In December, 2020, the FTC announced a proposed settlement with Texas-based Ascension Data & Analytics after a security breach involving one of its vendors resulted in the exposure of, and unauthorized access to, consumers’ mortgage applications. One year later, the settlement received final approval, as the FTC announced on December 22: The Federal Trade Commission…
Category: Commentaries and Analyses
Administrative fine imposed on psychotherapy centre Vastaamo for data protection violations
A hack and extortion attempt involving the psychotherapy center in Vastaamo, Finland was — and remains — one of the worst breaches ever covered on PogoWasRight.org and DataBreaches.net because it involved the sensitive mental health information of tens of thousands of patients and a coverup by an executive of the clinic. Now EDPB has posted…
FTC warns companies to remediate Log4j security vulnerability
Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a serious vulnerability in the popular Java logging package, Log4j (CVE-2021-44228) was disclosed, posing a severe risk to millions of consumer products to enterprise software and web applications. This vulnerability is…
Fired University of Utah researcher exposes breaches in student data
Chris Jones and Nadia Pflaum of KUTV report: Dr. Judith Zimmerman knew she was fired for doing the right thing. She was the lead investigator on a research project on autism in children, which she spearheaded at the Utah Department of Health. She brought that project, and a very sensitive database of data, to the…
Indian authorities set to tighten data breach laws in 2022
Stephen Pritchard reports: Authorities in India are set to clamp down on data breaches and tighten rules for holding sensitive data, according to local media reports. Organizations will be forced to disclose data breaches within 72 hours, bringing India in line with territories such as the EU, which mandates breach disclosures under its General Data Protection Regulation…
NY State Comptroller DiNapoli Releases School District Audits
NY State Comtroller DiNapoli released more school district audits last week. As always, DataBreaches.net looked to see what audits concerned IT security. New Rochelle City School District – Information Technology (2021M-142) Issued Date: December 17, 2021 Audit Objective Determine whether New Rochelle City School District (District) officials established adequate controls over network and financial application…