Apps that collect and store health-related information are often not covered by HIPAA, but a breach involving the data they collect could be problematic. Today, I report on two leaking apps containing health information. Both of these leaks were reported to DataBreaches.net by researcher Chris Vickery. Part 1, below, is on iFit’s data leak. Part 2 will report on…
Category: Business Sector
NZ: Data breaches at Television New Zealand
Russell Blackstock reports: TVNZ has revealed two data security breaches over the past year, including the payment of a “fraudulent invoice” and the distribution of “commercially sensitive data” to external media agencies. The state broadcaster detailed the incidents in written answers to Parliament’s Commerce Committee. “An email phishing attack on a supplier resulted in a…
Employee error most likely cause of data breaches among in-house legal counsel, new report says
More than half of in-house legal counsel report that their companies are increasing spending on cybersecurity, while one-third state that their companies have experienced a data breach, according to a new report from the Washington, DC-based Association of Corporate Counsel (ACC) Foundation. Read more on CanadianUnderwriter.ca. The report will cost you $475 (yeah, right, I’ll…
UK: NetNames confirms easily.co.uk whacked by cyber crims
Paul Kunert reports: The UK’s number two website hosting business, Easily.co.uk, has confirmed to customers it has fallen prey to cyber crims. The NetNames-owned company, which hosts 100,000 sites including 65,000 in Britain, told punters yesterday IT systems were attacked by an “unknown third party”. “A forensic investigation by independent experts has revealed that unauthorised…
CardCrypt: 16 Companies Exposed Customers Unencrypted Credit Card Data
Jett Goldsmith writes: A security vulnerability affecting 16 companies worldwide, including Air Canada, the CN Tower, and the San Diego Zoo, has potentially revealed the unencrypted credit card data of hundreds of thousands of customers, according to a report by threat detection firm Wandera. Read more on Neowin. Over on Wandera’s blog, they write: Today, Wandera announced…
OH: First Transit notifies employees after malware discovered on server
Malware inserted on a server on October 23, 2011 wasn’t discovered until October 21, 2015, reports First Transit‘s external counsel. For almost four years, employees’ information, including name, address, date of birth, phone number, driver’s license number, and Social Security number may have been compromised. In response to the discovery, First Transit took the server offline…