Dustin Volz reports: The two people who hacked ride-hailing firm Uber’s data in 2016 were in Canada and Florida at the time, a company security executive told a U.S. congressional committee on Tuesday. But I love this line in his testimony: “We made a misstep in not reporting to consumers, and we made a misstep…
Month: February 2018
UK: Hospital chiefs launch probe after boxes of patients’ notes left in ARI corridor for a week
Ewan Cameron reports: Health chiefs today launched a probe after boxes of patients’ private health records were left unattended in a hospital corridor for a week. A shocked member of the public spotted at least six boxes of documents, including patients’ notes, sitting in Aberdeen Royal Infirmary (ARI) and contacted the Evening Express. After we…
Uber: We had “no justification” for covering up data breach
Cyrus Farivar reports: Uber’s top security official testified at Capitol Hill on Tuesday, saying that Uber had “no justification” for not coming clean sooner when it had been hit by a massive data breach in 2016. In written testimony, John Flynn, Uber’s chief information security officer, told a Senate committee that “it was wrong not…
RBS releases its year-end roundup and breach analysis
There’s nothing like some dramatic numbers to get attention to data breaches. Risk Based Security, Inc. has released their 2017 statistics, and yes, some of the numbers are dramatic. Here are just two snippets from their blog post about the report: There were 5,207 breaches recorded last year, surpassing 2015’s previous high mark by nearly…
Biometric data theft: Two more arrested in India
Yagnesh Bharat Mehta reports that there have been two more arrests in a case previously noted on this site. The case involves the theft of biometric data for illegally acquiring food grains meant for registered beneficiaries of the the National Food Security Act. It’s really not clear (to me or law enforcement, it seems) how…
A (Secondary) Education in Data Security
Christina Seda and Peter A. Nelson of Patterson Belknap write: On January 18, 2018, the New York State Education Department (“NYSED”) announced that one of its vendors, Questar Assessment, experienced a data breach resulting in the unauthorized disclosure of personal information from students in five different New York schools. While the data breach reportedly affected…