Jason Clayworth reports: The individual test scores of Des Moines elementary students identified as part of a behavioral needs presentation were posted on a personal website by a school administrator, a likely violation of federal law, a state official said Monday. The color-coded data are three years old and highlighted the names of Lovejoy Elementary…
Category: U.S.
Jacksonville law firm victim of ransomware
Max Marbut reports: You might think the data stored on your computer at home or work is relatively safe from theft or even tampering. You would be wrong. No one knows that better than attorney Thomas Brown of The Brown Firm. […] The culprits left behind a digital message: Give them $2,500 and they would…
FL: Radiology Regional Center Notifies Patients After Paper Records Fell Out of Vendor’s Truck
Radiology Regional Center, PA, a physician-owned and managed diagnostic facility with nine locations in Florida, announced today that on December 19, 2015, Radiology Regional Center was informed by its records disposal vender (sic), Lee County Solid Waste Division (“Lee County”), that, on that same date, paper records containing the personal information of Radiology Regional Center’s…
Magnolia Health Corp. notifies its employees after their data acquired by someone impersonating CEO
Magnolia Health Corporation in Tulare, California has begun sending out notification letters after someone impersonated their CEO and “using what appeared to be his email address,” obtained personal information for all active employees of the corporation and each of the facilities managed by MHC [Twin Oaks Assisted Living, Inc., Twin Oaks Rehabilitation And Nursing Center,…
FL: Discarded medical records found unsecured at public landfill
Trevor Pettiford reports that discarded medical records were found unsecured at a county landfill facility in St. Petersburg, Florida. The records, complete with names, addresses, and family histories, were discovered by a man dumping bulk trash at the Pinellas County Solid Waste facility at 3095 114th Avenue North in St. Petersburg. They apparently came from the…
Misconfigured MongoDB installation left Microsoft careers site vulnerable to attack
Chris Vickery writes: An exposed database was serving potentially arbitrary HTML through the mobile version of Microsoft’s careers page (m.careersatmicrosoft.com). Punchkick Interactive is a mobile web development company. Microsoft relies on Punchkick to handle the database that powers m.careersatmicrosoft.com. The bad news is that, for at least the past few weeks, this backend database has…