Adam Carter reports on a small-N breach that reminds us all how horrifying the consequences of a privacy breach can be: A Hamilton woman says Telus violated her privacy and put her and her family in grave danger by allowing her stalker to access her phone account without her consent. Ellie, whose name has been…
Category: Of Note
218,000 AlphaBay marketplace users’ private messages acquired by bug hunter
If you’re a darknet vendor who has the skills to really test the security of marketplaces where you might hawk your wares, what do you do? Well, if you’re a vendor known as “Cipher0007” on reddit, and you find problems, you try to alert the marketplace, and then go public if they don’t respond promptly. This…
Expert Hacks Internal DoD Network via Army Website
Eduard Kovacs reports: A security researcher who took part in the Hack the Army bug bounty program managed to gain access to an internal Department of Defense (DoD) network from a public-facing Army recruitment website. [….] Roughly 118 of the reports have been classified as unique and actionable, and participants have been awarded a total…
Horizon Blue Cross Blue Shield loses round in data breach litigation
Disclosure of personal information, even without demonstration of misuse of the information, creates de facto injury under FCRA Court vacates and remands Justia provides a summary of an opinion issued by the Court of Appeals for the Third Circuit that revives a potential class action lawsuit again a New Jersey health insurer. The litigation stemmed from…
Stop calling all hacks with ransom demands “ransomware”
For the past year, I’ve been criticizing entities that describe their data leaks as “hacks” (cf, this article of mine on The Daily Dot or this post as examples). More recently, Zack Whittaker has also forcefully raised that issue on ZDNet. Whether other journalists will adapt their language and correctly report incidents as “leaks” instead of “hacks”…
CoPilot Provider Support Services notifies 220,000 of data security breach in 2015
UPDATE: As of January 24, CoPilot continues to ignore inquiries sent by this site asking for explanations of why it took so long to notify/disclose this breach. But I see a lot of commenters asking this site/me for information. I don’t have any information to share with you other than what is in the post…