There’s a follow-up to an incident reported by DataBreaches.net in January and February involving CoPilot Provider Services. As I had reported in January, CoPilot took more than one year to notify individuals of a breach involving their web site, and would not answer any questions as to why it took so long. As I subsequently…
Category: Of Note
HospitalGown Database Leak: Enterprise Apps Found Leaking Data On Back End Servers
AJ Dellinger reports: Mobile apps for enterprise services that manage data are leaving massive troves of user information exposed and unprotected on backend servers, according to a group of security researchers. Experts at Appthority, a mobile security firm, published a report that showed 43 terabytes of data from enterprise apps left exposed. The information was…
Anthem, AmEx, PayPal, Must Face ID Theft Suit in Calif.
Jimmy H. Koo reports: Health insurance, financial services, and payment card companies failed to keep a California attorney’s identify theft lawsuit in federal court and must face the allegations back in state court, the U.S. District Court for the Northern District of California held May 31 ( Gallo v. Unknown No. of Identity Thieves ,…
Has Booz Allen Hamilton had yet another serious and embarrassing data leak?
So while I was busy trying to get from there to here, UpGuard’s new site, Cyber Resilience, released its first blockbuster report: In what constitutes the latest in a series of blows to the US intelligence community’s reputation for stringent information security, UpGuard’s Cyber Resilience Team can now reveal the discovery by Cyber Risk Analyst…
The Computer Fraud and Abuse Act Will Need To Wait Another Day In New York’s Commercial Division
Justice Shirley Kornreich recently issued one of the few New York state court decisions that address the Computer Fraud and Abuse Act (“CFAA”). Spec Simple, Inc. v. Designer Pages Online LLC, No. 651860/2015, 2017 BL 160865 (N.Y. Sup. Ct. May 10, 2017). The CFAA criminalizes both accessing a computer without authorization and exceeding authorized access…
Target to Pay 47 States $18.5M to Settle Data Breach Case
Stephen Joyce reports: Target Corp. will pay $18.5 million to settle state enforcement actions over the retailer’s payment card hacking breach that affected as many as 60 million customers during the 2013 winter holiday shopping season, a coalition of 47 state attorneys general announced May 23. The settlement capped an investigation led by Illinois Attorney…