Kaveh Waddell reports on an issue near and dear to my heart: not all entities that collect or store health information are HIPAA-covered entities. Earlier this year, as one example, we saw the Systema Software leak that impacted numerous firms with a wealth of workers compensation claims. And last year, we saw many employees’ wellness data breached…
Category: Commentaries and Analyses
Number of leaking MongoDB databases increasing: Shodan founder
Yesterday’s news about a MongoDB database belonging to MacKeeper (Kromtech) leaking certainly got a lot of media attention. But now do read John Matherly’s comments on Shodan. Matherly, the founder of Shodan, notes that the number of available, unauthenticated instances of MongoDB has actually increased in the past few months. Of note, he explains that increase is occurring…
Despite warnings earlier this year, tens of thousands of databases continue to leak (update1)
Back in February, some students from the Centre for IT-Security, Privacy and Accountability (CISPA) at Saarland University, Germany made headlines when they reported that they had found approximately 40,000 MongoDB Databases exposed on Port 27017, a port that is open by default in a MongoDB Database installation. Anyone who searches Shodan would be able to easily locate such leaking databases. So what happened after they…
Two apps with health info found leaking: researcher. Part 2: Hzone
This is Part 2 of today’s posts reporting on apps leaking health information. The leaks were shared with DataBreaches.net by researcher Chris Vickery, and this one involves very sensitive health and medical information. Part 1 reported on iFit’s data leak. Screenshots provided to DataBreaches.net on December 8 by Vickery revealed that 4,926 user accounts from Hzone Dating App for HIV-positive…
Two apps with health info found leaking: researcher. Part 1: iFit
Apps that collect and store health-related information are often not covered by HIPAA, but a breach involving the data they collect could be problematic. Today, I report on two leaking apps containing health information. Both of these leaks were reported to DataBreaches.net by researcher Chris Vickery. Part 1, below, is on iFit’s data leak. Part 2 will report on…
Ransom paid by police and law firms to hackers, says Calgary privacy expert
Danielle Nerman reports: The president of the Privacy and Access Council of Canada says it’s not just individuals and small businesses who are shelling out to hackers who infect their computers with viruses. “Police departments and law firms are very, very attractive targets and they pay quite often,” said Sharon Polsky, a Calgary data protection and privacy expert. “If it’s…