Liarna LaPorta of Wandera reports: Wandera’s threat research team has discovered a vulnerability affecting a number of airline e-ticketing systems that can expose passengers’ personally identifiable information (PII). This vulnerability can expose passenger data by using links that are easily intercepted by hackers. The intercepted and unencrypted links enable unauthorized third parties to view, and…
Month: February 2019
Schools Suffered at Least 122 Cybersecurity Incidents Last Year
Benjamin Herrold reports: The nation’s K-12 schools experienced 122 publicly reported cybersecurity incidents in 2018, more than half of which were caused or carried out by staff or students, and nearly 60 percent resulted in students’ personal data being compromised. And that’s likely just the tip of the iceberg, according to a report released Thursday by…
NZ: Landlord’s ‘blacklist’ of tenant’s criminal convictions hacked and leaked online
Samesh Mohanlall reports: A woman was shocked to discover her decades-old criminal record had been published online, part of a blacklist of compromising information compiled by a property investor group and sold to landlords about prospective tenants. Jessica Cross was one of hundreds of Timaru residents to have their sensitive information posted online, including a…
Pawnee County Memorial Hospital notifies 7,038 patients after employee email account compromised by phishing attack
Pawnee County Memorial Hospital in Nebraska recently notified 7,038 patients of a malware incident affecting protected health information. According to their substitute notice, reproduced below, on November 29, the hospital discovered that when an employee opened an email attachment from what had appeared to be a trusted source, malware was injected. The malware gave the…
California Consumer Privacy Act: The Challenge Ahead – The CCPA’s “Reasonable” Security Requirement
Bret Cohen, Paul Otto, Nathan Salminen, and Morgan Perna (law clerk) of Hogan Lovells write: ….This installment of the Hogan Lovells’ CCPA series explains the CCPA’s security requirement and consequences for non-compliance, and describes security controls that most organizations can implement to mitigate this risk. Available statutory penalties The CCPA allows consumers to sue businesses…
Pharmaca notifies customers of payment card breach affecting brick-and-mortar stores
Those of us who read breach notifications to state attorneys general (yes, we have no life), likely all spotted a notification in mid-January involving Pharmaca. The notification stated that in December, 2018, Pharmaca started receiving reports of payment card fraud. Their investigation, with help from security experts, revealed that malware may have captured customer payment…