It seems that every week I hear from researchers who find patient data or medical data exposed. And I know some of them spend inordinate amounts of time trying to contact entities to get them to secure their unsecured sensitive data. Some of these researchers do this for no pay and no expectation or hope…
Category: Breach Incidents
Port Orange Suspends Online Payment System to Investigate Possible Data Breach Involving Click2Gov
Update: The original post below was published on October 19, 2019. On January 10, 2020, Port Orange said that they were first notified by CentralSquare on November 6. Yet they had reportedly suspended payment by October 19 to investigate. So why has it taken them so long to make this follow-up announcement? Spectrum News reports…
Student Hacked Into Downingtown Area School District System To Gain Competitive Advantage In Water Gun Fight, Officials Say
Howard Monroe reports on what sounds like yet another hack involving Naviance. We first read about a Naviance hack by a student last week involving the Montgomery County Public Schools in Maryland. Now it’s the Downingtown Area School District in Pennsylvania, it seems. A student prank went too far after personal information belonging to dozens…
California Amends Breach Notification Law
Hunton Andrews Kurth writes: On October 11, 2019, California Governor Gavin Newsom signed into law AB 1130, which expands the types of personal information covered by California’s breach notification law to include, when compromised in combination with an individual’s name: (1) additional government identifiers, such as tax identification number, passport number, military identification number, or other…
IN: South Knox School Corporation recovers from malware virus
WTOW reports: South Knox School Corporation has restored all servers after being hit by a ransomware virus late Friday afternoon. According to SKSC Superintendent Tim Grove, approximately 50 out of over 400 computers were infected by the virus. Read more on WIBQ.
When Test Data is Not Test Data
Jeremiah Fowler of Security Discovery tackles a common problem researchers and journalists experience all too frequently: There is a growing trend among organizations and companies to simply deny that live production data is real. As a security researcher I often hear that everyone is a small start-up and all data is test data, or it…