Zhaki Abdullah reports: Bicycle-sharing operator oBike is reviewing the security of its app, following a leak that affected its users’ data in 14 countries worldwide. German broadcaster Bayerischer Rundfunk reported last week that unencrypted oBike user data – names and ride locations, for example – were accessible online. A spokesman for the Singapore-based firm said…
Superseding indictment filed in Justin Shafer case
As anticipated, federal prosecutors have filed a superseding indictment in their case against dental integrator and vulnerability researcher Justin Shafer. For those in a rush, the TL;DR version is that they have basically transformed a bullshit two-count indictment into a bullshit three-count indictment. [For the benefit of law enforcement in Texas, that preceding sentence is…
MN: Mahtomedi Middle School student breaches district data
Sara Marie Moore reports on a so-easy-a-child-could-do-it-oh-look-a-child-did-do-it breach: A Mahtomedi Middle School student breached student data earlier this fall when a teacher was logged into a computer. The student accessed 3,300 student ID numbers, 215 test scores, 11 individualized education plan (IEP) sheets and 18 other student education plans, said Patrick Crothers, technology coordinator. The…
Ashley Madison takes your privacy very seriously…. until they don’t…
Thomas Fox-Brewster reports: Despite the catastrophic 2015 hack that hit the dating site for adulterous folk, people still use Ashley Madison to hook up with others looking for some extramarital action. For those who’ve stuck around, or joined after the breach, decent cybersecurity is a must. Except, according to security researchers, the site has left photos of…
Uber paid 20-year-old Florida man to keep data breach secret – sources
Joseph Menn and Dustin Volz report: A 20-year-old Florida man was responsible for the large data breach at Uber Technologies Inc [UBER.UL] last year and was paid by Uber to destroy the data through a so-called “bug bounty” program normally used to identify small code vulnerabilities, three people familiar with the events have told Reuters….
When Employees Go Rogue: Are Employers Vicariously Liable for the Privacy Breaches of Their Employees?
Sara D.N. Babich of McCarthy Tétrault LLP has a commentary on employer liability for employee wrongdoing under Canadian law. Her analysis includes discussion of the recent UK decision in the Morrisons data breach case. Here’s how Babich’s article begins: Although there has not yet been a definitive answer to this question in Canada, based on recent…