John Amabile and Micheal Binns of Parker Poe Adams & Bernstein write: A change in emphasis in disputes over data security breaches is coming. To date, the focus has been on issues and potential damages arising from the breach itself and the subsequent loss of private, personal information. In light of recognized delays from both…
Category: U.S.
Florida Virtual School database now uploaded to HaveIBeenPwned
From Troy Hunt, an aid to parents who want to check if their email address or their child’s email address was in a leaked database: New breach: The Florida Virtual School had 368k student records with 543k email addresses exposed including names, grades and dates of birth. It’s flagged as “sensitive” due to the prevalence…
IA: Primary Health Care notifies patients after discovering hack of employee email accounts
From their press release, issued yesterday: Primary Health Care Inc. (“PHC”) is providing notice of an incident that occurred at PHC and may affect the security of protected health information of certain PHC patients. While PHC is unaware of any actual or attempted misuse of the information, this notice contains details about the incident and…
Frost Bank investigating breach, contacting affected customers (Updated)
RJ Marquez reports: Frost Bank is investigating a breach after the company discovered unauthorized access to digital images stored in those customers’ commercial image archives. The San Antonio based-bank issued a statement that said Frost detected the unauthorized access to a third-party lockbox software program earlier this week and immediately launched an investigation. The software…
DocuTrac medical software is a breach risk, warns Rapid7
Warwick Ashford reports on what seems to me to be yet another case of hard-coded credentials creating a critical vulnerability in protecting patient data, and I, of course, have questions. Ashford reports: The QuicDoc & Office Therapy suite of software produced by DocuTrac contains security vulnerabilities that could allow attackers to gain control of patient…
Walmart jewelry partner exposed 1.3 million customer details
Bob Diachenko writes: On February 6th, 2018 researchers at Kromtech security came across another publicly accessible Amazon s3 bucket. This one contained a MSSQL database backup, which was found to hold the personal information, including names, addresses, zip codes, phone numbers, e-mail addresses, ip addresses, and, most shockingly, plain text passwords, for shopping accounts of over…