If you’re a darknet vendor who has the skills to really test the security of marketplaces where you might hawk your wares, what do you do? Well, if you’re a vendor known as “Cipher0007” on reddit, and you find problems, you try to alert the marketplace, and then go public if they don’t respond promptly. This…
Category: Of Note
Expert Hacks Internal DoD Network via Army Website
Eduard Kovacs reports: A security researcher who took part in the Hack the Army bug bounty program managed to gain access to an internal Department of Defense (DoD) network from a public-facing Army recruitment website. [….] Roughly 118 of the reports have been classified as unique and actionable, and participants have been awarded a total…
Horizon Blue Cross Blue Shield loses round in data breach litigation
Disclosure of personal information, even without demonstration of misuse of the information, creates de facto injury under FCRA Court vacates and remands Justia provides a summary of an opinion issued by the Court of Appeals for the Third Circuit that revives a potential class action lawsuit again a New Jersey health insurer. The litigation stemmed from…
Stop calling all hacks with ransom demands “ransomware”
For the past year, I’ve been criticizing entities that describe their data leaks as “hacks” (cf, this article of mine on The Daily Dot or this post as examples). More recently, Zack Whittaker has also forcefully raised that issue on ZDNet. Whether other journalists will adapt their language and correctly report incidents as “leaks” instead of “hacks”…
CoPilot Provider Support Services notifies 220,000 of data security breach in 2015
UPDATE: As of January 24, CoPilot continues to ignore inquiries sent by this site asking for explanations of why it took so long to notify/disclose this breach. But I see a lot of commenters asking this site/me for information. I don’t have any information to share with you other than what is in the post…
OCR settles charges against MAPFRE Life Insurance for $2.2 million
As breaches go, the theft of a USB drive with ePHI on 2,209 insurance members doesn’t sound like a lot, but The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced a settlement with MAPFRE Life Insurance Company of Puerto Rico because of what they found when they investigated the breach…