Mark Young and Vera Coughlan write: Formal adoption of the EU Network and Information Security (NIS) Directive is a step closer following a vote on January 14 by the European Parliament’s internal market and consumer protection (IMCO) committee. As we reported in December, the European institutions reached an informal political agreement on the NIS Directive — dubbed…
Category: Of Note
Trend Micro Flaw Would Have Allowed Hackers To Steal Your Passwords
Adnan Farooqui reports: It’s ironic when programs that are meant to protect you from attackers actually open up doors from them. One of Google’s information security engineers discovered a critical flaw in Trend Micro antivirus which would not only have allowed attackers to execute code remotely but would have even let them steal all of…
Databases with voter information and the “database of ruin”
DataBreaches.net recently reported on two inadequately secured MongoDB databases that exposed voters’ information. The public’s reaction to these two incidents illustrated how little the majority of the public knows about what’s in a voter registration list and how such records are viewed by states. But the incidents also raise important questions as to whether existing laws provide adequate protection…
OR: Companies and state agencies must notify state of breaches affecting more than 250 Oregonians
KTVZ reminds everyone that Oregon’s new law has gone into effect whereby businesses and state agencies must notify the Oregon Attorney General of breaches affecting the personal information of at least 250 Oregonians. The new law defines protected data to include any medical, health insurance or biometric information as well as Social Security numbers, government ID numbers or…
40,000 Packages of Backlogged Claims Material Discovered at Single VA Office
This is absolutely disgraceful. Morgan Chalfant reports: More than 40,000 backlogged mail packages of veterans’ disability claims material were discovered at a VA regional office in Florida, according to a new report from the VA inspector general. Investigators also found more than 1,600 boxes of unprocessed veterans’ claims material at a scanning facility with which the St….
Henry Schein settles FTC charges it misled customers about encryption of patient data
It appears the FTC acted on a complaint I filed with them last year concerning Henry Schein Dental’s use of the word “encryption” in their marketing and their refusal to individually notify customers that the “encryption” provided by Dentrix G5 was not NIST-grade encryption that would give them Safe Harbor under HIPAA. Background on my concerns…