It’s not enough I come across a payment card breach notification with a lot of detail, so I was surprised to read a notification of an e-commerce breach from Bailey’s to the Oregon Attorney General’s Office that provided so much information. Look at the first few paragraphs of the timber harvest gear firm’s notification. It includes the date…
Category: Of Note
US Debuts ‘Hack the Pentagon’ Bug Bounty
Tara Seals reports: Announcing what it calls “the first cyber bug bounty program in the history of the federal government,” the Department of Defense is inviting hackers to test the department’s cybersecurity profile. The Hack the Pentagon initiative is a pilot program that will use commercial sector crowdsourcing to uncover vulnerabilities and probe around for flaws on…
Federal Times obtained and analyzed 26,381 security incidents reported by HHS components over a 30-month period
Kudos to Federal Times, who obtained a tremendous amount of data from HHS about security incidents involving their component systems. Aaron Boyd reports on their analysis of data, which was obtained through a Freedom of Information request. The analyses look at types of attacks by components of HHS. Here’s some of their analysis and findings: The records…
IRS “Get Transcript” breach much bigger than first thought – now more than 700K victims
Andrew Taylor of AP reports: The IRS says the number of taxpayers whose tax information may have been stolen by computer hackers now exceeds 700,000 — more than double the agency’s previous estimate. The tax collecting agency says 390,000 more taxpayer accounts may have compromised than the 334,000 it warned about a year and a…
uKnowKids updates its breach report and answers a question I posed
There’s an update to uKnowKids’ breach disclosure, here. They assert that their analysis shows only one IP address – presumably researcher Chris Vickery’s – downloaded any data from their misconfigured database. They do not name the provider responsible for security the database. According to their statement, the misconfigured instance of the database occurred on December…
Addressing Gaps in Cybersecurity: OCR Releases Crosswalk Between HIPAA Security Rule and NIST Cybersecurity Framework
The sensitive health information maintained by health care providers and health plans has become an increasingly attractive target for cyberattacks. The need for health care organizations to up their game on health data security has never been greater. To help health care organizations covered by the Health Insurance Portability and Accountability Act (HIPAA) to bolster…