The Federal Trade Commission has taken enforcement action for the first time under its Health Breach Notification Rule against the telehealth and prescription drug discount provider GoodRx Holdings Inc., for failing to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to Facebook, Google, and other companies. In a first-of-its-kind proposed…
Category: Of Note
In 2023, Resolve to Fix Your Organization’s Meta Pixel Problem
In 2023, Resolve to Fix Your Organization’s Meta Pixel Problem It’s time to be proactive about user privacy. Find out if you’re sending too much data to Facebook—or if you need to send data at all By: Maria Puertas and Simon Fondrie-Teitler We all use the internet to complete increasingly sensitive tasks: book doctor’s appointments,…
GitHub revokes code signing certificates stolen in repo hack
Sergiu Gatlan reports: GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories. So far, GitHub has found no evidence that the password-protected certificates (one Apple Developer ID certificate and two Digicert code signing certificates used for Windows…
Case May Impact Role of Lawyers in Data Breaches and IR
Mark Rasch writes: On January 9, 2023, the U.S. Supreme Court heard oral arguments on a criminal tax investigation case out of California that might impact the scope and extent of attorney-client privileges in data forensic investigations. The case, called In Re Grand Jury, Dkt. No. 21-1397, involves a federal grand jury demand for records created by…
Doctor Paid $60k in Bitcoin to Hire Dark Web Hitmen
Habiba Rashid reports: Ronald Craig Ilg, 56, was sentenced to eight years in prison for hiring hitmen on the dark web to assault and kidnap victims. The doctor in Spokane, Washington paid $60,000 in Bitcoin as payment for the tasks he asked the hitmen to perform. […] … the first was a former colleague, also a Spokane-area doctor….
Zacks Investment Research notifies 820,000 clients
Bill Toulas reports: Hackers breached Zacks Investment Research (Zacks) company last year and gained access to personal and sensitive information belonging to 820,000 customers. […] An internal investigation into the incident determined that a threat actor gained access to the network somewhere between November 2021 and August 2022. It is unclear if any data was…