Orin Kerr writes: The Ninth Circuit has handed down United States v. Nosal (“Nosal II“), a case on the scope of the Computer Fraud and Abuse Act that I blogged about here and here. The court held 2-1 that former employees of a company who had their company accounts revoked violated the CFAA when they subsequently…
Category: Commentaries and Analyses
In 5-year period,162 security breaches impacted 7.6 million consumers in SC
Matthew Stevens reports: The South Carolina Department of Consumer Affairs has released its Security Breach Report from January 2011 through December of 2015. Over that span, the agency acknowledge 162 breaches that impacted more than 7.6 million consumers in SC. The report found that the most breaches, 39, were related to the retail and food…
UK: Safe in Police hands? New Big Brother Watch report released
Big Brother Watch has released a new report on data protection in the UK police. Some of their key findings for the period June 1, 2011 – December 31, 2015 were that there have been 2,315 breaches in police forces, including: 869 (38%) instances of inappropriate/unauthorised access to information 877 (38%) instances of inappropriate disclosure of data…
UK: NHS seeks cure for its costly digital headache
Gill Hitchcock reports: This May two NHS trusts were fined almost £400,000 for failing to protect confidential information. Chelsea and Westminster revealed the email addresses of HIV service users, while Blackpool teaching hospitals published private information about thousands of staff online. But are these incidents simply isolated sloppiness or a growing problem as the NHS digitises its records?…
X-ray and MRI machines among devices used as springboards for data breach attacks
Bradley Barth reports: … Researchers at the cybersecurity firm TrapX Security refer to the act of infiltrating or hijacking medical devices as MEDJACK. In a 2015 report, the company cited examples of such attacks in which the malware infection was limited to the device itself. No more, however: In its 2016 MEDJACK.2 report, TrapX revealed examples of…
Massachusetts General Hospital Dental Group notifies patients of Patterson FTP server incident
Back in February, this site reported that a Patterson Dental anonymous FTP server was leaking patient data, according to a security researcher who had discovered the problem and reported it to them and then this site. One of the entities, the Massachusetts General Hospital Dental Group, had patient data caught up in that leak, and…