As in previous months, Protenus has summarized what kind of month November was for breaches involving health data. And as the November issue of Breach Barometer makes clear, insider/employee incidents outnumbered external attacks in a month where we first learned of 57 incidents – the largest number of monthly reports this year. One of the main explanations for…
Category: Commentaries and Analyses
Nearly half of education-vendor websites tested had security problems, audit reveals
Nichole Dobo writes: Nearly half of the more than 1,200 education technology vendor websites used by teachers and students, and checked in an October audit, did not include a secure log-in, according to a new survey. This makes these programs vulnerable to a security breach – a school leader’s nightmare. “We want people to fix this,”…
Facing a Data Breach Suit Without the Data Breach? ‘Scary.’
Roy Strom writes: Chieftains of corporate America have long feared the financial and reputational fallout from a hacking breach. But a class action suit unveiled against a law firm last week could add to their data security anxiety. The suit claims that companies and law firms should be held accountable for lax security measures even if their…
PwC sends ‘cease and desist’ letters to researchers who found critical flaw
Zack Whittaker reports: A security research firm has released details of a “critical” flaw in a security tool, despite being threatened with legal threats. Munich-based ESNC published a security advisory last week detailing how a remotely exploitable bug in a security tool, developed by auditing and tax giant PwC, could allow an attacker to gain unauthorized access…
Netgear working to fix flaw that left thousands of devices open to attack
Steve Ragan reports: A remotely exploitable vulnerability in the Nighthawk line of Netgear routers was disclosed on Friday. The flaw leaves customers exposed to having their connections hijacked, as someone exploiting the vulnerability can take complete control of the device. Despite having months to address the problem, Netgear has yet to publish a fix. Read…
Oregon Department of Education risked breach of private student data, audits find
Betsy Hammond reports: Two separate audits found the Oregon Department of Education didn’t do enough to ensure that its huge cache of data on more than 600,000 students remains private. Hundreds of people in school districts and in state government have access to some or all of that data. That means keeping it safe is…