Wow. Rachel Weiner reports that data in the Office of Personnel Management (OPM) hack may have shown up as part of a fraud scheme: Four years after hackers stole personal information from over 22 million people through the Office of Personnel Management, a fraud scheme exploiting that data has come to light in southeast Virginia….
Category: U.S.
Arizona Man Sentenced to Prison for Distributed Denial of Service Attacks against Emergency Communications System and Other Municipal Websites
There’s a follow-up to a case noted previously on this blog involving a serial DDoS attacker described by others as the internet’s most inept criminal. From the U.S. Attorney’s Office, District of Arizona, today: An Arizona man was sentenced yesterday in Phoenix, Ariz., for directing distributed denial of service (DDoS) attacks at the computer networks…
Lawsuit claims Kansas official exposed private voter data
Roxana Hegeman reports: A civil rights group filed a federal lawsuit Tuesday against Kansas Secretary of State Kris Kobach challenging a multi-state voter registration database it claims exposed sensitive information including partial Social Security numbers from nearly a thousand state voters. The complaint by the American Civil Liberties Union of Kansas alleges “reckless maintenance” of…
Judge rules in favor of OCR and requires a Texas cancer center to pay $4.3 million in penalties for HIPAA violations
A U.S. Department of Health and Human Services Administrative Law Judge (ALJ) has ruled that The University of Texas MD Anderson Cancer Center (MD Anderson) violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules and granted summary judgment to the Office for Civil Rights (OCR) on all issues, requiring…
New Charges in Huge C.I.A. Breach Known as Vault 7
There’s a huge update in a significant case noted last month on this blog. Adam Goldman reports: Federal prosecutors have charged a former software engineer at the center of a huge C.I.A. breach with stealing classified information, theft of government property and lying to the F.B.I. The engineer, Joshua A. Schulte, 29, of New York,…
Changes to Louisiana’s Data Breach Notification Law Go Into Effect August 1
Joseph J. Lazzarotti, Jason C. Gavejian, and Maya Atrakchi of Jackson Lewis write that changes to Louisiana’s data breach notification law (Act 382) go into effect on August 1 of this year. Those changes include expansion of the definition of personal information, requirements that notification be made no later than 60 days from discovery of…