On December 6, DataBreaches.net was contacted by researchers who requested help notifying two entities that they were exposing health information due to misconfigured AWS S3 buckets. They would turn out to be a delight to deal with, unlike a third entity that was also leaking information from a misconfigured S3 bucket. So let’s start with…
Category: U.S.
Data breach at Ancestry
Judy G. Russell reports: The folks at Ancestry have taken a proactive security step of closing part of the RootsWeb service today after being notified of a security breach affecting one part of the RootsWeb service. The security issue came from a part of RootsWeb that was closed some months ago. It turns out that,…
Colorado Mental Health Institute at Pueblo notified 650 patients after phishing incident
The Colorado Mental Health Institute at Pueblo is under the state’s Department of Human Services. On December 22, it issued a notice following discovery of a phishing incident that potentially affected 650 patients: The Colorado Mental Health Institute at Pueblo (CMHIP) experienced a potential data breach after a staff member on Nov. 1, unintentionally allowed…
Businesses Take Note: Updates to Maryland’s Data Breach Notification Law Take Effect January 1, 2018
James Benjamin, Jr. of Pessin Katz Law, P.A. writes: On January 1, 2018, several amendments to the Maryland Personal Information Protection Act, (“MPIPA”) MD Code Ann., Com. Law §14-3501 et seq. will go into effect. Businesses collecting personal information should take note and be prepared. Under the law as amended, the definition of “personal information”…
SAY San Diego Provides Notice Of Data Incident
From SAY San Diego, this press release: SAY San Diego (aka Social Advocates for Youth, San Diego) became aware of an incident impacting the security of data relating to certain participants in its Dual Diagnosis youth program, from 2013, and is taking action. Although there is no indication of actual or attempted misuse of participant…
Appellate Court Rules IT Worker Liable Under CFAA for Sabotaging Employer’s Network
Hanley Chew + Tyler G. Newby of Fenwick & West LLP write: The U.S. Court of Appeals for the Fifth Circuit affirmed the Computer Fraud and Abuse Act conviction of an IT worker who sabotaged his employer’s network, rejecting the argument that an IT worker’s authorized access to “impair” a computer network as part of…