Jessica Davis reports: Premera Blue Cross reached a proposed $74 million settlement with the 11 million patients impacted by its 2014 breach, caused by a sophisticated cyberattack that lasted for nearly one year before it was discovered. In January 2015, Premera officials discovered the breach that began nearly a year earlier in May 2014. Premera, Premera…
Jewish dating app JCrush exposed user data and private messages
Zack Whittaker reports: A security lapse at JCrush, a dating app designed for the Jewish community, left a database open without a password, exposing sensitive user records and private messages to anyone who knew where to look. The site’s backend database had around 200,000 user records, according to security researchers Noam Rotem and Ran Locar,…
Romanian National Sentenced for Multi-State ATM Card Skimming Scheme
A Romanian national was sentenced yesterday in federal court in Springfield, Massachusetts, in connection with a multi-state ATM card skimming scheme. The following information is provided by the Department of Justice: Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney Andrew E. Lelling for the District of Massachusetts, Special Agent…
Understanding When Business Associates Are Directly Liable Under HIPAA
Aimee Jachym and Samantha A. Kopacz of Miller Canfield PLC write: New guidance issued by the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) reaffirms that business associates must have proper HIPAA compliance practices, safeguards and documentation in place in order to avoid costly penalties. OCR recently released a Fact…
The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records
Another Elasticsearch misconfiguration found by SecurityDiscovery. You can read about it here.
Australian National University data breach stretching back 19 years detected; Affects approximately 200,000
ABC in Australia reports: The Australian National University has been hit by a massive data hack, with unauthorised access to significant amounts of personal details dating back 19 years. A sophisticated operator accessed the ANU’s systems illegally in late 2018 but the breach was only detected two weeks ago, the university said in a statement….