by Steven Englehardt, Gunes Acar, and Arvind Narayanan Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data…
Oklahoma State University Center for Health Sciences notifying 280,000 Medicaid patients after hack
Oof. Oklahoma State University Center for Health Sciences is notifying 279,865 Medicaid patients of a hacking incident. Here is the notice from OSU’s web site: Oklahoma State University Center for Health Sciences (OSUCHS) takes the privacy and security of our patients’ information very seriously. Regrettably, this notice is regarding an incident in which some Medicaid patient information…
Palomar Health notifying patients after nurse caught snooping in records
As seen on their site: Notice to Palomar Health Patients Regarding Unauthorized Access of Patient Health Information Palomar Health is committed to protecting the confidentiality and security of our patients’ information and we regret to inform you of an incident involving some of that information. Sometime between February 10, 2016 and May 7, 2017, some…
Montana State University Billings notifying students after laptop was stolen in November
Ugh. Another laptop was apparently stolen from an employee’s car. This one was from the education sector, but it contained some student health information and health insurance information. The incident was reported by Montana State University Billings to the Montana Attorney General’s Office on January 5, and letters are going out today to affected students….
Columbia Falls School District Number 6 notifies employees whose data may have been compromised by TheDarkOverlord
Interesting. The Columbia Falls School District Number 6 in Montana, who had been attacked by TheDarkOverlord, sent out notification letters and notified the Montana Attorney General’s office on January 5. In their submission to Montana, they note that the breach began September 1, and ended on November 13. In actuality, the November 13 date was…
Early Release Denied For Leader Of Russian Hackers Group Humpty Dumpty
RadioFreeEurope RadioLiberty reports: A court in Moscow has refused to grant early release to the leader of a group believed to be behind the hacking of high-profile Internet accounts, including the Twitter account of Prime Minister Dmitry Medvedev. The Lefortovo District Court on January 12 rejected a motion for the release on parole for Vladimir…