George Avalos reports: State regulators on Thursday approved a $33 million settlement with Comcast in connection with an unauthorized disclosure of unlisted names, phone numbers and addresses of 75,000 of the telecommunications giant’s customers. The names, phone numbers and addresses of the unlisted and non-published customers became available on Comcast’s online director (sic), in one…
Category: Of Note
Oops! Error by Systema Software exposes millions of records with insurance claims data and internal notes (Update3)
Insurance carriers, third party administrators (TPAs), and self-insureds had claims data exposed when a cloud-hosted claims management service inadvertently left their databases and files unprotected on a public server. Another week, another infosecurity failure that exposed oodles of personal information. This time, it’s a leak that not only exposed insurance claims data, but allegedly included internal documents that reveal how…
US-CERT’s do’s-and-don’ts for after the cyber hack
Jason Miller reports that US-CERT is offering best practices for after an attack. Here’s a bit of what he reports: Hacked organizations shouldn’t automatically initiate reactive measures to the network without first consulting incident response experts. Barron-DiCamillo said US-CERT and a host of other companies do incident responses for a living as opposed systems administrators…
DoD Issues Interim Rule For Contractors on Incident Reporting and Cloud Computing Services
Joe Lazzarotti writes: Government contractors have a wide range of unique challenges (find out more about these here), not the least of which is data security. A good example is the interim rule the Department of Defense (DoD) issued last month that implements sections of the National Defense Authorization Act for Fiscal Years 2013 and…
Once seen as bulletproof, 11 million+ Ashley Madison passwords already cracked
Dan Goodin reports: When the Ashley Madison hackers leaked close to 100 gigabytes’ worth of sensitive documents belonging to the online dating service for people cheating on their romantic partners, there seemed to be one saving grace. User passwords were cryptographically protected using bcrypt, an algorithm so slow and computationally demanding it would literally take centuries…
What did CSU do to verify vendors’ data security – and what might FTC do?
When California State University decided to purchase a We End Violence program, Agent of Change, they reportedly did consider data security. The Press-Telegram reports: Laurie Weidner, spokeswoman for the Chancellor’s Office, said CSU has not terminated its relationship with We End Violence, which administered the training program called Agent of Change. The vendor was one of…