Jim Hoffer reports: New York City’s Department of Education accidentally sent out an email that had not just the names, but also the Social Security numbers of hundreds of employees. […] “The attachment was a list of Department of Education para-professionals, exactly 439 names, first, last names and Social Security numbers,” the teacher’s assistant said….
Category: U.S.
Millions of IGN and PCMag user records sit exposed, online
Chris Bing reports: A website configuration issue affecting itmanagement.com, a property owned by New York City digital publisher Ziff Davis, can be exploited to access a company database full of private user contact information, including names, phone numbers, employment details, email and employer addresses. The database also contains contact information for users registered on other Ziff Davis properties….
OH: Taxation employee fired after accessing personal information of family, acquaintances
Randy Ludlow reports: An Ohio Department of Taxation examiner has been fired after an investigation found she improperly accessed the confidential personal and tax information of several relatives and acquaintances. A report released today by the office of Inspector General Randall J. Meyer found that Kelly S. Bolen accessed computerized personal information of several people, and…
The CoPilot Provider Support Services incident: The HIPAA issue
In the first part of a discussion of an incident reported by CoPilot Provider Support Services, this site reported claims by John Witkowski, a former employee, that CoPilot had not reported accurately on the incident. In this part, we focus on just one of CoPilot’s claims – that they are not a business associate under HIPAA….
OCR investigating CoPilot Provider Support Services breach; former employee lodged complaint
When CoPilot Provider Support Services recently disclosed a security incident that they had known about since 2015, their statements might have led you to believe that a disgruntled former employee had hacked them or misused previously authorized access, and that law enforcement might be looking into criminal charges. If you thought that, you were wrong on both counts. CoPilot Provider Support Services (“CoPilot”) describes itself…
2016 W-2 data up for sale on the dark web (updated)
As regular readers know by now, DataBreaches.net has been compiling reported instances of W-2 phishing scams. As part of that investigation, I decided to take a quick look today at some dark net marketplaces to see if any data were up for sale. Brian Krebs had reported on this issue in January after finding a…