Kelly Fiveash reports: The Australian division of mobile giant Vodafone has admitted that one of its employees illegally accessed the phone records of a journalist to try to uncover her sources, following publication of a negative story. However, Vodafone – which first investigated allegations of a privacy breach four years ago – has strongly denied…
Why does the FTC keep ignoring my inquiry?
On July 31, after reading a news story about a breach involving a school district, I emailed the FTC to ask for clarification on FACTA: I have searched and searched but cannot find a definitive answer to the following: Are k-12 public school districts covered by FACTA? Assume for purposes of my question that there…
NZ: Police file leak ‘could put lives at risk’
Radio New Zealand reports: Police say that sensitive, secret files have been mistakenly sent to a defence lawyer and have been widely circulated. A criminal lawyer who has seen the files said they contained details about informants, criminal activity and police surveillance that could put people at risk. The mistake occurred when a standard criminal…
Sutter Health reports breach involving billing documents
Cathy Locke reports: Sutter Health announced Friday that it is notifying 2,582 patients that personal information was included in electronic versions of billing documents that a former employee emailed to a personal account without authorization. For all but two of the affected patients, no Social Security numbers, financial information or driver’s license data were included,…
Highmark’s statement on the Excellus BlueCross BlueShield security breach.
Highmark is alerting its members that their data may have been caught up in the Excellus breach if they obtained services from BCBS while traveling in another service area than their primary coverage. Highmark was notified of a data breach involving another large health insurer. We want to ensure that you are also aware of…
US-CERT’s do’s-and-don’ts for after the cyber hack
Jason Miller reports that US-CERT is offering best practices for after an attack. Here’s a bit of what he reports: Hacked organizations shouldn’t automatically initiate reactive measures to the network without first consulting incident response experts. Barron-DiCamillo said US-CERT and a host of other companies do incident responses for a living as opposed systems administrators…