Lauren FitzPatrick reports: Confidential information about Chicago Public Schools students — including medical conditions and dates of birth — was kept on unsecured web documents that anyone could call up despite laws and CPS rules that are supposed to safeguard children’s privacy. Some of the personal, identifiable information involved requests for certain ongoing nursing services…
Month: February 2017
Vanderbilt University Medical Center Security Breach Affects 3,000 Patients, Officials Say
AP reports: Vanderbilt University Medical Center officials say the hospital has had a security breach where two employees accessed medical records of more than 3,000 patients. The Tennessean reports the hospital has sent out letters to patients whose personal information was inappropriately viewed. Two patient transporters accessed information that included names, birth dates and medical identification…
Aadhaar biometric data breaches trigger privacy concerns
Suranjana Roy, Komal Gupta, and Apurva Vishwanath report: A case of Aadhaar data breach has caused privacy concerns and raised questions over the security of biometric data in possession of the Unique Identification Authority of India (UIDAI). […] The UIDAI filed a police complaint on 15 February against Axis Bank Ltd, business correspondent Suvidhaa Infoserve…
Couple sentenced for stealing identities of 71 mental health patients
Craig McCarthy reports an update to a case that first made the news in 2015, although it was not covered on this site at the time – likely because I didn’t know it involved patient information: A Sayreville couple was sentenced Friday for stealing thousands of dollars through an identity-theft ring that targeted mental health patients. They used…
Database Ransom Attacks Have Now Hit MySQL Servers
Catalin Cimpanu reports: After the ransacking of MongoDB, ElasticSearch, Hadoop, CouchDB, and Cassandra servers, attackers are now hijacking hundreds of MySQL databases, deleting their content, and leaving a ransom note behind asking for a 0.2 Bitcoin ($235) payment. According to breach detection firm GuardiCore, the attacks are happening via brute-force attacks on Internet-exposed MySQL servers, and there’s plenty of those…
Credit card, personal info targeted in Hawaii tour company hack
HNN reports: Roberts Hawaii is warning customers about a security breach that may affect customers who purchased tours from July 2015 to December 2016. The tour company found out about the hack after getting reports of fraudulent charges on customers’ credit cards. The charges appeared shortly after the customers made purchases on Roberts Hawaii’s website….