John Hudson writes: An IT expert speaking with The New York Times called it a Mission Impossible-like operation. Last month, a team of unidentified hackers accessed information to 200,000 Citigroup bank accounts by simply waltzing through the “front door” of Citigroup’s customer website. The bank came under fire last week for waiting nearly a month before notifying customers…
Revealed: How Citigroup hackers broke in ‘through the front door’ using bank’s website
Lee Moran reports: Hackers who stole the personal details of more than 200,000 Citigroup customers ‘broke in through the front door’ using an extremely simple technique. It has been called ‘one of the most brazen bank hacking attacks’ in recent years. And for the first time it has been revealed how the sophisticated cyber criminals…
Southern New Hampshire Medical Center reports breach after virus exfiltrated SSN of 17 patients
On May 23, the Southern New Hampshire Medical Center notified the New Hampshire Attorney General’s Office that it had learned its computer system had become infected with a virus on April 19. The center indicated that it had responded promptly in April to secure the system and that, at most, 17 individuals may have…
Report from first health care privacy conference
Andy Oram writes: Strange that a conference on health privacy has never been held before, so I’m told. Privacy in health care is the first topic raised whenever someone talks about electronic health records–and dominates the discussion from then on–or, on the other hand, is dismissed as an overblown concern not worthy of criticism. But…
St. Louis University student information containing Social Security numbers found discarded in alley
Ann Rubin reports: Documents with the personal information of dozens of former St. Louis University students were littered near a dumpster in a back alley. How did they get there and why weren’t they shredded? The university is searching for answers. NewsChannel 5 received a tip Monday from someone who saw the paperwork discarded late…
Petition for Rehearing Filed in United States v. Nosal, the Ninth Circuit Case on Criminalizing Violations of Computer Use Policies
Orin Kerr writes: A petition for rehearing was recently filed in United States v. Nosal, the Ninth Circuit decision holding that an employee who violates his employer’s computer use policy is guilty of “exceeding authorized access” to the employer’s computer. I have posted a copy here. I hope the Ninth Circuit grants rehearing, as I think the Nosal case…