Catalin Cimpanu reports: A British security researcher that goes online only by the name of InfoSec Guy revealed today that American Samoa domain registry ASNIC was using an outdated domain name management system that contained a bug allowing anyone to view the personal details of any .as domain owner. The researcher also claims that anyone…
Breach Response Portal Added by Massachusetts Regulator
Cynthia J. Larose of Mintz Levin writes: Pursuant to the Massachusetts data breach notification statute, M.G.L. 93H, notices must be provided to the affected resident, the Attorney General’s office and to the Office of Consumer Affairs and Business Regulation (OCABR). It is not enough that Massachusetts has a sui generis breach notice content statutory requirement (you must tell affected residents of the…
Movimiento Ciudadano admits it was their copy of the Mexican voter list on AWS, tries to deflect blame to researcher
A reader kindly informed me that Movimiento Ciudadano, one of the political parties that had legitimate access to Mexico’s voter data list, has admitted it was responsible for the leak on Amazon. Except that as I read more, I realized they weren’t really admitting they were responsible for the leak. I’ve been trying to read/translate a number…
Banks Sue Wendy’s Over Five-Month-Long Data Hack
Nick Rummell reports that it’s not just affected customers suing Wendy’s after a data breach disclosed in February – the banks are suing, too: A major data security breach at Wendy’s restaurants could have been easily prevented had the company acted faster, according to a class action filed on behalf of banks whose customers were…
Vail Valley Medical Center notifies 3,118 patients whose PHI was stolen by departing employee
HIPAA Journal reports: Vail Valley Medical Center (VVMC) is in the process of notifying 3,118 patients of the inappropriate disclosure of some of their protected health information (PHI). A physical therapist formerly employed at Howard Head Sports Medicine was discovered to have copied the PHI of patients and taken the data to his new employer….
Rhode Island Attorney General Pushing For A State-Level CFAA That Will Turn Researchers, Whistleblowers Into Criminals
Tim Cushing reports that not satisfied to rest on his laurels in the Really Bad Ideas Department, Rhode Island Attorney General Peter F. Kilmartin is behind a legislative proposal that amounts to a very bad state-level version of the federal hacking statute, CFAA. Tim writes: Here’s the worst part of the suggested amendments: Whoever intentionally and without authorization or in…