Eaglesoft software by Patterson Dental is a popular patient management system. But just as one security researcher had concerns about patient data security in Henry Schein’s Dentrix G5 software, he’s also had concerns about Eaglesoft, albeit for different reasons. He contacted this site on February 6 and notified CERT of his concern: Eaglesoft does seem to…
Category: Exposure
The second rule of incident response is to follow the plan
From the who-put-the-frying-pan-in-that-fire dept. Several weeks ago, DataBreaches.net received a complaint concerning a breach involving the Montgomery County Housing Opportunities Commission in Maryland. It seems that a vendor’s 1099 tax statement had been sent to the wrong recipient. It was not a particularly unusual breach, but the 1099 had been sent as an unencrypted attachment to an email, so I read…
FL: Discarded medical records found unsecured at public landfill
Trevor Pettiford reports that discarded medical records were found unsecured at a county landfill facility in St. Petersburg, Florida. The records, complete with names, addresses, and family histories, were discovered by a man dumping bulk trash at the Pinellas County Solid Waste facility at 3095 114th Avenue North in St. Petersburg. They apparently came from the…
@ChileanCrew Hacks, Leaks Details for 300,000 Chilean Citizens Looking for State Benefits
Catalin Cimpanu reports: A group of Chilean hacktivists that go by the name of Chilean Hackers have broken into the database of CONADI and stolen the personal details of 304,189 Chilean citizens looking for state benefits from the country’s government. Read more on Softpedia. I “get” that the hacktivists want Chile’s president to resign and they want…
Misconfigured MongoDB installation left Microsoft careers site vulnerable to attack
Chris Vickery writes: An exposed database was serving potentially arbitrary HTML through the mobile version of Microsoft’s careers page (m.careersatmicrosoft.com). Punchkick Interactive is a mobile web development company. Microsoft relies on Punchkick to handle the database that powers m.careersatmicrosoft.com. The bad news is that, for at least the past few weeks, this backend database has…
KY: Retired firemen address board after newsletter containing sensitive information circulates
Lana Bellamy reports: A group of firefighters are concerned about possible identity theft in light of the publication of sensitive personal information on Ashland Commissioner Kevin Gunderson’s electronic newsletter. Last month, Gunderson’s regular electronic newsletter “Kevin Mail” had documents attached containing the names, partial Social Security numbers and pension member identification numbers on invoices related…