Skelton of Kelley Drye & Warren LLP write: Last week, the Eighth Circuit upheld a lower court’s ruling in State Bank of Bellingham v. BancInsure Inc., finding that a bank employee’s negligence in securing its computer network did not preclude coverage for a data breach resulting in a fraudulent funds transfer. The decision…
CA Health & Longevity Institute patients notified of Bizmatics breach
Seen on dailynews.kaango.com, another Bizmatics client discloses the breach to their patients: (DAILY NEWS) PUBLIC NOTICE: HIPAA Breach Notification. CA Health and Longevity Institute would like to alert patients that in 2015 cyber intruders may have accessed confidential patient information that was stored on an electronic health record system. The clinic uses an electronic health…
Reddit Forced to Reset 100,000 Passwords After ‘Uptick’ In Hacked Accounts
Lorenzo Franceschi-Bicchierai reports: After a flurry of hacked accounts, Reddit has been forced to reset the passwords of 100,000 users in two weeks. The company announced it on Thursday, noting that this “general uptick” in account takeovers comes on the heels of large data breaches on other sites, such as the recent leak of more than 100 million…