Melissa Burden reports: Blue Cross Blue Shield of Michigan is notifying about 6,500 members whose personal, but non-medical information was exposed on a third-party website, the insurer said today. The nonprofit health insurer said the breach involved a website created by Harper Woods-based Tstream Software, which was doing work on behalf of Warren-based Agent Benefits…
Today’s Award for the Silliest Theory of the Computer Fraud and Abuse Act
Orin Kerr, a law professor and former attorney in the DOJ who worked in the computer crimes division, has a commentary on a lawsuit involving CFAA claims that’s interesting in terms of defining the scope of what the Computer Fraud and Abuse covers – and shouldn’t cover: Today’s Award for the Silliest Theory of the…
Recent OSU computer system hack leaves students susceptible
Pamela Engel writes about an Ohio State University breach that was previously reported as affecting 760,000 individuals: … OSU officials discovered a “suspicious log-in to a server on the (OSU) computer system” during a routine computer-security check, according to the letter. The university notified anyone who has ever had an OSU e-mail address, which includes…
Computer with Guardsmen’s Personal Info Stolen from Santa Fe Headquarters
New Mexico soldiers deploying to Kosovo now have one more thing to worry about after a computer containing personal information was stolen from the National Guard Headquarters in Santa Fe. It contained deployment records and social security information for about 650 soldiers throughout the state. The computer was stolen sometime between Dec. 23-28. Soldiers affected…
IN: Hospital Security Breach Puts St. Vincent's Patients' Records At Risk
A security breach at St. Vincent Indianapolis Hospital may have put the records of 1,800 patients at risk. Hospital officials said they learned in November that certain associate e-mail accounts were breached, which may have allowed patient names, dates of service and certain clinical information to be accessed. Those patients were sent a letter from…
New report: Data Breach Notifications in Europe
The EU’s ‘cyber security’ Agency ENISA, (the European Network and Information Security Agency) has today issued a report on Data Breach Notifications. The EU data breach notification (DBN) requirement for the electronic communications sector in the ePrivacy Directive (2002/58/EC) is vital to increase in the long term the level of data security in Europe. The…