On April 28, eUKhost posted an alert on their web site: In the past 24 hours we have been made aware that there has been a compromise of our billing system. Although the method of the compromise remains unclear, we can confirm that an administrator level login was compromised and an IP address added to…
Author: Dissent
Vol State: Personal information found vulnerable for 14,000 students, faculty
About 14,000 students, former students and faculty at Volunteer State Community College in Gallatin had personal information placed on a web server that was not secure. The files placed on the web included names and Social Security numbers, but university officials say there is no evidence that any of that information has been accessed or…
Accretive moves to dismiss AG's law suit
John O’Brien recaps the Accretive Health news reported on this blog last week (here, here, and here): A New York City law firm has followed up on Minnesota Attorney General Lori Swanson’s lawsuit against Accretive Health, filing a securities class action suit against the company. In January, Swanson filed a suit against Accretive, a Chicago…
ICANN to notify domain applicants of data breaches
Georgina Prodhan of Reuters reports: Organizations taking part in the most ambitious expansion of the Internet so far will find out next week whether their applications for new domain names could have been viewed by competitors as a result of a software bug. […] Beckstrom said he was confident the glitch in the system had…
Columbia U. notifies faculty and proprietors that their SSN and bank account numbers were exposed on the Internet for two years
A reader kindly alerted me to the fact that Columbia University sent out breach notices last week. The letter, dated April 21, informed recipients that 3,000 current and former employees, as well as 500 sole proprietors had their names, addresses, Social Security numbers and bank account numbers exposed on the Internet. The names of…
AU: OAIC updates data breach guidelines
Hamish Barwick reports: The Office of the Australian Information Commission (OAIC) has updated its voluntary data breach guidelines as a means of encouraging organisations to notify the public in the advent of a data breach. The new guidelines, entitled Data breach notification, update the August 2008 Guide to handling personal information security breaches. Information Commissioner, John McMillian,…