From the no-honor-among-thieves dept., Catalin Cimpanu reports: A Connecticut man pleaded guilty last week to stealing Bitcoin from users of Dark Web marketplaces, said the Department of Justice on Tuesday. The FBI arrested the man — Michael Richo, 35, of Wallingford, Connecticut — on November 6, 2014, but only arraigned him in court last year…
Delaware House Moves Bill to Expand Data Breach Notice Law
Leslie A. Pappas reports: The Delaware House has moved legislation that would strengthen the state’s data breach notification law. The bill would require any person doing business in Delaware to safeguard personal information. It would expand the definition of personal information to include medical information, biometric data, user names and passwords, passport numbers, routing numbers…
So many notifications due to ransomware, but are these really necessary?
Another entity has recently notified patients whose protected health information was on a server infected with ransomware. Once again, even though investigation turned up no evidence that any patient’s PHI was actually accessed or exfiltrated, entities are notifying – on the side of caution and/or because HHS requires them to in the absence of firm…
Cove Family & Sports Medicine recovers from ransomware, but loses some data
There are different metrics for describing the impact of a breach, but one of the ones I use in my subjective system is whether patient data that might be needed for care have been lost, stolen, or corrupted. In June, there were a lot of data breaches or security incidents and many involved ransomware. One…
Trump Hotels notifies some guests of payment card breach that began in 2016
Trump Hotels is sending out data breach notification letters to hotel guests after a service provider notified them of a breach that began in August 2016 but was only detected this year. In their letter, they explain: We are writing to you because of an incident involving unauthorized access to guest information associated with your…
SQL Injection Vulnerability in WP Statistics
If you’re using the WordPress plugin WP Statistics, you might want to stop and immediately read John Castro’s post, SQL Injection Vulnerability in WP Statistics.