Meena Harris writes: The Federal Trade Commission (“FTC”) has approved final orders settling charges against Fandango and Credit Karma that the companies misrepresented the security of their mobile apps and failed to protect the transmission of consumers’ sensitive personal information. The FTC specifically alleged that, although the companies made security promises to consumers that their…
Category: Of Note
CHS Hacked via Heartbleed Vulnerability
From TrustedSec: As many of you may have already been aware, a breach at Community Health Systems (CHS) affecting an estimated 4.5 million patients was recently revealed. TrustedSec obtained the first details on how the breach occured and new information relating to this breach. The initial attack vector was through the infamous OpenSSL “heartbleed” vulnerability…
Comptroller DiNapoli: Schools Must Do More to Limit Access to Sensitive Student Databases
Yes, it’s as bad as I’ve been saying for years. Now if they will just audit the NYC Department of Education, too. Employees in six upstate New York school districts had inappropriate computer access to sensitive student data and were able to change student grades and attendance records without proper authorization, according to an audit released today…
IE: Dirty tricks at centre of credit union snooping
Niall O’Connor reports on a major case of social engineering: Sensitive personal data, including addresses and job details, was handed over by the Department of Social Protection after just one phone call from private investigators pretending to be State officials. The underhand tactics used to extract confidential information from a leading State agency is revealed…
Supervalu investigating potential data breach: WSJ
Ramkumar Iyer reports: U.S. supermarket chain Supervalu Inc is investigating a potential data breach that could have affected more than 1,000 of its stores, the Wall Street Journal reported on Thursday, citing people with knowledge of the matter. The data breach appears to have taken place in late June or early July and may be…
Military Companies Brace for Rules on Monitoring Hackers
Chris Strom reports: Companies that do business with the Defense Department are bracing for new U.S. rules requiring them to report computer breaches to the Pentagon and give the government access to their networks to analyze the attacks. Groups representing the contractors are raising concern about the Pentagon rooting around their data, and say smaller…