The FTC has taken enforcement action against CafePress stemming, in part from a 2019 data breach previously reported on this site. In December, 2020, seven states settled charges with CafePress. The Federal Trade Commission today took action against online customized merchandise platform CafePress over allegations that it failed to secure consumers’ sensitive personal data and…
Category: Commentaries and Analyses
Comprehensive Health Services Pays False Claims Act Settlement Involving EMR Security
Marianne Kolbasuk McGee reports: A healthcare services contractor has agreed to pay a $933,000 settlement in a federal whistleblower case involving alleged false claims by the entity about the security of electronic medical records containing the information of military personnel, diplomats and contractors. The settlement is the first under the Department of Justice’s Civil Cyber-Fraud Initiative,…
PayTM clarifies RBI bar on new customers
Economic Times reports: The RBI barred Paytm Payments Bank from taking on new customers on March 11 because it had allowed data to flow to servers abroad in violation of India’s rules, and didn’t properly verify its customers, Bloomberg reported on Monday, citing a person familiar with the matter. Annual inspections by the Reserve Bank…
State Bar Breach Exposed Thousands More Confidential Records Than Original Estimates, Investigation Shows
Alaina Lancaster reports: More than 60,000 additional confidential attorney discipline records were exposed in a data breach of the State Bar of California’s case management system, according to an ongoing investigation. The bar’s IT incident response team and a third-party forensic firm calculated that more than 322,525 confidential records were available during the leak, compared to…
Ukrainian hackers say HackerOne is blocking their bug bounty payouts (updated)
Zack Whittaker reports: Ukrainian hackers and security researchers say bug bounty platform HackerOne is withholding their bug bounty rewards, in some cases thousands of dollars, and refusing to let hackers withdraw their earnings. Several hackers and researchers with affected HackerOne accounts said in tweets that HackerOne is blocking payouts, citing economic sanctions and export controls…
The Human Factor in Data Security Breaches
Breaches involving the pharma sector may or may not involve patient data, but as we saw early on the pandemic, hitting the pharma sector when it is working on developing vaccines, testing vaccines, or distributing vaccines can have significant national and global health implications. Julian Upton reports: The pandemic’s exacerbation of the pharmaceutical industry’s exposure…