The health of these health care workers’ data is questionable

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Sen­si­tive details of health work­ers employed by the U.S. military’s Spe­cial Oper­a­tions Com­mand (Socom) have been exposed in a data breach. The 11 giga­bytes of data includ­ed Social Secu­ri­ty num­bers, names, address­es and salaries of some Socom staff. All the work­ers, includ­ing some with top-secret clear­ances, were employed by sub­con­trac­tor Potomac Health­care. The cache of data was found unpro­tect­ed on the net by researcher Chris Vick­ery, from secu­ri­ty com­pa­ny Mac­K­eep­er. It includ­ed details of nurs­es, doc­tors and men­tal health sup­port staff as well as unit assign­ments and post­ings dat­ing back to 1998. The data appears to have been exposed when Potomac IT staff mis­con­fig­ured a data back-up. The sen­si­tive nature of the infor­ma­tion, includ­ing secu­ri­ty clear­ances and the deploy­ment loca­tions of staff, would make it very attrac­tive to “hos­tile enti­ties,” Vick­ery said. Source: BBC News

U.S. intelligence officials say Russian hacking targeted election; Trump to be briefed

sh_russian-election-hack_280The country’s top intel­li­gence offi­cial said that Russia’s med­dling in the 2016 elec­tion con­sist­ed of hack­ing, as well as the spread­ing of tra­di­tion­al pro­pa­gan­da and “fake news.” “What­ev­er crack, fis­sure, they could find in our tapes­try … they would exploit it,” said Direc­tor of Nation­al Intel­li­gence James R. Clap­per Jr, tes­ti­fy­ing before the Sen­ate Armed Ser­vices Com­mit­tee on for­eign cyber threats, and espe­cial­ly Russ­ian hack­ing and inter­fer­ence in the elec­tion. The hear­ing comes as Pres­i­dent-elect Don­ald Trump has loud­ly and repeat­ed­ly voiced skep­ti­cism that the Krem­lin was orches­trat­ing the cam­paign, direct­ly clash­ing with the view of the U.S. intel­li­gence com­mu­ni­ty and the committee’s chair­man, Sen. John, R-Ariz. Every Amer­i­can “should be alarmed by Russia’s attacks on our nation,” McCain said at the open­ing of the packed hear­ing. The CIA and FBI directors—along with the direc­tor of nation­al intelligence—will brief Trump on the inves­ti­ga­tion into Russia’s alleged hack­ing efforts. Tran­si­tion offi­cials say CIA Direc­tor John Bren­nan, FBI Direc­tor James Comey and Clap­per will meet with Trump today. Sources: The Wash­ing­ton Post; US News

Oops; turns out Russians weren’t involved in Vermont utility hack

The Wash­ing­ton Post has cor­rect­ed a sto­ry that orig­i­nal­ly said Russ­ian hack­ers pen­e­trat­ed the U.S. elec­tric grid by breach­ing a util­i­ty com­pa­ny in Ver­mont. “An ear­li­er ver­sion of this sto­ry incor­rect­ly said that Russ­ian hack­ers had pen­e­trat­ed the U.S. elec­tric grid. Author­i­ties say there is no indi­ca­tion of that so far. The com­put­er at Burling­ton Elec­tric that was hacked was not attached to the grid,” an editor’s note attached to the orig­i­nal arti­cle said. Source: The Hill

The Bay State to tell residents about identity theft reports

sh_massachusetts_280The Mass­a­chu­setts Office of Con­sumer Affairs and Busi­ness Reg­u­la­tion is mak­ing reports of poten­tial iden­ti­ty theft avail­able to the pub­lic on its web­site. Pre­vi­ous­ly those reports could only be accessed by a pub­lic records request. State law requires that any com­pa­ny or oth­er enti­ty that keeps per­son­al infor­ma­tion about a Mass­a­chu­setts res­i­dent noti­fy state offi­cials, as well as affect­ed cus­tomers, any time that infor­ma­tion is compromised—either by acci­dent or an inten­tion­al act. Source: WJAR, Rhode Island

