Ashley White reports: Tangela Lawson-Brown was found guilty after a three-day federal trial in Tallahassee. The 41-year-old was convicted of wire fraud, theft of government funds, possession of unauthorized access devices and aggravated identity theft, according to a statement from the U.S. Attorney for the Northern District of Florida. Between October 2011 and December 2012, Lawson-Brown worked as a…
Month: October 2017
U.S. Education Dept. responds to TheDarkOverlord attacks with new cyber advisory
It’s gratifying when advocacy efforts have an impact. Last week, this blogger spent a good amount of time talking with Kathleen Styles, Chief Privacy Officer of the U.S. Education Department. We discussed the TheDarkOverlord attacks on the education sector and I had urged the Department to try to warn schools how to better protect themselves. I…
UK: University of East Anglia not punished over data breach
BBC reports: A university that mistakenly emailed sensitive personal information about students to hundreds of undergraduates will face no further action. Details of health problems, family bereavements and personal issues were sent by the University of East Anglia (UEA) in Norwich to 298 students. The Information Commissioner’s Office said no regulatory action was needed. Read…
Kentucky lawmaker files bill to help victims of data breaches
Mark Vanderhoff reports: A state lawmaker said the Equifax data breach affected 40 percent of Kentuckians. Sen. Morgan McGarvey announced proposed legislation to help those victims at the Louisville headquarters of the AARP. […] The bill requires companies to provide victims with: A free credit freeze. Five years of credit monitoring. Three free credit reports…
Cloudy with a chance of PHI leaks
Maybe we should do this one as a “write your own headline” exercise. Earlier this week, Kromtech Security reported that they had uncovered yet another improperly secured AWS S3 bucket that was exposing protected health information. The company that was responsible for the collection of the home monitoring data, Patient Home Monitoring, was exposing what…
T-Mobile Website Allowed Hackers to Access Your Account Data With Just Your Phone Number
Lorenzo Franceschi-Bicchierai reports: Until last week, a bug on a T-Mobile website let hackers access personal data such as email address, a customer’s T-Mobile account number, and the phone’s IMSI, a standardized unique number that identifies subscribers. On Friday, a day after Motherboard asked T-Mobile about the issue, the company fixed the bug. The flaw,…