Chris Bing reports: A website configuration issue affecting itmanagement.com, a property owned by New York City digital publisher Ziff Davis, can be exploited to access a company database full of private user contact information, including names, phone numbers, employment details, email and employer addresses. The database also contains contact information for users registered on other Ziff Davis properties….
Category: U.S.
OH: Taxation employee fired after accessing personal information of family, acquaintances
Randy Ludlow reports: An Ohio Department of Taxation examiner has been fired after an investigation found she improperly accessed the confidential personal and tax information of several relatives and acquaintances. A report released today by the office of Inspector General Randall J. Meyer found that Kelly S. Bolen accessed computerized personal information of several people, and…
The CoPilot Provider Support Services incident: The HIPAA issue
In the first part of a discussion of an incident reported by CoPilot Provider Support Services, this site reported claims by John Witkowski, a former employee, that CoPilot had not reported accurately on the incident. In this part, we focus on just one of CoPilot’s claims – that they are not a business associate under HIPAA….
OCR investigating CoPilot Provider Support Services breach; former employee lodged complaint
When CoPilot Provider Support Services recently disclosed a security incident that they had known about since 2015, their statements might have led you to believe that a disgruntled former employee had hacked them or misused previously authorized access, and that law enforcement might be looking into criminal charges. If you thought that, you were wrong on both counts. CoPilot Provider Support Services (“CoPilot”) describes itself…
2016 W-2 data up for sale on the dark web (updated)
As regular readers know by now, DataBreaches.net has been compiling reported instances of W-2 phishing scams. As part of that investigation, I decided to take a quick look today at some dark net marketplaces to see if any data were up for sale. Brian Krebs had reported on this issue in January after finding a…
Cleveland Food Bank Loses Personal Data for Dozens of Clients
Kevin Niedermier reports: Cleveland police are still looking for the stolen car that contained personal information on 44 Greater Cleveland Food Bank clients. The car was stolen last month after a food bank worker had collected the written information on assistance applications. Food bank Communications Director Karen Pozna says so far none of the affected clients have…