Austen Hufford reports: A data breach at Starwood Hotels & Resorts Worldwide Inc. exposed payment card information for some of its North American hotels, the latest cybersecurity incident to sting a U.S. company. Read more on WSJ. A list of the 54 properties affected and the dates of compromise are provided here (pdf). In some…
Category: Of Note
FTC v. LabMD ruling issued: FTC loses data security enforcement case (Update2)
In a data security enforcement action that some have characterized as a modern version of David vs. Goliath, David won today, and the FTC lost. It was an enforcement action that the FTC never should have commenced, as I’ve argued repeatedly, and today’s loss may actually make future enforcement actions more difficult for them as the standard for demonstrating…
FBI alerts Owensboro Health to Breach at Muhlenberg Hospital; Breach Began in January, 2012
The breach in question may have begun in January, 2012, years before OH Muhlenberg acquired Muhlenberg Community Hospital, but it potentially impacted all patients, all payment guarantors, employees and some credentialed providers after that date and before OH Muhlenberg learned of the breach and contained it. This incident does not yet appear on HHS’s public…
OPM’s $20M contract for ID theft protection violated federal rules
Can OPM do anything right? In this week’s installment of their totally infuriating breach and breach response saga, it appears that they didn’t follow proper procedures in awarding a contract for ID theft monitoring services for breach victims. Jack Moore reports: The inspector general of the Office of Personnel Management says a $20 million sole-source…
Massive Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege
Jordan Smith and Micah Lee report: An enormous cache of phone records obtained by The Intercept reveals a major breach of security at Securus Technologies, a leading provider of phone services inside the nation’s prisons and jails. The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over…
You Only Need One Password to Access the Allegedly Hacked Law Enforcement Databases
Meant to post this one yesterday, but got sidetracked. It’s a great reminder of how if you try to make things more user-friendly, you may also significantly compromise security – and in this case a LOT of government files that should be secured better. Aliya Sternstein reports: The U.S. government recently lassoed together a bunch of intelligence…