Yale faces second lawsuit for 10-year-old data breach

(Oct 19, 2018) Yale University now faces a second lawsuit over a data breach that took place 10 years ago in which hackers accessed more than 100,000 students’ personal information, the Herald-Mail Media reports. Yale notified students impacted by the breach about six weeks after discovery, offered a year of identity-theft protection services, and concluded no investigation would take place. The lawsuit alleges the university “improperly retained personal information” and that it was made aware of data breach ... Read More

Card Factory fixes website flaw allowing access to other users' photos

(Oct 18, 2018) A website developer discovered a vulnerability with U.K.-based greeting card company Card Factory's website, Mashable reports. The flaw allowed anyone to manipulate the site's URL to access photos belonging to other users. Milton Keynes Website Developer Iain Row found he was able to download any images without restrictions through the defect. “The trust and privacy of our customers is of upmost (sic) importance to us. After recently being made aware of this issue, we have applied a security upd... Read More

Spammers believed to be behind the latest Facebook data breach

(Oct 18, 2018) According to those familiar with Facebook’s internal investigation, hackers behind the company’s latest attack are believed to be spammers who had hoped to profit from deceptive advertising, The Wall Street Journal reports. The investigation followed the internal discovery that someone was downloading large quantities of digital access tokens on the platform, accessing the private information of 30 million Facebook users. While Facebook officials are providing few details, it is not believed the... Read More

Irish DPC to investigate Facebook data breach

(Oct 17, 2018) In what is regarded as the first substantial test of the EU General Data Protection Regulation, the Irish Data Protection Commission said approximately 3 million Europeans were affected by a Facebook security breach in September, CNBC reports. A spokesman for the Irish DPC said, "The update from Facebook last Friday, 12 October, was significant as Facebook has confirmed that the personal data of millions of users was taken by the perpetrators of the attack." He added, "The Data Protection Commis... Read More

Dating app leaks users' data

(Oct 17, 2018) The entire user database of Donald Daters, a new online dating app for supporters of U.S. President Donald Trump, has leaked online, TechCrunch reports. Touting it wants to help "make America date again," the app's database, which included usernames, profile pictures, device type, and private messages, as well as access tokens, was accessible from a public data repository. After being alerted to the issue, Emily Moreno, founder of the app and former aide to Sen. Marco Rubio, R-Fla., said, "We ha... Read More

Anthem to pay $16M to OCR over 2015 data breach

(Oct 16, 2018) The U.S. Department of Health and Human Services announced Anthem has agreed to pay $16 million to the HHS Office for Civil Rights to settle alleged violations of the Health Insurance Portability and Accountability Act Privacy and Security Rules related to its 2015 data breach. Anthem's $16 million total surpasses a $5.55 million payment received by the OCR in 2016 to become the largest settlement ever received by the agency for a HIPAA violation. “The largest health data breach in U.S. history ... Read More

Facebook releases further breach details

(Oct 15, 2018) Reuters reports that Facebook has released more details related to its recent announcement that hackers exploited a vulnerability in its "view as" feature for just over a year. First, Facebook revised down the figure of affected users across the globe, from roughly 50 million to 29 million. Further, the company outlined that just 14 million users lost "profile details such as birth dates, employers, education history, religious preference, types of devices used, pages followed and recent searche... Read More

Pentagon hit by data breach potentially affecting 30K employees

(Oct 15, 2018) The Pentagon announced it has been hit by a data breach potentially impacting 30,000 employees, The Associated Press reports. A cyberattack on an unidentified vendor resulted in compromised personal data and credit card information of U.S. military and civilian personnel. Pentagon Spokesman Lt. Col. Joseph Buccino said the department is investigating the breach to determine who was behind the attack and whether more individuals will be affected. “The department is continuing to assess the risk o... Read More

Poll: 54 percent of cybersecurity pros support federal US breach notification law

(Oct 15, 2018) After polling more than 100 cybersecurity professionals from the government and the private sector, The Washington Post reports 54 percent of respondents support a federal U.S. data breach notification law similar to the requirements within the EU General Data Protection Regulation. Rep. Jim Langevin, D-R.I., was one of the supporters of a federal breach rule, saying organizations would benefit from no longer having to follow breach notification guidelines for each individual state. On the other... Read More

Aetna reaches settlements with attorneys general over HIV disclosures

(Oct 15, 2018) HealthITSecurity reports Aetna has reached settlements with several state attorneys general for disclosing the HIV statuses of 12,000 patients in violation of the Health Insurance Portability and Accountability Act. Aetna will pay about $100,000 to Connecticut, $175,000 to the District of Columbia, $365,000 to New Jersey, and an undisclosed amount to Washington state. The health insurer has also agreed to implement new policies and procedures to protect patients' personal health information and ... Read More