Cornell Prescription Pharmacy (Cornell) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule with the Department of Health and Human Services (HHS), Office for Civil Rights (OCR). Cornell will pay $125,000 and adopt a corrective action plan to correct deficiencies in its HIPAA compliance program….
Category: Of Note
Verifone statement on default password Z66831
Earlier today, DataBreaches.net asked Verifone for a comment or response to the report about an unnamed firm using the same default password for 25 years, as it was pretty easy to figure out from a Google search that an unnamed vendor was them. Gene Cyranski, Vice President of Zeno Group kindly sent this statement in response: The Verifone default…
Point-of-Sale vendor has used the same admin password for 25 years
Alan Martin reports: A major vendor of point-of-sale terminals has not changed the default passwords used on its devices in a quarter of a century, researchers have revealed at RSA 2015. The firm was not named during the presentation by Charles Henderson and David Byrne for security reasons, but it is said to be a widely used manufacturer. Although…
Unhappy Third Birthday to My Experian Complaint?
Three years ago today, I filed a complaint with the Federal Trade Commission about Experian’s data breaches. Back then, I knew about 60 breaches of their credit reporting database due to client login credentials being misused. There were also other breaches of their database involving people being able to authenticate as others to obtain credit reports,…
Intuit lawsuit alleges firm facilitated fraud by lax security
Marisa Kendall reports: In a suit filed Monday against Intuit Inc., plaintiffs lawyers claim lax security protections in the company’s TurboTax software are to blame for a recent spike in fraudulent tax returns. Intuit didn’t take adequate steps to stop criminals from using TurboTax to steal customers’ personal information, file false returns on their behalf…
Dem: USIS data breach affected more than 27K
Elise Viebeck reports: The number of individuals victimized in a cyberattack on a major background investigation service is higher than previously reported, the House Oversight Committee’s top Democrat said Wednesday. Rep. Elijah Cummings (D-Md.) reported that the initial estimate of 27,000 federal employees compromised in the breach of government contractor USIS is now believed to…