Lorenzo Franceschi-Bicchierai reports: The anonymous message board app Yik Yak is designed in a way that it is possible to get the precise location of a user’s post, and see users’ unique IDs, potentially allowing someone to dox and stalk users, according to a researcher. […] In April, David Teather, a computer science student, analyzed…
Category: Commentaries and Analyses
Hundreds of patient data breaches are left unpunished, reveals The BMJ
From The British Medical Journal: Hundreds of organizations including drug companies, NHS commissioners, and universities have breached patient data sharing agreements in the past seven years, reveals an investigation by The BMJ today. GlaxoSmithKline (GSK) and Imperial College London are among those that have carried out “high risk” breaches according to NHS Digital audits examined by investigative…
2022 DSIR Deeper Dive: Vendor Incidents
Stefanie Ferrari of BakerHostetler writes: Vendor-caused incidents continued to surge in 2021. Nearly 20 percent of the total incidents we handled last year were caused by vendors, with more than half requiring notification. As in prior years, vendor incidents involved phishing schemes and inadvertent disclosures but primarily resulted from ransomware attacks on the vendors’ systems….
France sees boom in personal data breaches in 2021
By Mathieu Pollet, translated by Daniel Eck: France has hit an all-time record in notifications of personal data breaches, up 79% from 2020, the latest report of the country’s data protection supervisor CNIL has found. EURACTIV France reports. Over the past year, CNIL received 5,037 notifications of personal data breaches – about 14 notifications per…
OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief
Theresa Defino reports: Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and business associates (BAs). And, if Congress agrees, its impact would expand significantly in the coming months. As part of its…
Hackers are now hiding malware in Windows Event Logs
Ionut Ilascu reports: Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques…