It’s not just the FTC looking at your security and your representations to clients about the security of your product. While the FTC recently settled charges against Henry Schein Practice Solutions for advertising a Dentrix product as providing “encryption” when it didn’t, the Consumer Financial Protection Bureau is also taking aim at companies that mislead consumers about security,…
Category: Of Note
Bailey’s notifies 15,000 online customers of payment card breach
It’s not enough I come across a payment card breach notification with a lot of detail, so I was surprised to read a notification of an e-commerce breach from Bailey’s to the Oregon Attorney General’s Office that provided so much information. Look at the first few paragraphs of the timber harvest gear firm’s notification. It includes the date…
US Debuts ‘Hack the Pentagon’ Bug Bounty
Tara Seals reports: Announcing what it calls “the first cyber bug bounty program in the history of the federal government,” the Department of Defense is inviting hackers to test the department’s cybersecurity profile. The Hack the Pentagon initiative is a pilot program that will use commercial sector crowdsourcing to uncover vulnerabilities and probe around for flaws on…
Federal Times obtained and analyzed 26,381 security incidents reported by HHS components over a 30-month period
Kudos to Federal Times, who obtained a tremendous amount of data from HHS about security incidents involving their component systems. Aaron Boyd reports on their analysis of data, which was obtained through a Freedom of Information request. The analyses look at types of attacks by components of HHS. Here’s some of their analysis and findings: The records…
IRS “Get Transcript” breach much bigger than first thought – now more than 700K victims
Andrew Taylor of AP reports: The IRS says the number of taxpayers whose tax information may have been stolen by computer hackers now exceeds 700,000 — more than double the agency’s previous estimate. The tax collecting agency says 390,000 more taxpayer accounts may have compromised than the 334,000 it warned about a year and a…
uKnowKids updates its breach report and answers a question I posed
There’s an update to uKnowKids’ breach disclosure, here. They assert that their analysis shows only one IP address – presumably researcher Chris Vickery’s – downloaded any data from their misconfigured database. They do not name the provider responsible for security the database. According to their statement, the misconfigured instance of the database occurred on December…