by Steven Englehardt, Gunes Acar, and Arvind Narayanan Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data…
Category: Of Note
Oklahoma State University Center for Health Sciences notifying 280,000 Medicaid patients after hack
Oof. Oklahoma State University Center for Health Sciences is notifying 279,865 Medicaid patients of a hacking incident. Here is the notice from OSU’s web site: Oklahoma State University Center for Health Sciences (OSUCHS) takes the privacy and security of our patients’ information very seriously. Regrettably, this notice is regarding an incident in which some Medicaid patient information…
New Event of Note: International Privacy+Security Forum: Feb. 26 and Feb. 27
One of the absolute joys of blogging about privacy and breaches for the last 11+ years is that I’ve had the opportunity to meet so many fantastic scholars and practitioners. But I’ve only had that opportunity because a few people have done the hard work to organize events and to graciously offer to comp me so…
Federal Appeals Court Slams Data Breach Privilege Claim
Craig A. Newman writes: In the most recent object lesson in a data breach privilege case, a federal appeals court has ordered a Michigan-based mortgage lender to turn over privileged forensic investigatory documents after the investigator’s conclusions were revealed in discovery. Background. In the case, Leibovic v. United Shore Financial Services, LLC, et al, No. 17-2290,…
North Royalton hacker stole potentially embarrassing information from computers, feds say
Eric Heisig reports: Federal prosecutors accused a North Royalton man of creating a malware program named “Fruitfly” that he used to worm its way into thousands of computers nationwide, according to a news release. Phillip Durachinsky, 28, used the malware to steal people’s personal information, including usernames, passwords, financial records, medical records, photographs, internet searches…
UK: ICO slams Carphone Warehouse with £400,000 penalty; inadequate security contributed to 2015 hack
If you’ve been following along since 2015, you may recall a breach involving Carphone Warehouse that was first disclosed in August, 2015. At the time, we were told that the hack affected 2.4 million customers’ data and about 90,000 customers’ credit cards. Fast forward to today, when the U.K.’s Information Commissioner announced that it has…