Commentaries and Analyses – Page 67

FTC Finalizes Order with 1Health.io Over Charges it Failed to Protect Privacy and Security of DNA Data and Unfairly Changed its Privacy Policy

Posted on September 7, 2023 by Dissent

The Federal Trade Commission finalized an order with 1Health.io that settles charges that the genetic testing firm left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying consumers and obtaining their consent. In a complaint first announced in June 2023, the…

Insights From The IBM 2023 Cost of a Data Breach Report

Posted on September 7, 2023 by Dissent

Joseph J. Lazzarotti of JacksonLewis writes: The annual Cost of a Data Breach Report (Report) published by IBM is reliably full of helpful cybersecurity data. This year is no different. After reviewing the Report, we pulled out some interesting data points: Is it beneficial to involve law enforcement in a ransomware attack? According to the Report, organizations…

Beverly Hills Plastic Surgery notification — and what it doesn’t tell the patients.

Posted on September 7, 2023 by Dissent

On July 17, DataBreaches reported that BlackCat had added the Beverly Hills Plastic Surgery (BHPS) to their dark web leak site. The June listing was updated to include photos that appeared to be proof of claims about their access to the clinic’s files. The doctors did not respond to DataBreaches’ inquiries in July, but on…

Update: Leak site with plastic surgery patients’ data and sexually explicit videos removed

Posted on September 3, 2023 by Dissent

In July, DataBreaches reported a data breach involving the plastic surgery practice of Gary Motykie, M.D. The incident, which appeared to be a hack with an extortion demand, had been reported to the Maine Attorney General’s Office, but an upset patient had also contacted NBC News in Los Angeles to reveal that a leak site…

Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed

Posted on September 3, 2023 by Dissent

Lorenzo Franceschi-Bicchierai reports on yet another incident in which responsible disclosure by a researcher and follow-up by media failed to get a company to address vulnerabilities that left the personal information of customers exposed: A company that makes a chastity device for people with a penis that can be controlled by a partner over the…

Why is .US Being Used to Phish So Many of Us?

Posted on September 3, 2023 by Dissent

Brian Krebs reports: Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only…