In November 2013, I blogged about the case of a privacy breach at Northern Inyo Hospital that was so devastating to the patient that she was going to move away. The breach was a willful insider breach that impacted a custody dispute. That same year, and unbeknownst to most people, there was a lawsuit filed over another insider…
Category: Breach Incidents
FTC claims victory in Wyndham case; Appellate court upholds authority to enforce data security
Commissioner Julie Brill of the FTC has claimed victory in Wyndham’s appeal in the Third Circuit: Big news: FTC wins Third Circuit Wyndham appeal. Inadequate data security can be unfair under FTC Act & companies have adequate notice. — Julie Brill (@JulieBrillFTC) August 24, 2015 “Big news: FTC wins Third Circuit Wyndham appeal. Inadequate data…
50,000 AutoZone customers’ data hacked, exposed (update1)
AutoZone, a leading American retailer of auto parts, has reportedly been hacked by @JM511. This afternoon, JM511 announced the hack of the AutoZonePro.com site on Twitter. The linked paste included 49,967 customers’ details: billing addresses (street and city), email addresses, hashed passwords, telephone numbers, customers’ cities, and dates of birth. Although the passwords were hashed, JM511 provided the password…
How is this type of breach still happening in the Veterans Administration system?
I thought the Veterans Administration system had taken steps to ensure that people could not forward/send emails with protected health information outside the system. Yet an incident in Texas that was included in the VA’s July report to Congress shows that this still occurs. The VA’s summary of the incident for July 23rd notes: As…
UK: Job recruiters network JobsatTEAM hacked
Another day, another SQLinjection attack by JM511 (@JM511 on Twitter). This time, it’s U.K. site, jobsatteam.com. TEAM describes themselves as the largest network of independent job recruiters. JM511 dumped the administrator’s table with 12 individuals’ email addresses, usernames, passwords, full names, and telephone numbers. There’s also a dump of 2,590 members’ names, usernames, passwords (some unencrypted),…
Man affiliated with Anonymous #OpAustralia returns to court August 11th
DataBreaches.net has previously reported on the case of Mathew Hutchison, a young Australian who found himself on the wrong side of the law for attempting to redirect the Indonesian faction of Anonymous away from businesses and not-for-profits in Australia. Hutchison ran afoul of Australian law because videos that he uploaded to YouTube in the name of #OpAustralia and chats…