A monetary penalty resulted from a misconfigured backup uncovered by Chris Vickery, who was then with Kromtech Security. It was reported publicly in April, 2017 by a number of outlets, including The Daily Dot. This was one of those cases where a vendor’s mistake turned out to be costly. The Commodity Futures Trading Commission (CFTC)…
Category: Commentaries and Analyses
Aperio Group client account data breached by successful phishing attack
On January 30, Aperio informed advisors of a data breach that occurred when two employees’ email accounts were compromised by successful phishing attacks that resulted in auto-forwarding email from those accounts to two external accounts. Aperio discovered the problem on January 11, 2018, and their investigation determined that all emails sent to those two accounts between…
Scottish National Party hit out after investigation reveals data security breaches in Whitehall
Kieran Andrews reports: Lost confidential papers, leaked email addresses and the release of sensitive personal information were just some of the 4000 “data security incidences” recorded by the UK Government recorded last year. Data uncovered by the SNP has revealed that in one case an assault victim’s new name and address was inadvertently sent to…
Lawsuit against Rensselaer County partially revived on medical privacy issue
There’s an update to an insider-wrongdoing lawsuit that I first noted back in September, 2013, after some employees at Rensselaer County Jail filed suit against their employer for snooping in their medical records. As I’ve reported in the past, the breaches occurred against a backdrop where the county jail uses Samaritan Hospital to provide services…
Equifax Hack Might Be Worse Than You Think
AnnaMaria Andriotis reports: Hackers in the Equifax Inc. breach accessed more of consumers’ personal information than the company disclosed publicly last year. Equifax said, in a document submitted to the Senate Banking Committee and reviewed by The Wall Street Journal, that cyberthieves accessed records across numerous tables in its systems that included such data as…
CFAA “Unauthorized Access” Web Scraping Claim against Ticket Broker Dismissed Because Revocation of Access Not Expressed in Cease and Desist Letter
Jeffrey D. Neuberger of Proskauer Rose writes: A California district court issued an important opinion in a dispute between a ticket sales platform and a ticket broker that employed automated bots to purchase tickets in bulk. (Ticketmaster L.L.C. v. Prestige Entertainment, Inc., No. 17-07232 (C.D. Cal. Jan. 31, 2018)). For those of us who have…