Cards on the table: Buyer info was breached

Topps, mak­er of Star Wars, Frozen and var­i­ous sports-relat­ed trad­ing cards, noti­fied cus­tomers of secu­ri­ty breach­es in which one or more intrud­ers infil­trat­ed its sys­tem and “may have gained access to [cus­tomers’] names, address­es, email address­es, phone num­bers, deb­it or cred­it card num­bers, card expi­ra­tion days and card ver­i­fi­ca­tion num­bers.” Any­one who bought items through its web­site from June 30 to that date could be affect­ed. Source: Engad­get

Your Bitcoin wallet might have developed a leak

sh_Bitcoin_280Keep­Key, a ven­dor of Bit­coin hard­ware wal­lets, noti­fied users of a secu­ri­ty breach that exposed some cus­tomers’ details. Darin Stanch­field, Keep­Key founder and CEO, says the attack took place on Christ­mas Day when an unknown attack­er acti­vat­ed a new phone num­ber with Stanchfield’s Ver­i­zon account. This allowed the attack­er to request a pass­word reset for his Ver­i­zon email account, then to request pass­word resets for sev­er­al ser­vices where the Keep­Key founder had used that email address to reg­is­ter pro­files. Source: Bleep­ing Com­put­er

Adobe settles breach case with 15 states

Adobe set­tled its data breach case with sev­er­al states fol­low­ing a legal bat­tle that start­ed in 2013. The Flash provider agreed to pay $1 mil­lion, which would be divid­ed among the 15 states involved in the case. The com­pa­ny also arranged to car­ry out bet­ter poli­cies and rules gov­ern­ing its secu­ri­ty mea­sures, includ­ing a reg­u­lar eval­u­a­tion of its secu­ri­ty mea­sures and com­pli­ance with the req­ui­site state con­sumer law. Source: Legal Newsline

Data breach victims have trouble getting through to help

sh_hotline_280The New Hamp­shire Depart­ment of Health and Human Ser­vices apol­o­gized for long wait times at its call cen­ter for vic­tims of a recent depart­ment data breach. The data breach occurred in Octo­ber 2015 when a New Hamp­shire Hos­pi­tal res­i­dent accessed con­fi­den­tial infor­ma­tion of 15,000 HHS clients, using a com­put­er at the hos­pi­tal library. Source: The Con­cord Mon­i­tor

 As GOP takes power, privacy regulations come under attack

sh_internet-privacy_280Major inter­net providers are ask­ing the gov­ern­ment to roll back a land­mark set of pri­va­cy reg­u­la­tions. In a peti­tion filed to fed­er­al reg­u­la­tors, a trade group whose mem­bers include Com­cast, Char­ter and Cox Com­mu­ni­ca­tions argued that the rules should be thrown out. “They are unnec­es­sary, unjus­ti­fied, unmoored from a cost-ben­e­fit assess­ment, and unlike­ly to advance the Commission’s stat­ed goal of enhanc­ing con­sumer pri­va­cy,” wrote NCTA—The Inter­net and Tele­vi­sion Asso­ci­a­tion. Source: The Wash­ing­ton Post

School staff gets letter on data breach

The North­side Inde­pen­dent School Dis­trict in San Anto­nio, Texas, sent let­ters to about 23,000 for­mer and cur­rent stu­dents and employ­ees about a secu­ri­ty breach that might have put their per­son­al infor­ma­tion at risk. The breach could include names, address­es, dates of birth. The school dis­trict agreed to pro­vide one year’s worth of pro­fes­sion­al cred­it mon­i­tor­ing to stu­dents and staff. Source: KSAT, San Anto­nio

Do you hear an Echo? It might be your private conversations

sh_amazon-echo_280Pros­e­cu­tors in Ben­ton Coun­ty, Arkansas, are pres­sur­ing Ama­zon to turn over elec­tron­ic data that was record­ed on one of its Echo smart speak­ers. Author­i­ties hope the record­ings will reveal what led to the death of Vic­tor Collins, who was found dead in a hot tub owned by one of his co-work­ers, James Bates. Bates has been charged in Collins’ death. So far, Ama­zon has refused to give pros­e­cu­tors the data, say­ing that it is pro­tect­ing the pri­va­cy of a client. Source: The San Diego Union Tri­bune