KY3 reports: Missouri State Auditor Nicole Galloway on Monday released an audit of Ozark County. The audit report describes weaknesses in cybersecurity measures and accounting practices in several county offices. Some offices lacked sufficient password protection controls, including a lack of requirements and the use of shared passwords to access county computers. Other offices failed…
Category: Commentaries and Analyses
Thousands of taxpayers affected by W-2 Phishing attacks this year
Salted Hash reports: In the first quarter of 2016, at least 41 organizations were victimized by BEC attacks, but that number is closer to 70 when additional disclosures are counted. Some organizations were successfully hit earlier in the year, but only just recently discovered the problem, delaying notification. Read more on Salted Hash. The numbers are…
Election fraud feared as hackers target voter records
In the past year, this site has reported on a number of breaches involving voter data: the massive database with 191 million U.S. voters’ data that Chris Vickery uncovered, a second smaller database he uncovered of U.S. voters’ data that included 19 million profiles, a breach involving more than 50 million Turkish citizens, one involving 55 million…
Movimiento Ciudadanos continues to claim it was hacked despite evidence of leak
What Mexican political party Movimiento Ciudadanos is saying in the wake of a massive data leak is just so inconsistent with available evidence that DataBreaches.net will continue to try explain to the public what the available evidence actually shows. As part of efforts to properly inform the Mexican public about a massive leak involving their information, this site…
Is ransomware considered a health data breach under HIPAA?
Back in March, I blogged about the question as to whether a ransomware attack needed to be reported to HHS as a HIPAA breach. In that post, I quoted an HHS spokesperson who informed DataBreaches.net that a ransomware situation was an impermissible disclosure (because the attacker had access to the data even if the data weren’t…
Opportunities Exist for SEC to Improve Its Controls over Financial Systems and Data – GAO
From a new GAO report: The Securities and Exchange Commission (SEC) improved its information security by addressing weaknesses previously identified by GAO, including separating the user production network from the internal management network. However, weaknesses continue to limit the effectiveness of other security controls. In particular: While SEC had issued policies and implemented controls based…