Patrick H. Haggerty’s article is particularly timely this week in light of the Systema Software data leak. Almost all U.S. states and territories have enacted breach notification laws requiring private and/or government entities to notify individuals when their personal information is compromised. These laws vary, and much has been written about the challenges caused by…
Category: Of Note
AU: Immigration investigation judged ‘unfair’ after asylum seeker data breach
Nicole Hasham reports: Former immigration minister Scott Morrison presided over an “unfair” investigation that ensured asylum seekers were unsuccessful in showing a serious data bungle made it more dangerous to return home, the Federal Court has found. The privacy breach, when the Immigration Department published online the confidential details of almost 10,000 asylum seekers, raised the prospect that…
Central New Mexico Community College student information possibly compromised (Updated)
KOAT reports: Thousands of Central New Mexico Community College students could be at risk of having their personnel information compromised. The college said someone from the health center reported in July that a thumb drive with students’ birth dates and Social Security numbers was missing. The college does not know what happened to it. Read more…
Comcast penalized $33 million by PUC for privacy breach
George Avalos reports: State regulators on Thursday approved a $33 million settlement with Comcast in connection with an unauthorized disclosure of unlisted names, phone numbers and addresses of 75,000 of the telecommunications giant’s customers. The names, phone numbers and addresses of the unlisted and non-published customers became available on Comcast’s online director (sic), in one…
Oops! Error by Systema Software exposes millions of records with insurance claims data and internal notes (Update3)
Insurance carriers, third party administrators (TPAs), and self-insureds had claims data exposed when a cloud-hosted claims management service inadvertently left their databases and files unprotected on a public server. Another week, another infosecurity failure that exposed oodles of personal information. This time, it’s a leak that not only exposed insurance claims data, but allegedly included internal documents that reveal how…
US-CERT’s do’s-and-don’ts for after the cyber hack
Jason Miller reports that US-CERT is offering best practices for after an attack. Here’s a bit of what he reports: Hacked organizations shouldn’t automatically initiate reactive measures to the network without first consulting incident response experts. Barron-DiCamillo said US-CERT and a host of other companies do incident responses for a living as opposed systems administrators…