From the good folks at EPIC.org: Representatives Eshoo and Lofgren have introduced the Online Privacy Act, a comprehensive framework for data protection in the United States. The bill would establish a data protection agency, create meaningful privacy safeguards for consumers, and hold companies accountable for the collection and use of personal data. The bill is based on Fair…
Huawei calls hackers to Munich for secret bug bounty meeting
Zack Whittaker reports: Chinese tech giant Huawei has asked some of the world’s best phone hackers to a secret meeting in Munich later this month as the company tries to curry favor with global governments, TechCrunch has learned. Sources with knowledge of the November 16 meeting said Huawei will privately present its new bug bounty…
California DMV finds data breach exposed Social Security information for around 3,200 people
Joseph Luiz reports: The California Department of Motor Vehicles has announced that federal agencies were accidentally given access to Social Security information for about 3,200 people. The department said in a statement that it discovered in August that for at least the past four years, the information was accidentally accessible to seven government entities, including…
Facebook Claims It Unknowingly Shared Private Group Data With Partners
Kurt Wagner reports: Facebook Inc. said it unknowingly gave outside developers access to private user information shared within some groups on its main social network, including the names and profile photos of people who were part of those groups. The company disclosed the issue Tuesday, saying that for the past 18 months some third-party developers…
Failure to Encrypt Mobile Devices Leads to $3 Million HIPAA Settlement
From HHS OCR: The University of Rochester Medical Center (URMC) has agreed to pay $3 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules….
ME: InterMed, P.A. notifying patients after 4 employees fall for phishing attack
Notice posted on InterMed, P.A.’s web site, Nov. 4: On September 6, 2019, we learned that an unauthorized individual gained access to an employee’s email account between September 4 and September 6, 2019. We immediately took steps to secure the account, began an internal investigation, and engaged a leading national computer forensic firm to conduct an…