Josh Taylor reports: A prominent university professor has quit after the health department pressured her university to stop her speaking out about the Medicare and PBS history of over 2.5 million Australians being re-identifiable online due to a government bungle. In 2016, Vanessa Teague, a cryptographer from the University of Melbourne, and two of her…
Category: Commentaries and Analyses
US property and demographic database of 200 million records leaked on the web
Paul Bischoff reports: An exposed online database consisting of some 200 million records included a wide range of sensitive personal and demographic data about residents and their properties. Homeowners were identified as well as info about their credit ratings, net worth, and income, among other details. At this time we have not been able to…
Ransomware Attackers Use Your Cloud Backups Against You
Lawrence Abrams reports: Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you. Recently the DoppelPaymer Ransomware operators published on their leak site the Admin user name and password for a non-paying victim’s Veeam backup software This was not meant to expose the…
UK: Cathay Pacific Airways Limited fined £500,000 for failing to secure its customers’ personal data
From the ICO: The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data. Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and…
OCR settles complaint against doctor for failure to have appropriate risk assessment and security controls, despite technical assistance
OCR has settled a complaint against a covered entity for violations that first occurred prior to November, 2013, but continued thereafter. Yes, 2013. That’s when Steven A. Porter, M.D., first reported a breach to OCR that involved his business associate Elevation43. According to the complaint Porter filed at the time, and as described by OCR,…
NZ: Tuia 250 privacy breach: Tech boss signed off on government website with no testing
Craig McCulloch of RNZ reports: A top tech boss at the Ministry of Culture and Heritage (MCH) reviewed the Tuia 250 website’s security and declared it “fit for purpose” just two months before a major breach was uncovered, new correspondence shows. […] Correspondence obtained by RNZ under the Official Information Act shows the website –…