Selena Larson reports: Cybercriminals claim to be selling the Social Security numbers of babies on the dark web. The personal details of children — including dates of birth and mother’s maiden names — have been sought after for years. Now, researchers have found an ad on a forum for the sale of data claiming to…
Month: January 2018
Colorado Legislature Considers Sweeping Privacy and Cybersecurity Legislation
David M. Stauss and Gregory Szewczyk of Ballard Spahr write: A bipartisan group of Colorado legislators proposed legislation that, if enacted, would significantly change the requirements for how Colorado entities protect, transfer, secure, and dispose of documents containing “personal identifying information” (PII). The proposed legislation also would expand the types of information covered by the…
Home Office admits it sent asylum seeker’s personal info to the state he was fleeing
From the D’oh dept., Rebecca Hill reports: An asylum seeker has won £15,500 from the UK’s Home Office after it blabbed confidential information about his persecution in his home country – to authorities in the state. In a poorly thought-through attempt to verify the authenticity of a set of documents about the asylum seeker, the…
Monticello Central School District notifying almost 2,600 of phishing attack last year
When I saw that Monticello Central School District in New York had submitted a breach notification to the Vermont Attorney General’s Office and it mentioned phishing, I thought we might have our very first W-2 phishing incident of 2018. But no, it seems that the school district is reporting a phishing incident that they believe…
December was one of the busiest months for health data breach disclosures
While you are eagerly awaiting the release of Protenus’s annual review of 2017 health data breaches, I thought I’d mention that December closed the year out with a bang with 52 possible breaches being disclosed. Only June, 2017 (with 53 reports) exceeded December. Of the 52 entries, 20 were hacking incidents and 17 were insider…
Pedes Orange County notifying patients after doctor found accessing EMR without authorization
Pedes Orange County, Inc. in California shares their medical facility with another medical group that conducts surgical procedures. To coordinate, it seems that they share a scheduling tool with other medical professionals in their building. Somehow – and it’s not yet clear to me how this happened in terms of access controls – a physician…