Michael Riley and Chris Strohm report: A key figure is missing in the court documents outlining the biggest computer attack ever of the U.S. financial system: the actual hacker. The Israeli mastermind of the crime syndicate with global operations — computer servers in Egypt, online casinos in Ukraine and Hungary, Azerbaijan payment processors and a…
Category: U.S.
MA: Theft of two registrar’s laptops put Brandeis University students’ data at risk (Updated)
Abby Patkin reports: Two Apple laptops containing academic and personal information for all students enrolled or taking a course at the University from the summer of 2012 to the present were stolen from the University Registrar, according to a Nov. 12 email sent by Marianne Cwalina, the senior vice president for finance and treasurer. The…
OPM’s $20M contract for ID theft protection violated federal rules
Can OPM do anything right? In this week’s installment of their totally infuriating breach and breach response saga, it appears that they didn’t follow proper procedures in awarding a contract for ID theft monitoring services for breach victims. Jack Moore reports: The inspector general of the Office of Personnel Management says a $20 million sole-source…
Massive Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege
Jordan Smith and Micah Lee report: An enormous cache of phone records obtained by The Intercept reveals a major breach of security at Securus Technologies, a leading provider of phone services inside the nation’s prisons and jails. The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over…
TX: Employee with “retaliatory agenda” stole potentially 16,000 children’s medical records
HIPAA Journal reports: An investigation conducted by Children’s Medical Clinics of East Texas has revealed a former employee took copies of children’s medical records and disclosed them to a third party. According to the breach report posted on the healthcare provider’s website, the privacy breach was caused by an individual with “a retaliatory agenda against…
U. of Cincinnati Medical Center not liable for employee’s Facebook post on a patient’s STD (updated)
Kevin Grasha has an update on a breach previously noted on this site. University of Cincinnati Medical Center can’t be sued after an employee leaked private medical records about a patient who had syphilis, a judge ruled Monday. The patient, a woman in her early 20s, filed the lawsuit last year. A screen shot of the…