The health of these health care workers’ data is questionable

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Sensitive details of health workers employed by the U.S. military’s Special Operations Command (Socom) have been exposed in a data breach. The 11 gigabytes of data included Social Security numbers, names, addresses and salaries of some Socom staff. All the workers, including some with top-secret clearances, were employed by subcontractor Potomac Healthcare. The cache of data was found unprotected on the net by researcher Chris Vickery, from security company MacKeeper. It included details of nurses, doctors and mental health support staff as well as unit assignments and postings dating back to 1998. The data appears to have been exposed when Potomac IT staff misconfigured a data back-up. The sensitive nature of the information, including security clearances and the deployment locations of staff, would make it very attractive to “hostile entities,” Vickery said. Source: BBC News

U.S. intelligence officials say Russian hacking targeted election; Trump to be briefed

sh_russian-election-hack_280The country’s top intelligence official said that Russia’s meddling in the 2016 election consisted of hacking, as well as the spreading of traditional propaganda and “fake news.” “Whatever crack, fissure, they could find in our tapestry … they would exploit it,” said Director of National Intelligence James R. Clapper Jr, testifying before the Senate Armed Services Committee on foreign cyber threats, and especially Russian hacking and interference in the election. The hearing comes as President-elect Donald Trump has loudly and repeatedly voiced skepticism that the Kremlin was orchestrating the campaign, directly clashing with the view of the U.S. intelligence community and the committee’s chairman, Sen. John, R-Ariz. Every American “should be alarmed by Russia’s attacks on our nation,” McCain said at the opening of the packed hearing. The CIA and FBI directors—along with the director of national intelligence—will brief Trump on the investigation into Russia’s alleged hacking efforts. Transition officials say CIA Director John Brennan, FBI Director James Comey and Clapper will meet with Trump today. Sources: The Washington Post; US News

Oops; turns out Russians weren’t involved in Vermont utility hack

The Washington Post has corrected a story that originally said Russian hackers penetrated the U.S. electric grid by breaching a utility company in Vermont. “An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid,” an editor’s note attached to the original article said. Source: The Hill

The Bay State to tell residents about identity theft reports

sh_massachusetts_280The Massachusetts Office of Consumer Affairs and Business Regulation is making reports of potential identity theft available to the public on its website. Previously those reports could only be accessed by a public records request. State law requires that any company or other entity that keeps personal information about a Massachusetts resident notify state officials, as well as affected customers, any time that information is compromised—either by accident or an intentional act. Source: WJAR, Rhode Island

Cards on the table: Buyer info was breached

Topps, maker of Star Wars, Frozen and various sports-related trading cards, notified customers of security breaches in which one or more intruders infiltrated its system and “may have gained access to [customers’] names, addresses, email addresses, phone numbers, debit or credit card numbers, card expiration days and card verification numbers.” Anyone who bought items through its website from June 30 to that date could be affected. Source: Engadget

Your Bitcoin wallet might have developed a leak

sh_Bitcoin_280KeepKey, a vendor of Bitcoin hardware wallets, notified users of a security breach that exposed some customers’ details. Darin Stanchfield, KeepKey founder and CEO, says the attack took place on Christmas Day when an unknown attacker activated a new phone number with Stanchfield’s Verizon account. This allowed the attacker to request a password reset for his Verizon email account, then to request password resets for several services where the KeepKey founder had used that email address to register profiles. Source: Bleeping Computer

Adobe settles breach case with 15 states

Adobe settled its data breach case with several states following a legal battle that started in 2013. The Flash provider agreed to pay $1 million, which would be divided among the 15 states involved in the case. The company also arranged to carry out better policies and rules governing its security measures, including a regular evaluation of its security measures and compliance with the requisite state consumer law. Source: Legal Newsline

Data breach victims have trouble getting through to help

sh_hotline_280The New Hampshire Department of Health and Human Services apologized for long wait times at its call center for victims of a recent department data breach. The data breach occurred in October 2015 when a New Hampshire Hospital resident accessed confidential information of 15,000 HHS clients, using a computer at the hospital library. Source: The Concord Monitor

 As GOP takes power, privacy regulations come under attack

sh_internet-privacy_280Major internet providers are asking the government to roll back a landmark set of privacy regulations. In a petition filed to federal regulators, a trade group whose members include Comcast, Charter and Cox Communications argued that the rules should be thrown out. “They are unnecessary, unjustified, unmoored from a cost-benefit assessment, and unlikely to advance the Commission’s stated goal of enhancing consumer privacy,” wrote NCTA—The Internet and Television Association. Source: The Washington Post

School staff gets letter on data breach

The Northside Independent School District in San Antonio, Texas, sent letters to about 23,000 former and current students and employees about a security breach that might have put their personal information at risk. The breach could include names, addresses, dates of birth. The school district agreed to provide one year’s worth of professional credit monitoring to students and staff. Source: KSAT, San Antonio

Do you hear an Echo? It might be your private conversations

sh_amazon-echo_280Prosecutors in Benton County, Arkansas, are pressuring Amazon to turn over electronic data that was recorded on one of its Echo smart speakers. Authorities hope the recordings will reveal what led to the death of Victor Collins, who was found dead in a hot tub owned by one of his co-workers, James Bates. Bates has been charged in Collins’ death. So far, Amazon has refused to give prosecutors the data, saying that it is protecting the privacy of a client. Source: The San Diego Union Tribune