As reported yesterday, more than 1,000 patients have been notified of a breach involving Florida DOH – Palm Beach County. DataBreaches.net has obtained some a few additional details. According to Timothy O’Connor, Public Health Communication Manager, Florida Department of Health – Palm Beach County, agents from the Justice Department first contacted the DOH in mid-February with a list and…
Category: U.S.
NY: Health care agency owner accused of stealing clients’ personal information
Serenity Care’s tagline on their web site is “putting a loving touch on home healthcare.” Maybe it should add, “and putting a touch on your wallet.” The owner of a private home health care agency is under arrest after a nine-month investigation. Allison Delong, 38, owns Serenity Care, which is based in Chatham. Police say Delong stole…
Kylie Jenner Lip Kit Website Glitch Personal Customer Info Exposed
TMZ reports: Kylie Jenner’s cosmetics site has a shaky foundation, because it’s been inadvertently exposing very personal customer information. Here’s the problem. When someone tried to log into the site, it would send them to an existing customer’s account, revealing names, email addresses, personal addresses, order history, etc. Every time a customer refreshed the site,…
University employees vulnerable after tax data breach involving W-2 vendor
Hannah Knowles reports that a breach involving a W-2 vendor has left employees in the education sector at risk of tax refund fraud. This time, it’s W-2 Express and Stanford University, although other clients of W-2 Express are also reportedly affected: At least 600 current and former Stanford employees are vulnerable to tax fraud following the illegitimate download…
Flaws in Worldpay’s Merchant Portal Allow Attackers to Modify Payment Forms
Catalin Cimpanu reports: Vulnerabilities known as IODR (Insecure Direct Object References) were found and fixed in Worldpay, an online secure payments platform, security researcher Randy Westergren reports. An IODR vulnerability is when users have access to information they should not see, either because it belongs to another user or originates from an account with higher privileges. In…
Former Energy Department worker sentenced in email ‘spear-phishing’ attempt
Spencer S. Hsu reports: A former Energy Department employee was sentenced to 18 months in prison after offering to help a foreign government infiltrate the agency’s computer system to steal nuclear secrets and then attempting an email “spear-phishing” attack in an FBI sting operation. Charles Harvey Eccleston, an environmental scientist formerly employed by the department…