DataBreaches.net has reported on a number of breaches in the healthcare sector this year that involved third parties, so I thought that I’d try to compile them to see how 2016 was shaping up. The resulting chronology, available in a new report co-authored with Protenus, Inc., includes more than 60 incidents involving business associates or vendors. Highlights of the…
Category: Commentaries and Analyses
Nearly 800,000 FTP Servers Accessible Online Without Authentication
Catalin Cimpanu reports: A recent brute-force scan of FTP servers available online via an IPv4 address revealed that 796,578 boxes can be accessed without the need for any credentials. The perpetrator of this scan is a security researcher that goes by the name of Minxomat, owner of a cyber-security firm that performs these types of…
Adventures in breach notification, Saturday edition
Someone should start a web site archiving the inappropriate responses we get when we try to notify entities that they’ve had a data breach. This would be my entry for today: I tried to alert an entity that they’d been hacked and data had been exfiltrated. It was after normal business hours, and I could find only one…
The Breach That Supposedly Isn’t a Breach
Discussing an incident disclosed by Troy Hunt this week, Jeremy Kirk reports: The handling of a recent data breach – the details of which are still unfolding – by Oakland, Calif.-based web services company Regpack provides a look into how the discovery and disclosure of a breach can turn into a real train wreck. Read…
New York State Proposes Cybersecurity Regulation for Financial Services Institutions
Micaela McMurrough, Ashden Fein and Catlin Meade write: On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require financial service institutions to develop and implement cybersecurity programs to prevent and mitigate cyber-attacks. The proposed regulation will be subject to a 45-day comment period once it is published in the New York State…
Trump’s campaign mute about data security #fail?
It may not be on the level of failing to adequately secure State Department communications, but it seems Donald Trump’s organization could use a refresher course on data security. And when it finishes that, it might want to tackle a course on transparency. On Sunday night, DataBreaches.net received an email from MacKeeper Security Research Center lead researcher Chris Vickery….