Michael Liedtke reports: Yahoo has agreed to pay $50 million in damages and provide two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the biggest security breach in history. The restitution hinges on federal court approval of a settlement filed late Monday…
Category: U.S.
Children’s Hospital of Philadelphia Provides Notice of Two Email Incidents
A press release issued October 23. It does not indicate the number of patients affected by each of the two incidents or how the attacker(s) gained access to employee email accounts. Children’s Hospital of Philadelphia (CHOP) is providing to the parents or guardians of some of its current and former patients notice of two recent…
TX: Statement and Frequently Asked Questions about the 2018 ERS OnLine Security Incident
From the Employees Retirement System of Texas, this breach information notice. Note that this was reported to HHS with ERS listed as a health plan, and the breach was reported as affecting 1,248,263 members, but also note that no medical or health information was reportedly involved. On August 17, 2018, the Employees Retirement System of…
Work Study Documents Accidentally Released to College Community
Saadya Chevan reports: Last April, the College’s Financial Aid office uploaded and accidentally made visible to students, faculty, and staff two confidential documents containing federal work-study (FWS) balances of 107 students from two Spring 2018 pay-periods. The documents also reveal by implication that all of these students had applied for and received financial aid awards…
A Washington ISP exposed the ‘keys to the kingdom’ after leaving a server unsecured
Zack Whittaker reports: A Washington state internet provider left an unprotected server online without a password, exposing network schematics, passwords and other sensitive files for at least six months. Worse, it took the company a week to shut off the leak, despite several phone calls and emails warning of the exposure. The little-known internet provider,…
GSA Took 800 Days to Notify Some Data Breach Victims
Joseph Marks reports: It took the General Services Administration more than 800 days to notify a handful of people that it had accidentally exposed their personal information, according to an audit released Friday. In another case, the agency took six months just to determine that a data breach related to background investigation information had occurred,…