J. David McSwane reports: Confidential medical records of more than 6,600 Medicaid patients in Texas were unintentionally made public for up to 8 years via the Internet by the Department of Aging and Disability Services. The agency, which is charged with assisting some of the state’s most vulnerable people, became aware of the breach in…
Category: Of Note
Missing Link Network breach affects winery clients (update3)
Missing Link Network, the e-commerce provider for a number of wineries, notified its clients on May 27th of a breach that occurred between April 1 and April 30. The breach resulted in the attacker gaining access to customers’ names, addresses, dates of birth, and payment card data. Affected clients include (links go to their notification…
Cardinals Face F.B.I. Inquiry in Hacking of Astros’ Network
Michael S. Schmidt reports: The F.B.I. and Justice Department prosecutors are investigating whether front-office officials for the St. Louis Cardinals, one of the most successful teams in baseball over the past two decades, hacked into internal networks of a rival team to steal closely guarded information about player personnel. Investigators have uncovered evidence that Cardinals…
Abandoned autopsy lab in Tobolsk, Siberia still has medical records, human remains
This is a somewhat bizarre – and disturbing – breach involving medical records and human remains. Police have launched an investigation after an abandoned autopsy laboratory containing mummified baby remains was discovered in a park. The gruesome facility in Tobolsk, which may have been used as recently three years ago, was stumbled across by a…
After breaches, higher-ed schools adopt two-factor authentication
Ann Bednarz reports: Payday didn’t go as planned on January 2, 2014, for some Boston University employees. On that day, about a dozen faculty members discovered their paychecks hadn’t been deposited into their bank accounts. Thieves had changed the victims’ direct deposit information and rerouted their pay. BU’s IT security team traced the attack to a phishing…
In the exploit biz? FULL DISCLOSURE is your best friend, boffin says
Darren Pauli reports: Auscert Security bod Alfonso De Gregorio says buyers and sellers in the cut-throat exploit marketplace should release their zero-days to the public if they are fleeced. The BeeWise founder says full disclosure of security vulnerabilities helps punish both buyers who fail to pay or on-sell zero-days, and sellers who break contracts and re-sell…