Catalin Cimpanu reports: Hackers have breached the systems of 62 colleges and universities by exploiting a vulnerability in an enterprise resource planning (ERP) web app, the US Department of Education said in a security alert sent out this week. The vulnerability is in Ellucian Banner Web Tailor, a module of the Ellucian Banner ERP that…
Category: Commentaries and Analyses
UK: Estate agency fined £80,000 after accidentally exposing personal info online for two years
The Information Commissioner’s Office issued the following press release involving a monetary penalty related to an unintended exposure incident and a misconfiguration. Imagine if every such leak here resulted in the FTC or a state attorney general fining the entity….. The Information Commissioner’s Office (ICO) has fined a London estate agency £80,000 for leaving 18,610…
Data Breaches and Educational Institutions
Marjorie Spivak, Taylor Ey, and Liz LeVan Riley of Womble Bond Dickinson (US) LLP write: Consider these five steps during your summer break to address the protection of confidential information and combat cybersecurity risks before the start of fall semester. 1. Information Assessment: Identify what data your institution holds, how it is used, how is…
Victims of AMCA’s breach allege AMCA not helpful enough in incident response
The other day, I wondered aloud whether there was anything the American Medical Collection Agency (Retrieval Masters) could have done after they were hacked to keep their big clients like Quest Diagnostics and LabCorp. An interesting report by Marianne Kolbasuk McGee on BankInfoSecurity suggests that there might have been. McGee reports that newly submitted court…
PA: Software firm, health care provider accuse each other of theft
Nicholas Malfitano reports on a lawsuit in which a healthcare provider, Post Acute Medical, LLC (PAM), accuses the former owner and operator of its computerized records database, Christopher LeBlanc and Meridian Hospital Systems Corporation of Dallas, Texas, of illegally retaining its confidential patient data. The suit was filed in federal court for the Middle District…
Lenovo Confirms 36TB Data Leak Security Vulnerability
Davey Winder reports: Lenovo has confirmed that a “high severity” security vulnerability has left users of specific network-attached storage devices with data exposed to anyone who went looking for it. How much data? How does at least 36TB grab you? That’s the number that the security researchers who uncovered the vulnerability in the Lenovo-EMC storage…