So, as I had guessed, it’s not just Stanford University and Kroger who are notifying employees that criminals managed to access the database of W-2 Express, an Equifax service. While the W-2 Express database does not appear to have been hacked, criminals have managed to access it by using login credentials possibly acquired in other…
I never meant harm, says student who hacked Canada Revenue to show vulnerability to Heartbleed virus
There’s an update to the hack of the Canada Revenue Agency, first disclosed in April 2014 and the young man who was charged in the case. Jane Sims reports: A student computer whiz who stole 900 social insurance numbers from the files of the Canada Revenue Agency to demonstrate its online vulnerability pleaded guilty and apologized on…
Mail.ru denies mass password breach; researcher stands by findings
Eric Auchard of Reuters reports: Russia’s top Internet company, Mail.ru said on Friday a sliver of its users’ email accounts was vulnerable while denying that tens of millions of other users were at risk after researchers found its data circulating among cyber criminals. […] In a statement, the Moscow-based company said its own study of…
Ohio Department of Mental Health and Addiction Services (OhioMHAS) notifies patients of PHI exposure
This April 22nd notice seems to have flown under the media radar: The Ohio Department of Mental Health and Addiction Services (OhioMHAS) today notified the public of a privacy incident involving protected health information (PHI). The issue involves a February 2016 postcard sent to consumers of mental health services inviting participation in a satisfaction survey….
Google notifies employees of breach by vendor
Even Google has breaches that need to be reported. From a notification letter to Googlers that will be going out on May 9th: I am writing to follow up on an email we recently sent you about an issue that involves your personal information. The details of the issue are below. What Happened? We recently…
Notice of Data Breach from Bay Area Children’s Association
To the Patients and Guarantors of Bay Area Children’s Association: On April 1, 2016, we received notice from our electronic medical record provider that some of our patient records were acquired by unauthorized persons. Specifically, they determined that cyber intruders may have installed malware on their system in January 2015 and, through credential theft, accessed…