It’s easy to lose interest in low-tech data theft or compromise when we have topics like ransomware and extortion to consider. But physical security of paper records is still something that cannot be taken too casually, as this notice from Bloodworks Northwest reminds us. Was the document stolen or did it just get thrown out…
Month: May 2019
Database With Millions of Indian Personal Records Exposed and Hijacked
Bob Diachenko writes: On May 1st, I have discovered an unprotected and publicly indexed MongoDB database which contained 275,265,298 records with personal identifiable information (PII) on Indian citizens, including the following fields: Name Email Gender Education level and area of speciazliation Professional skills / functional area Mobile phone number Employment history and current employer Date of…
Spectrum Health Lakeland notifies patients after billing vendor breach
I’m not finding anything on their web site just yet, but Spectrum Health Lakeland has reportedly been notifying patients about a breach involving their billing provider, OS Inc. WSJM reports that the health system learned of the breach on March 8 after an OS employee’s email account containing patient information was accessed without authorization. The information…
2019 Verizon Data Breach Investigations Report (DBIR) is Out
This year, Verizon’s DBIR is based on data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide. You can read the Executive Summary here, or read the full report here. There are some data in it that may raise an eyebrow or…
Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites
Swati Khandelwal reports: Researchers from Chinese cybersecurity firm Qihoo 360’s NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites. While monitoring a malicious domain, www.magento-analytics[.]com, for over last seven months, researchers found that the attackers have been injecting…
Washington State Lawmakers Reach Deadline Without Passing Privacy Act, But Reach Agreement on Amendments to Breach Notification Law
From Covington & Burling: The Washington Privacy Act stalled this April in the state’s House of Representatives, and will likely not reappear again for discussion until the 2020 legislative session. The bill overwhelmingly passed the Senate, but failed to come to a floor vote in the House of Representatives before the April 17th deadline for…