There’s an update to uKnowKids’ breach disclosure, here. They assert that their analysis shows only one IP address – presumably researcher Chris Vickery’s – downloaded any data from their misconfigured database. They do not name the provider responsible for security the database. According to their statement, the misconfigured instance of the database occurred on December…
Category: Breach Incidents
RubberStamps.net, Incipio notify customers of breaches
While uKnowKids had a somewhat despicable disclosure of their breach that involved shooting the messenger, here are two positive examples of breach disclosures I came across this week: RubberStamps.net notified about 7,000 customers that its web site was compromised between November 3, 2015 to December 11, 2015. In a well-written letter, Scott Lee, the President and CEO, Superior Labels, Inc. explained that…
United Nations World Tourism Organization hacked and forum members’ data dumped
The United Nations World Tourism Organization has reportedly been defaced, hacked, and forum data dumped by TeaMp0isoN. A TeaMp0isoN spokesperson alerted DataBreaches.net to the incident. The defacement was still evident as of the time of this posting. The forum dump contains 1524 records with forum member usernames, email addresses, and MD5-hashed passwords. In response to a inquiry…
Scottrade Faces Consolidated Data Breach Class Action Lawsuit
There’s an update to the Scottrade breach previously reported on this blog. The breach, potentially impacting 4.6M customers, was disclosed in October 2015 but had reportedly occurred between late 2013 and early 2014. Three individuals were indicted in November, 2015. Now Top Class Actions reports that a consolidated data breach class action lawsuit was filed in…
Thinking about incident response
So I woke up to find that uKnowKids had issued a statement yesterday about their exposed database, an exposure that had been uncovered by and reported to them by Chris Vickery. Regular readers of this blog will recognize Chris’s name by now, as he’s uncovered a number of misconfigured databases that have been investigated by…
Los Angeles physical therapy provider settles HHS charges that it impermissibly disclosed patient information
An announcement by HHS on Feb. 16 seems to have flown under most media radar. It seems that Complete P.T. used patient images and testimonials on their web site without patient consent, generating a complaint to HHS that HHS investigated and confirmed. Complete P.T. has admitted liability, agreed to pay $25,000, and has agreed to a…