Of Note – Page 669 – DataBreaches.Net

Target update: 70 million MORE customers affected by breach (Update)

Posted on January 10, 2014 by Dissent

From their press release of today: MINNEAPOLIS — January 10, 2014 Target today announced updates on its continuing investigation into the recent data breach and its expected fourth quarter financial performance. As part of Target’s ongoing forensic investigation, it has been determined that certain guest information — separate from the payment card data previously disclosed —…

David Nosal sentenced; case narrowed the definition of “exceeding authorized access” under CFAA (update1)

Posted on January 8, 2014 by Dissent

I’ve been following the David Nosal case on this blog since April 2011, when the Ninth Circuit held that an employee who violates his employer’s computer use policy is guilty of “exceeding authorized access” to the employer’s computer under the federal anti-hacking statute, CFAA. In June 2011, Nosal filed a petition for rehearing en banc (see…

Drowning in breach reports today…

Posted on January 8, 2014 by Dissent

Today, HHS added 37 incidents to its public breach tool, which I’ve summarized over on phiprivacy.net (here and here). But it looks like I can’t catch a break, as the Maryland Attorney General’s Office also updated its breach tool. So here are some more breaches I did not previously know about, with links to their…

Hacker backdoors Linksys, Netgear, Cisco and other routers

Posted on January 6, 2014 by Dissent

Richard Chirgwin reports: The new year begins as the old year ended: with yet more vulnerabilities turning up in consumer-grade DSL modems. A broad hint for any broadband user would be, it seems, to never, ever enable any kind of remote access to the device that connects you to the Internet. However, the hack published…

This was all too predictable…

Posted on January 1, 2014 by Dissent

Remember how I posted about how some frustrated researchers at Gibson Security had gone public with a SnapChat vulnerability that the firm allegedly hadn’t addressed? Well, now it seems 4.6 million SnapChat users’usernames and phone numbers have been leaked.

Accretive Health Settles FTC Charges That It Failed to Adequately Protect Consumers’ Personal Information

Posted on December 31, 2013 by Dissent

From the FTC, a follow-up on a breach that was first disclosed in September 2011, and that I’ve covered a number of times on PHIprivacy.net (see these articles). Regular readers may recall that Accretive was also sued by Minnesota’s Attorney General. That suit settled for $2.5 million in July 2012. Accretive Health, Inc., a company that…