Michael Bertoncini writes: A company can recover damages from its former employee in connection with his hacking into its payroll system to inflate his pay, accessing its proprietary files without authorization and hijacking its website, a federal court ruled. Tyan, Inc. v. Yovan Garcia, Case No. CV 15-05443- MWF (JPRx) (C.D. Cali. May 2, 2017). The…
Funding Circle Error Exposes 6,000 SSNs Of American Clients
Thomas Fox-Brewster reports that Kromtech Security Research Center has been pretty busy this week: An upcoming London-based business loans provider, Funding Circle, left a database containing 6,000 social security numbers of American clients exposed to anyone on the internet, it emerged Wednesday. The company, which has helped companies bypass banks to borrow more than $1.5…
Confidential medical records from Bronx-Lebanon Hospital exposed online by vendor’s error
Vendor’s error appears to have exposed personal and confidential medical data of patients seen at Bronx-Lebanon Hospital Center since 2014; Records also include addiction histories, psych histories, and histories of physical or sexual abuse; Hospital investigating to determine what happened and who may have accessed data. By now, you may be tired of reading reports on misconfigured MongoDB installations…
Website Flaw Let True Health Diagnostics Users View All Medical Records
Brian Krebs reports on yet another entity/site that did not adequately secure patient information: True Health is a privately held health services company specializing in “comprehensive testing for early detection of chronic diseases,” according to the company’s Web site. The medical reports that True Health produces contain vast amounts of extremely personal information on patients,…
CO: Thousands potentially exposed to identity theft after county published sensitive information online
Ryan Luby reports: The Larimer County Clerk and Recorder’s office made sweeping changes to how it conducts business amid a Denver7 investigation, which revealed how officials had published sensitive information belonging to thousands of people online for months. Among the records were child support liens, death certificates, and commercial lending filings. Many of them contained a variation…
Guardian Soulmates website suffers data breach
Zack Marzouk reports: Those looking for love on Guardian Soulmates have instead found explicit emails in their inboxes following a data breach. Guardian News & Media, parent company of the dating site, ruled out any outside hack, instead blaming it on human error by one of its third party technology providers. A spokesperson said: “We…