The Information Commissioner’s Office (ICO) has fined Gloucester City Council £100,000 after a cyber attacker accessed council employees’ sensitive personal information. The attacker took advantage of a weakness in the council’s website in July 2014, which led to over 30,000 emails being downloaded from council mailboxes. The messages contained financial and sensitive information about council…
Category: Commentaries and Analyses
You shot the messenger and then needed her help? How did that work out for you?
Some readers might appreciate an update as to what happened when Bronx-Lebanon Hospital Center and iHealth Solutions sent legal threat letters to this site after I notified them and reported that they were leaking protected health information. As I previously noted, I was – and remain – very grateful to Covington & Burling for their representation of me and this…
Romania: Haven for hackers turned cyber sleuths
Vlad Odobescu reports: Razvan Cernaianu once surfed the Internet anonymously and easily broke into the computer systems for NASA, the Pentagon and Oracle. Then he became part of a legion of hackers that turned Romania into a center of international cyber fraud investigators. Now, the 25-year-old is co-founder of Cyber Smart Defense, a security firm…
HospitalGown Database Leak: Enterprise Apps Found Leaking Data On Back End Servers
AJ Dellinger reports: Mobile apps for enterprise services that manage data are leaving massive troves of user information exposed and unprotected on backend servers, according to a group of security researchers. Experts at Appthority, a mobile security firm, published a report that showed 43 terabytes of data from enterprise apps left exposed. The information was…
Anthem, AmEx, PayPal, Must Face ID Theft Suit in Calif.
Jimmy H. Koo reports: Health insurance, financial services, and payment card companies failed to keep a California attorney’s identify theft lawsuit in federal court and must face the allegations back in state court, the U.S. District Court for the Northern District of California held May 31 ( Gallo v. Unknown No. of Identity Thieves ,…
INFORMATION SECURITY: FDIC Needs to Improve Controls over Financial Systems and Information
From: INFORMATION SECURITY: FDIC Needs to Improve Controls over Financial Systems and Information GAO-17-436: Published: May 31, 2017. Publicly Released: May 31, 2017. What GAO Found The Federal Deposit Insurance Corporation (FDIC) implemented numerous information security controls intended to protect its key financial systems. However, further actions are needed to address weaknesses in access controls—including boundary…