I had previously reported that LifeLock was negotiating to settle FTC charges that it had violated a 2010 consent order. Now it’s official. From the FTC: LifeLock will pay $100 million to settle Federal Trade Commission contempt charges that it violated the terms of a 2010 federal court order that requires the company to secure…
Category: Of Note
UAE: Extortion demand refused by InvestBank, hacker goes on data dump rampage
Mazhar Farooqui reports an update to a hack and data dump involving InvestBank customers: The cyber criminal who hacked into a Sharjah bank last month has gone on the rampage. After the bank refused to give into his blackmail and pay $3 million in ransom money, the criminal Hacker Buba has posted the confidential details…
Europe Approves Tough New Data Protection and Breach Notification Rules
Mark Scott reports that new EU data protection directives were (finally) approved yesterday, and will go into effect in 2017. Some of the directives will have significant impact for American businesses, regardless of whether they maintain headquarters or offices in the EU. Scott summarizes some of the new directives, and there are a few that…
Update: OkHello (FINALLY) secures its leaking database (Update2)
After discovering that OkHello video chat service’s database was still leaking – nine days after Chris Vickery and I first notified them and tried to get them to secure it – I sent two more emails to OkHello last night to repeat the notification. Both were to email addresses that were only found last night (and great thanks to Steve Ragan…
Number of leaking MongoDB databases increasing: Shodan founder
Yesterday’s news about a MongoDB database belonging to MacKeeper (Kromtech) leaking certainly got a lot of media attention. But now do read John Matherly’s comments on Shodan. Matherly, the founder of Shodan, notes that the number of available, unauthenticated instances of MongoDB has actually increased in the past few months. Of note, he explains that increase is occurring…
University of Washington Medicine Pays $750,000 to Settle HHS Charges Relating to Organization-Wide Risk Assessment
From the U.S. Department of Health and Human Services, this press release announcing that U. of Washington Medicine has settled charges it potentially violated HIPAA’s Security Rule. The investigation stemmed from an incident reported on this site in November, 2013. The University of Washington Medicine (UWM) has agreed to settle charges that it potentially violated the…