Proprietary data from Protenus shows disclosed breaches are just one one-thousandth of the actual risk health systems routinely carry 1,129,744 patient records were breached between January and March 2018, according to new data released today in the Protenus Breach Barometer. Published by Protenus, an artificial intelligence platform used by top health systems to analyze every…
Category: Of Note
Australia’s Largest Bank Lost The Personal Financial Histories Of 12 Million Customers
Paul Farrell reports: The Commonwealth Bank lost the personal financial histories of 12 million customers, and chose not to reveal the breach to consumers, in one of the largest financial services privacy breaches ever to occur in Australia. BuzzFeed News can reveal that the nation’s largest bank lost the banking statements for customers from 2004…
Hackers target Georgia Southern, Augusta restaurants
So if you want to prove a hacking bill is a bad idea, engaging in black hat/grey hat activities may not be the best way to persuade people. Tom Corwin reports: A hacking group upset with Georgia legislation that could criminalize what they do targeted Georgia Southern University and two Augusta restaurants in an ongoing…
The Digital Vigilantes Who Hack Back
Nicholas Schmidle reports: One day in the summer of 2003, Shawn Carpenter, a security analyst in New Mexico, went to Florida on a secret mission. Carpenter, then thirty-five, worked at Sandia National Laboratories, in Albuquerque, on a cybersecurity team. At the time, Sandia was managed by the defense contractor Lockheed Martin. When hundreds of computers…
Supreme Court to rule in Google referrer header privacy settlement case
David Zwier reports: The US Supreme Court granted certiorari [order list, PDF] in three cases Monday, including a dispute over a settlement in a Google privacy case and a Missouri death penalty case. In Frank v. Gaos [docket; cert. petition, PDF], the question before the court is, “in what circumstances a cy pres award of…
WHEN do you have to notify by? State laws vary.
MintzLevin has updated its state data breach law matrix, as I noted previously on the page where I link to such resources. Here’s an excerpt from their matrix: Breach Notification Timeline Time After Discovery of Breach Action Required 10 Calendar Days Puerto Rico Department of Consumer Affairs 14 Business Days Vermont AG preliminary…