And yet another breach disclosed at the beginning of a holiday weekend – this one posted by the State of Alaska: September 1, 2017 ANCHORAGE – The Alaska Department of Health and Social Services had a security breach that may have disclosed personal information of individuals who have interacted with the Office of Children’s Services….
Month: September 2017
FTC Settles GLBA Enforcement Action Against TaxSlayer Stemming From 2015 Data Breach
We haven’t seen many data security enforcement actions under the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule, but a recent case is a good opportunity to remind entities that they may be covered by it even if they didn’t know it. Edward McAndrew, Kim Phan, and Zaven Sargsian of Ballard Spahr write: The Federal Trade Commission (FTC)…
The Neurology Foundation discloses employee wrongdoing
Yes, let’s release a breach notification at 5 pm on the Friday of a big holiday weekend…. In this case, it’s The Neurology Foundation in Rhode Island, reporting on an incident involving employee wrongdoing. You can read the full press release here. Note that although the problem was discovered months ago, notification of the breach was…
Hackers claim to have personal info of millions of Instagram accounts, including celebs
Sarah Buhr reports: A group of hackers used a bug earlier this week to scrape the phone numbers and email addresses of six million Instagram accounts and are now selling that information on the web. The hackers mainly targeted celebrities and verified users, including Selena Gomez, who’s account was hacked two days ago. The hackers…
BroadSoft Inc. left millions of partners’ customer data records exposed
Bob Diachenko of Kromtech Security reports: One of the top companies that provides cloud-based unified communications has just leaked more than 600GB of sensitive files online. The Kromtech Security Center has discovered not just one but two cloud-based file repositories (AWS S3 buckets with public access) that appear to be connected to the global communication…
EXCLUSIVE: Hand Rehabilitation Specialists notifies patients of possible hack by TheDarkOverlord
Back around the Fourth of July holiday, I was busy attempting to confirm some claimed hacks by TheDarkOverlord (TDO). And no, I’m not referring to any entities I’ve previously named on this site, but yet other healthcare entities I’ve never named. In encrypted chats, TDO had provided me with samples of patient data from approximately…