Associated Press reports: A University of Pittsburgh Medical Center employee has sued the hospital network for credit restoration services and identity theft insurance in the wake of a data breach that has seen hackers use the personal information of hundreds of employees to file bogus federal income tax returns. Alice Patrick, who works at UPMC…
Category: Commentaries and Analyses
UK: Met Police in dock as probe reveals over 300 data breaches
An investigation into the data protection practices of the Metropolitan Police – the UK’s biggest force – has exposed a litany of data breaches, with a charge-sheet that includes officers even handing information to underworld figures. In total there were 300 breaches of data protection rules at The Met between 2009 and 2013 but the…
In his words: How a whitehat hacked a university and became an FBI target
Sean Gallagher reports on the hack of U. Maryland that got a contractor’s former employee in hot water with the FBI: David Helkowski stood waiting outside a restaurant in Towson, Maryland, fresh from a visit to the unemployment office. Recently let go from his computer consulting job after engaging in some “freelance hacking” of a…
FTC told to disclose the data security standards it uses for data security enforcement actions
Jaikumar Vijayan reports: The Federal Trade Commission (FTC) can be compelled to disclose details of the data security standards it uses to pursue enforcement action against companies that suffer data breaches, the agency’s chief administrative law judge ruled Thursday. The decision came in response to a motion filed by LabMD, a now-defunct medical laboratory that…
Ex-Insider Sounds Alarm On Hotel And Restaurant Data Security
Last week, I linked to a report from Consumer Reports that contained a somewhat startling allegation by the former director of security compliance for Wyndham: Now, David Durko, former director of Wyndham’s security compliance management, says that many independently owned and operated Wyndham hotels doing business under the Super 8 brand name don’t comply with Payment…
Serious security flaw in OAuth and OpenID discovered
Aloysius Low reports: Following in the steps of the OpenSSL vulnerability Heartbleed, another major flaw has been found in popular open-source security software. This time, the holes have been found in the login tools OAuth and OpenID, used by many websites and tech titans including Google, Facebook, Microsoft, and LinkedIn, among others. Wang Jing, a Ph.D student…