Saadya Chevan reports: Last April, the College’s Financial Aid office uploaded and accidentally made visible to students, faculty, and staff two confidential documents containing federal work-study (FWS) balances of 107 students from two Spring 2018 pay-periods. The documents also reveal by implication that all of these students had applied for and received financial aid awards…
Category: Exposure
Tumblr’s ‘recommended blogs’ feature exposed user data
Julia Alexander reports: A security bug that hit Tumblr’s recommended blogs module may have exposed users’ private information, according to an open letter. Information like email addresses, passwords, IP addresses, and self-reported locations may have become exposed due to the bug if individual accounts were hit. It’s unclear if the bug affected individual accounts, according…
A Washington ISP exposed the ‘keys to the kingdom’ after leaving a server unsecured
Zack Whittaker reports: A Washington state internet provider left an unprotected server online without a password, exposing network schematics, passwords and other sensitive files for at least six months. Worse, it took the company a week to shut off the leak, despite several phone calls and emails warning of the exposure. The little-known internet provider,…
VA: Norfolk school parents notified of medical data breach
Sara Gregory reports: Norfolk school officials this week notified the parents of students and employees whose medical information was publicly disclosed in school crisis plans online for a year until August. After staff and attorneys reviewed the plans, the district identified a total of 308 students and staff who were referenced in the school crisis…
The 3 Biggest Data Security Takeaways From The 11th Circuit Decision In FTC v. LabMD
After providing some history the LabMD enforcement action by FTC, and the former’s appeal to the 11th Circuit, Tom Kulik of Scheef & Stone, LLP outlines what he considers the three biggest data security takeaways from the case. You can read his article on Above the Law.
Medical Information Leaked After Hackers Breach Israeli Emergency Responders’ Website
Amitai Ziv reports: Serious security breaches in the website of Magen David Adom, also known as MDA, have led to the leaking of identifying information about patients, sensitive medical information, financial information and even information on organization volunteers. A so-called white hat hacker – who finds breaches to improve cybersecurity rather than to attack sites…