From the U.K. Information Commissioner’s Office: Bupa Insurance Services Limited (Bupa) has been fined £175,000 by the Information Commissioner’s Office (ICO) for failing to have effective security measures in place to protect customers’ personal information. Between 6 January and 11 March 2017, a Bupa employee was able to extract the personal information of 547,000 Bupa…
Category: Of Note
Facebook Hacked, 50 Million Users Affected
Lorenzo Franceschi-Bicchierai and Jason Koebler report: Facebook disclosed that hackers stole data from 50 million people on Friday. In a blog post, Facebook’s vice president of product management Guy Rosen said that the company’s engineering team “discovered a security issue affecting almost 50 million accounts.” “It’s clear that attackers exploited a vulnerability in Facebook’s code…
Russian hackers ‘Fancy Bear’ now targeting governments with rootkit malware
Zack Whittaker reports: Security researchers say that they have found evidence that for the first time Russia-backed hackers are now using a more sophisticated type of malware to target government entities. ESET presented its case Thursday that the hacker group, known as Fancy Bear (or APT28), is using rootkit malware to target its victims. That…
Uber settles with all 50 states and the District of Columbia over massive 2016 data breach. The price tag? $148 million.
Uber Technologies Inc. will be paying a steep fare for its 2016 data breach. Here’s the press release from the NYS Attorney General’s Office about the record penalty it will pay. All states and the District of Columbia are party to the settlement. Settlement with 50 States & DC Also Requires Uber to Adopt Model Data…
United Nations Accidentally Exposed Passwords and Sensitive Information to the Whole Internet
Micah Lee reports: The United Nations accidentally published passwords, internal documents, and technical details about websites when it misconfigured popular project management service Trello, issue tracking app Jira, and office suite Google Docs. The mistakes made sensitive material available online to anyone with the proper link, rather than only to specific users who should have…
SingHealth data breach reveals several ‘inadequate’ security measures
Eileen Yu reports: Investigation into Singapore’s most severe cybersecurity breach has uncovered several poor security practices, including the use of weak administrative passwords and unpatched workstations. The findings were revealed on the first day of hearings led by the Committee of Inquiry (COI), a team set up to probe a July 2018 security breach that…