Darlene Storm reports: When it comes to the atrocious state of HealthCare.gov security, white hat hacker David Kennedy, CEO of TrustedSec, may feel like he’s beating his head against a stone wall. Kennedy said, “I don’t understand how we’re still discussing whether the website is insecure or not. It is; there’s no question about that.” He added,…
Category: Exposure
Starbucks sat on its clear-text password problem for months
Evan Schuman reports: When Starbucks published the new version of its iOS mobile app yesterday to fix its passwords-in-clear-text problem, it demonstrated a seemingly awesome ability to correct a serious security issue in a single day. But was it truly awesome? Not if it knew about the security hole for months. Not if it knew about it before it published the prior iOS app…
KC engineer ‘exposed unencrypted spreadsheet with phone numbers, user IDs, PASSWORDS’
Kelly Fiveash reports: Hull’s dominant telco, KC, is investigating revelations of what appears to be poor handling of the company’s customer data. This comes after a recent sign-up claimed one of its engineers had unwittingly exposed a customer spreadsheet containing the telephone numbers, user IDs and unencrypted passwords of all its subscribers. Read more on…
Veteran Affairs’ E-Benefits website exposing veterans’ information
Jon Camp reports: Navy veteran Sylvester Woodland said he couldn’t believe what he was seeing Wednesday night when he logged onto the Veteran Affairs’ E-Benefits website. “It gave me a different person’s name, each and every time I came back,” Woodland said. At first I thought it was just a glitch, but the more I…
Oops – some Burlington residents’ SSN exposed on the city’s website
The City of Burlington in Vermont is notifying some of its residents that their names and Social Security numbers had not been redacted from their tax abatement requests that were submitted to the city’s board and uploaded to the city’s website as part of a clickable agenda for the meeting. The information was uploaded on…
Tokyo ordered to pay damages to Muslim victims of privacy breach
There’s a follow-up to a breach covered previously on this site involving a data leak from the Metropolitan Police Department in Tokyo. The Tokyo District Court ordered the Tokyo Metropolitan Government to pay 90 million yen (around $860,000) in damages to 17 Muslims for the breach of privacy lawsuit they filed against the city. Around 114 documents were leaked…