As I was just saying in the post about the Girl Scouts breach, children’s medical information can be breached in so many ways outside of the healthcare sector. And that’s true outside the U.S. as well. Priit Pärnapuu provides a concerning, but timely, example from Estonia: Schools’ information system EKIS allowed anyone to read and…
CA: Data breach may have exposed personal information of 3,000 Girl Scouts of Orange County
Children’s medical alerts and health conditions may be breached in so many ways outside of the healthcare sector. Schools, sports clubs, camps, and yes, boy scouts and girl scouts, are just some of the organizations that may hold sensitive information that gets breached, with no report needed to HHS. Alejandra Reyes-Velarde reports: Members of the…
ICO issues maximum £500,000 fine to Facebook for failing to protect users’ personal information
The Information Commissioner’s Office (ICO) has fined Facebook £500,000 for serious breaches of data protection law. In July, the ICO issued a Notice of Intent to fine Facebook as part of a wide ranging investigation into the use of data analytics for political purposes. After considering representations from the company, the ICO has issued the…
British Airways admits CVV data “potentially compromised” in hack
Mark Caswell reports: British Airways has this afternoon issued an update on the recent theft of customer data from its website and mobile app. The carrier said that investigations now show that the details of 77,000 payment cards may potentially have been compromised, including “billing address, email address, card payment information, including card number, expiry…
Security company sued after alleged information leak
Oops. I missed this one when WTOC first reported it on October 17th: Dozens of social security numbers connected to work hours and rates of pay are at risk of being used by criminals because of the actions of a security firm supervisor. Those are the allegations in a lawsuit filed by a Savannah law…
TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers
FireEye writes: In a previous blog post we detailed the TRITON intrusion that impacted industrial control systems (ICS) at a critical infrastructure facility. We now track this activity set as TEMP.Veles. In this blog post we provide additional information linking TEMP.Veles and their activity surrounding the TRITON intrusion to a Russian government-owned research institute. FireEye…