Lauren FitzPatrick reports: Confidential information about Chicago Public Schools students — including medical conditions and dates of birth — was kept on unsecured web documents that anyone could call up despite laws and CPS rules that are supposed to safeguard children’s privacy. Some of the personal, identifiable information involved requests for certain ongoing nursing services…
Category: Of Note
Aadhaar biometric data breaches trigger privacy concerns
Suranjana Roy, Komal Gupta, and Apurva Vishwanath report: A case of Aadhaar data breach has caused privacy concerns and raised questions over the security of biometric data in possession of the Unique Identification Authority of India (UIDAI). […] The UIDAI filed a police complaint on 15 February against Axis Bank Ltd, business correspondent Suvidhaa Infoserve…
Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug
Iain Thomson reports: Big-name websites leaked people’s private session keys and personal information into strangers’ browsers, due to a Cloudflare bug uncovered by Google security researchers. Cloudflare helps companies spread their websites and online services across the internet. Due to a programming blunder, for several months Cloudflare’s systems slipped random chunks of server memory into…
Florida man pleads guilty in attempted hacking of Clinton Foundation
Nate Raymond and Nathan Layne report: A Florida man pleaded guilty in a case stemming from an attempted hacking of the Clinton Foundation on Thursday, months after he was sentenced to 42 years in prison in the wake of child pornography discovered on his computers during the probe. Timothy Sedlak, 43, pleaded guilty in federal…
Police Have Arrested a Suspect in a Massive ‘Internet of Things’ Attack
Lorenzo Franceschi-Bicchierai reports: European police suspect a 29-year-old man of keeping one million people offline. They might have found the person behind the notorious hacker known as BestBuy. At the end of last year, hackers took over hundreds of thousands of home routers using a variant of the infamous Internet of Things malware known as Mirai. Then they rented out…
Will a Pending OCR Rule Impact Breach Class-Action Suits?
Marianne Kolbasuk McGee A pending federal regulation – called for under the HITECH Act – that would allow regulators to share with breach victims money collected in HIPAA violation cases eventually could have implications in class-action breach lawsuits, says privacy attorney Adam Greene. The Department of Health and Human Services’ Office for Civil Rights “is working on a new…