Chris Opfer writes: Six years after Shane Enslin left his repairman job at a Coca-Cola distribution plant in Pennsylvania, the company told him that his Social Security number and other personal information might have fallen into the wrong hands. A few months later, a declined credit card upended his family vacation. Then came a third…
Category: Business Sector
Website operators are in the dark about privacy violations by third-party scripts
by Steven Englehardt, Gunes Acar, and Arvind Narayanan Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data…
Hundreds left vulnerable to hackers after Johnson and Johnson data blunder
Aaron Rogan reports: The home addresses of hundreds of Irish people have been published online in a data breach by a pharmaceutical company. A cybersecurity expert said the error may leave people vulnerable to hackers as the company also shared email addresses that may be linked to other online accounts. As part of a promotion…
Federal Appeals Court Slams Data Breach Privilege Claim
Craig A. Newman writes: In the most recent object lesson in a data breach privilege case, a federal appeals court has ordered a Michigan-based mortgage lender to turn over privileged forensic investigatory documents after the investigator’s conclusions were revealed in discovery. Background. In the case, Leibovic v. United Shore Financial Services, LLC, et al, No. 17-2290,…
UK: ICO slams Carphone Warehouse with £400,000 penalty; inadequate security contributed to 2015 hack
If you’ve been following along since 2015, you may recall a breach involving Carphone Warehouse that was first disclosed in August, 2015. At the time, we were told that the hack affected 2.4 million customers’ data and about 90,000 customers’ credit cards. Fast forward to today, when the U.K.’s Information Commissioner announced that it has…
Dog-Walking App Exposed Home Addresses and Lockbox Codes
Oh good grief. You can’t even walk dogs without risking a breach of your personal information, it seems. My friend Sheila Kaplan sent this one along, as reported by Rolfe Winkler and Robert McMillan: Wag Labs Inc., the startup behind a popular dog-walking smartphone app, inadvertently exposed webpages showing customer information including addresses and lockbox codes that…