eCommerce payment processor EasyDraft is notifying Bright Horizons Family Solutions customers of a breach that started in October 2012 with a misconfigured server. The breach wasn’t discovered until January 2014, however, when Bright Horizons contacted EasyDraft to alert them to the problem. In their report to the New Hampshire Attorney General’s Office, lawyers for EasyDraft write: We…
Category: Exposure
UK: Wymondham College apologizes over pupils’ data breach
BBC reports: A school has apologised for a data breach in which personal information about students was sent to their teenage classmates. Sixth-form pupils at Wymondham College, Norfolk, were mistakenly sent a link to a spreadsheet intended for teachers. It included data on whether pupils had special educational needs, whether they were “looked-after” children and…
Update on the VA’s eBenefits website breach
The VA responded to my email inquiries about the recently disclosed breach involving the eBenefits web site with the following statement: The Department of Veterans Affairs (VA) takes seriously our obligation to properly safeguard personal information. During a limited period of time Wednesday evening, as part of a process to improve software supporting the joint…
‘Defect’ on VA benefits site shares vets’ personal details online
Barnini Chakraborty has an update on the Veterans Administration e-benefits website breach reported here recently: The VA issued a statement Friday afternoon acknowledging the “software defect.” “VA took immediate action upon discovering the software defect and shut the eBenefits system down in order to limit any problems,” the agency said. It also said that the…
Insecure healthcare.gov allowed hacker to access 70,000 records in 4 minutes
Darlene Storm reports: When it comes to the atrocious state of HealthCare.gov security, white hat hacker David Kennedy, CEO of TrustedSec, may feel like he’s beating his head against a stone wall. Kennedy said, “I don’t understand how we’re still discussing whether the website is insecure or not. It is; there’s no question about that.” He added,…
Starbucks sat on its clear-text password problem for months
Evan Schuman reports: When Starbucks published the new version of its iOS mobile app yesterday to fix its passwords-in-clear-text problem, it demonstrated a seemingly awesome ability to correct a serious security issue in a single day. But was it truly awesome? Not if it knew about the security hole for months. Not if it knew about it before it published the prior iOS app…