Alfred Saikali of Shook, Hardy & Bacon L.L.P. writes: Yesterday, in a 26-page opinion, the 11th U.S. Circuit Court of Appeals has weighed in on two important questions in the world of privacy and data breach litigation. First, does a plaintiff have standing where he was exposed to a substantial risk of future identity theft, even…
Month: February 2021
SitePoint hacked: Hashed, salted passwords pinched from web dev learning site via GitHub tool pwnage
Gareth Corfield reports: SitePoint, an Australian learn-to-code publishing website, has been compromised while promoting the book Hacking for Dummies on its homepage. Reg reader Andy told us: “Got an email from SitePoint this morning saying that they had been hacked and some non-important (to them) stuff like names, email addresses, hashed passwords etc might have been stolen. Coincided with…
Patient data breaches disclosed by Nevada, Pennsylvania entities
Nevada Health Centers is notifying an unspecified number of patients after discovering an unauthorized person accessed an employee’s email account between November 20 and December 7. They do not think the motivation was to obtain ePHI as much as financial information about NHC, but with all the “potentially” kind of language, it will be hard…
How the United States Lost to Hackers
Nicole Perlroth reports: If ever there was a sign the United States was losing control of information warfare, of its own warriors, it was the moment one of its own, a young American contractor, saw first lady Michelle Obama’s emails pop up on his screen. For months, David Evenden, a former National Security Agency analyst,…
Alleged breaches impacting Indians, Malaysians, under investigation
India: Airtel continues to deny that it had a breach affecting more than 2.5 million subscribers’ data, despite reports and seeming evidence to the contrary. According to a statement they issued, the threat actors who call themselves “Red Rabbit Team” have made various claims over the past 15 months. “This group has been in touch…
PL: University fined for omitted notification of a data breach
From Personal-Ticker.com: The President of the Personal Data Protection Office in Poland (UODO) imposed a fine on the Medical University of Silesia in the amount of PLN 25.000 (approx. EUR 5.600). The university had suffered a data breach of which it should have notified the supervisory authority and the data subjects according to Articles 33, 34 GDPR,…