I usually withhold information about a leaky site until it’s been secured, but when a company repeatedly fails to follow up and ignores notifications by phone and email, and when the company responsible for their site also ignores notification, it’s time to go public, I think. More than one month ago, I was contacted by…
Companies Fare Worse When the Press Exposes Their Problems Before They Do
An-Sofie Claeys, Verolien Cauberghe, and Mario Pandelaere have been conducting some interesting research on crisis management. Not surprisingly, they found that when entities disclosed first, even subsequent critical reports on their incidents had less impact than if critical reports appeared before the entity disclosed. Their studies were not addressing data breach disclosures per se, but the…
Beauty site lets anyone read customers’ personal information
Darren Pauli reports: Popular online cosmetics site Strawberrynet has asked customers if a function that allows anyone to retrieve its customers names, billing addresses, and phone numbers with nothing more than an email address is a bug or a feature. The bug was first disclosed almost exactly a decade ago and resurfaced after security man Troy Hunt reported the flaw to…
PK: Patient data stolen from Quaid-i-Azam Hospital
Dawn reports: A case has been registered against an employee of the Quaid-i-Azam Hospital for allegedly stealing data from the CT scan machine and according to a supreme court lawyer, the case might be the first of its kind in the country. Iftikhar Ali, the chief security officer at the hospital, who is the complainant…
In two cases, north Miami residents plead guilty to possessing 2,875 and 225 stolen identities
This post includes two cases out of the Southern District of Florida, a hotbed for identity theft. Aug. 19 – A North Miami resident pled guilty to possessing 2,875 stolen identities. Camelin Junior Desrosiers, 28, pled guilty to one count of possession of fifteen or more unauthorized access devices, in violation of Title 18, United States Code,…
Pasadena Doctor Sentenced to 4 Years in Prison for Falsely Certifying Patients Were Terminally Ill as Part of Healthcare Fraud Scheme
One of the fears with medical identity theft is that a patient’s records could be corrupted in ways that could affect their care. In the case described below, the patients’ identity and insurance info wasn’t stolen, but it was misused to support a fraud scheme, and as part of the scheme, patients records were altered…