Kaveh Waddell reports on an issue near and dear to my heart: not all entities that collect or store health information are HIPAA-covered entities. Earlier this year, as one example, we saw the Systema Software leak that impacted numerous firms with a wealth of workers compensation claims. And last year, we saw many employees’ wellness data breached…
Category: U.S.
Wish list app from Target springs a major personal data leak
Dan Goodin reports: According to researchers from security firm Avast, the database storing the names, e-mail addresses, home addresses, phone numbers, and wish lists of Target customers is available to anyone who figures out the app’s publicly available programming interface. Read more on Ars Technica.
Meanwhile, back at the VA….
The VA’s monthly report to Congress for November has been released, and we’re still seeing low-tech breaches involving papers being left where they shouldn’t be left. Exhibit A, from the VA in Boston: An 11-page clinic list was found in a public bathroom in a heavily trafficked area. The list had been printed on November 4,…
PA: Rivers Casino Hit With Computer Virus
AP reports that the Rivers Casino in Pittsburgh released a statement disclosing that its system had been compromised with malware, but officials reportedly say it didn’t compromise the personal information of its customers. Read more on CBS. There is no statement on the casino’s web site as of the time of this posting, but I imagine…
Three Men Arrested In Hacking And Spamming Scheme; Targeted Personal Information Of 60 Million People
Three men from Florida, New Jersey, and Maryland were charged today with a wide-ranging computer hacking and identity theft scheme that compromised the personally identifiable information (PII) of millions of people and generated more than $2 million in illegal profits, U.S. Attorney Paul J. Fishman announced. Timothy Edward Livingston, 30, of Boca Raton, Florida; Tomasz…
Update: OkHello (FINALLY) secures its leaking database (Update2)
After discovering that OkHello video chat service’s database was still leaking – nine days after Chris Vickery and I first notified them and tried to get them to secure it – I sent two more emails to OkHello last night to repeat the notification. Both were to email addresses that were only found last night (and great thanks to Steve Ragan…