Daniel R. Stoller reports: The District of Columbia’s top lawyer has unveiled a proposal that would expand the city’s data breach notification law and give the attorney general’s office greater enforcement power. D.C. Attorney General Karl Racine (D) announced the Security Breach Protection Amendment Act March 21. It would regulate companies that faced “major data…
Oregon DHS discloses breach potentially affecting 350,000 after successful phisher gained access to employees’ email accounts
KDRV reports: Oregon’s Department of Human Services (DHS) revealed on Thursday that the private data of more than 350,000 clients may have been accessed in a massive data breach that began earlier this year. The agency said that the breach stemmed from a phishing scam that infected the emails of nine separate employees after they…
NZ: Privacy Bill avoids notification fatigue
Tim Murphy reports: MPs have revised privacy legislation to avoid a risk of ‘notification fatigue’ in which holders of data would be forced to advise the public of even minor data breaches. Parliament’s justice select committee has raised the threshold in the Privacy Bill for when mandatory notifications to the Privacy Commissioner and affected individuals would…
OH: 13-year-old student accused of hacking teacher’s account, making hit list of fellow students
WSYX/WTTE reports: A 13-year-old student at the Columbus City Preparatory School for Boys is under investigation after he reportedly used a teacher’s credentials to get into the district’s system, created a website with information about his fellow students, and made threats. Columbus Police say they received a report on March 15th that the student had…
Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years
Brian Krebs reports: Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data. Read…
Tesla sues former staff for data theft
Reuters reports: Tesla filed a lawsuit on Thursday against a former engineer at the company, claiming he copied the source code for its Autopilot technology before joining a Chinese self-driving car startup in January. The engineer, Guangzhi Cao, copied more than 300,000 files related to Autopilot source code as he prepared to join China’s Xiaopeng…