The VA responded to my email inquiries about the recently disclosed breach involving the eBenefits web site with the following statement: The Department of Veterans Affairs (VA) takes seriously our obligation to properly safeguard personal information. During a limited period of time Wednesday evening, as part of a process to improve software supporting the joint…
Category: Exposure
‘Defect’ on VA benefits site shares vets’ personal details online
Barnini Chakraborty has an update on the Veterans Administration e-benefits website breach reported here recently: The VA issued a statement Friday afternoon acknowledging the “software defect.” “VA took immediate action upon discovering the software defect and shut the eBenefits system down in order to limit any problems,” the agency said. It also said that the…
Insecure healthcare.gov allowed hacker to access 70,000 records in 4 minutes
Darlene Storm reports: When it comes to the atrocious state of HealthCare.gov security, white hat hacker David Kennedy, CEO of TrustedSec, may feel like he’s beating his head against a stone wall. Kennedy said, “I don’t understand how we’re still discussing whether the website is insecure or not. It is; there’s no question about that.” He added,…
Starbucks sat on its clear-text password problem for months
Evan Schuman reports: When Starbucks published the new version of its iOS mobile app yesterday to fix its passwords-in-clear-text problem, it demonstrated a seemingly awesome ability to correct a serious security issue in a single day. But was it truly awesome? Not if it knew about the security hole for months. Not if it knew about it before it published the prior iOS app…
KC engineer ‘exposed unencrypted spreadsheet with phone numbers, user IDs, PASSWORDS’
Kelly Fiveash reports: Hull’s dominant telco, KC, is investigating revelations of what appears to be poor handling of the company’s customer data. This comes after a recent sign-up claimed one of its engineers had unwittingly exposed a customer spreadsheet containing the telephone numbers, user IDs and unencrypted passwords of all its subscribers. Read more on…
Veteran Affairs’ E-Benefits website exposing veterans’ information
Jon Camp reports: Navy veteran Sylvester Woodland said he couldn’t believe what he was seeing Wednesday night when he logged onto the Veteran Affairs’ E-Benefits website. “It gave me a different person’s name, each and every time I came back,” Woodland said. At first I thought it was just a glitch, but the more I…