Taiwan-based computer hardware maker ASUSTeK Computer, Inc. has agreed to settle Federal Trade Commission charges that critical security flaws in its routers put the home networks of hundreds of thousands of consumers at risk. The administrative complaint also charges that the routers’ insecure “cloud” services led to the compromise of thousands of consumers’ connected storage devices, exposing…
2 Veteran Fire Chiefs On Hook for $55G In Drug-Test-Leak Case
Sarah Dorsey reports: They’ll be shelling out $55,000—but they could have been on the hook for much more. The former head of the FDNY’s biggest anti-affirmative-action group and a retired fire officer have agreed to pay $45,000 and $10,000, respectively, to settle a lawsuit charging they leaked personal information—including the results of a drug test—to…
St. Joseph Hospital employee information leaked in phishing scam
News12 reports: A Passaic County hospital says that a security breach caused some personal information about some of its employees to get out. Saint Joseph’s Healthcare System in Paterson says that a phishing scam has led to the unintentional disclosure of employee information, including social security numbers. “The information disclosed did not include any employee…
Thinking about incident response
So I woke up to find that uKnowKids had issued a statement yesterday about their exposed database, an exposure that had been uncovered by and reported to them by Chris Vickery. Regular readers of this blog will recognize Chris’s name by now, as he’s uncovered a number of misconfigured databases that have been investigated by…
AU: Flinders Medical Centre health staff caught snooping in Cy Walsh’s medical records
Nick Toscano reports: More than a dozen unauthorised medical staff have been caught accessing the confidential records of Cy Walsh after he was arrested over the murder of his father, former Adelaide Crows coach Phil Walsh. His electronic records, including test results that could relate to the criminal trial, have been accessed by at least 13…
uKnowKids responds to reports of exposed database
uKnowKids has responded to reports that their database was exposed. As reported yesterday on this site, the details of 1,740 children being tracked by their software as well as other details were exposed in a misconfigured MongoDB installation. The exposed data included text messages and images from and to the children. The exposure was discovered by Chris…