Update: The state subsequently revised its estimate to 87,000 letters. How did it get the numbers so wrong — apart from the question of why it has taken so long to send out notifications. This does NOT inspire confidence in the state’s ability to protect ePHI and to notify people promptly in the event…
Class action settlement reached in Sonic data breach case
There’s been a settlement reached in a Sonic breach first reported by KrebsOnSecurity in 2017. KFOR reports that the settlement notice includes a statement: “The Settlement includes all residents of the United States of America who made a purchase at any one of the 325 impacted Sonic Drive-In locations and paid using a credit or…
Youth-run agency AIESEC exposed over 4 million intern applications
Zack Whittaker reports: AIESEC, a non-profit that bills itself as the “world’s largest youth-run organization,” exposed more than four million intern applications with personal and sensitive information on a server without a password. Bob Diachenko, an independent security researcher, found an unprotected Elasticsearch database containing the applications on January 11, a little under a month…
Why doesn’t Twitter have a way to notify them of leaks or concerns outside of a bug bounty program?
L33tdawg writes: Twitter has owned up to a privacy goof that exposed some Android users’ private tweets. That would be bad enough if the problem existed for an hour, or a day, or a month. But unfortunately for Twitter (and affected users) the problem was present from November 3 2014 until January 14 2019. That’s…
Privacy breach hits 45,000 recipients of Ontario’s disability support program
Kristin Rushowy reports: Ontario’s social services minister has apologized after the Mississauga disability support program office mistakenly emailed the private information of 45,000 people to 100 recipients. “On December 20th, due to a clerical error, the Mississauga ODSP office unintentionally shared some individuals’ information over email,” said Lisa MacLeod in a statement. [..] The December…
New Rumba STOP Ransomware Being Installed by Software Cracks
Lawrence Abrams reports: The STOP ransomware has seen very heavy distribution over the last month using adware installers disguised as cracks. This campaign continues with a new variant released over the past few days that appends the .rumba extension to the names of encrypted files. Using adware bundles and software cracks as a new distribution method, STOP…