Emily Sortor writes: Eddie Bauer and Veridian Credit Union have reached a $9.8 million settlement, ending claims that Eddie Bauer’s lack of adequate security led to more than 1 million Veridian customer accounts being exposed to a data breach that occurred in January 2016. The proposed settlement deal was filed on Friday in Washington federal…
Month: April 2019
Leak Reveals Iran’s Wildest Hacker Crew Stole 13,000 Passwords From 98 Organizations
Thomas Brewster reports: Earlier this month, a prolific hacking group said to be sponsored by Iran had its cyber arsenal leaked. A bundle of tools and target information belonging to the crew, dubbed OilRig, were thrown up on the web for all and sundry to see, marking the most significant leak of Iran’s cyber weaponry…
Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks
Swati Khandelwal reports: A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate,…
In the process of notifying patients of a web exposure breach, Inmediata experiences a mail exposure breach?!
Reading the comments under the Inmediata press release is like watching a train wreck happen right in front of you. Many people are reporting that they have received multiple notification letters from Inmediata — many with the names of people who are unknown to them and who do not live at their address. One person…
SEC Warns Advisers Over Privacy Compliance Issues
Craig A. Newman of Patterson Belknap writes: The Securities and Exchange Commission is warning investment firms to step up their game when it comes to following the agency’s privacy rules. In a Risk Alert issued by the Office of Compliance Inspections and Examinations (OCIE), a laundry list of compliance “deficiencies or weaknesses” were identified in…
Email breach exposes hospice patients
The Bulletin reports: An employee at Bend-based hospice Partners in Care was the victim of an email phishing attack that exposed the private health information of some patients. Partners In Care discovered the attack on March 4 and did an “extensive” forensic investigation and manual email review, according to a press release. The unidentified employee’s…