Uh oh. Todd Haselton reports: Equifax, which supplies credit information and other information services, said Thursday that a data breach could have potentially affected 143 million consumers in the United States. The population of the U.S. was about 324 million as of Jan. 1, 2017, according to the U.S. Census Bureau, which means the Equifax…
Category: Of Note
Lenovo Settles FTC Charges it Harmed Consumers With Preinstalled Software on its Laptops that Compromised Online Security
From the Federal Trade Commission: Lenovo Inc., one of the world’s largest computer manufacturers, has agreed to settle charges by the Federal Trade Commission and 32 State Attorneys General that the company harmed consumers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers. In its complaint, the…
FTC Settles GLBA Enforcement Action Against TaxSlayer Stemming From 2015 Data Breach
We haven’t seen many data security enforcement actions under the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule, but a recent case is a good opportunity to remind entities that they may be covered by it even if they didn’t know it. Edward McAndrew, Kim Phan, and Zaven Sargsian of Ballard Spahr write: The Federal Trade Commission (FTC)…
BroadSoft Inc. left millions of partners’ customer data records exposed
Bob Diachenko of Kromtech Security reports: One of the top companies that provides cloud-based unified communications has just leaked more than 600GB of sensitive files online. The Kromtech Security Center has discovered not just one but two cloud-based file repositories (AWS S3 buckets with public access) that appear to be connected to the global communication…
Spambot leaks more than 700m email addresses in massive data breach
Alex Hern reports: More than 700m email addresses, as well as a number of passwords, have leaked publicly thanks to a misconfigured spambot, in one of the largest data breaches ever. The number of real humans’ contact details contained in the dump is likely to be lower, however, due to the number of fake, malformed…
Judge Cracks Down on LinkedIn’s Shameful Abuse of Computer Break-In Law
Jamie Williams and Amul Kalia write: Good news out of a court in San Francisco: a judge just issued an early ruling against LinkedIn’s abuse of the notorious Computer Fraud and Abuse Act (CFAA) to block a competing service from perfectly legal uses of publicly available data on its website. LinkedIn’s behavior is just the…