Washington University School of Medicine in St. Louis issued this notice on Nov. 1: Washington University School of Medicine announced today that it began mailing letters to patients whose information may have been involved in a recent security incident at its Department of Ophthalmology and Visual Sciences. On Sept. 3, 2019, the School of Medicine…
Hackers can steal the contents of Horde webmail inboxes with one click
Zack Whittaker reports: A security researcher has found several vulnerabilities in the popular open-source Horde web email software that allow hackers to near-invisibly steal the contents of a victim’s inbox. […] Numan Ozdemir disclosed his vulnerabilities to Horde in May. An attacker can scrape and download a victim’s entire inbox by tricking them into clicking a malicious…
Texas Updates Data Breach Notification Requirements
Gregory Bautista and William Douglas Sanders of Wilson Elser Moskowitz Edelman & Dicker LLP write: Effective January 1, 2020, the Texas legislature will impose new notification requirements on businesses that maintain personal information of customers. House Bill 4390 amends the Texas Identity Theft Enforcement and Protection Act by requiring that Texas residents be notified of…
Florida Virtual School needs new board, new ethics standards, state education department says
Beth Kassab and Leslie Postal report: The troubled Florida Virtual School should get a new governor-appointed board, new ethics standards for employees and a new inspector general inside the school to oversee internal audits and investigations, according to a report released Friday by the Florida Department of Education. And some of the criticism relates to…
NordVPN users’ passwords exposed in mass credential-stuffing attacks
Dan Goodin reports: As many as 2,000 users of NordVPN, the virtual private network service that recently disclosed a server hack that leaked crypto keys, have fallen victim to credential-stuffing attacks that allow unauthorized access to their accounts. In recent weeks, credentials for NordVPN users have circulated on Pastebin and other online forums. They contain the…
The Guidance Center notifies 1,235 patients after discovering insider wrongdoing
What havoc and costs a rogue insider/employee can cause. Here’s another example — this one from a new disclosure by external counsel for The Guidance Center in Long Beach, California. The Guidance Center (TGC) provides comprehensive mental health treatment to disadvantaged youth and their families. In their lawyer’s words: In late March of 2019, TGC…