Yahoo has the dubious honor of having been on the receiving end of the largest data breach in history. As a consequence, the company has recently agreed to pay $50 million in damages and provide free credit monitoring services to its impacted users. The company actually suffered a pair of breaches in 2013 and in 2014, although this information was not disclosed by the company until 2016. All of the company's 3 billion users were impacted, and more than 200 million of them saw losses arising … Read more
HIPAA Fines For Data Breaches Continue To Grow
Anthem is one of the largest insurance providers in the United States. Unfortunately in 2015, they had the dubious honor of suffering the largest health data breach in history. It left protected health information of nearly 79 million of their customers exposed. As a result, a division of the US Department of Health and Human Services called the Office for Civil Rights (OCR), levied the largest fine against the company in the agency's history. They were fined a staggering sixteen million … Read more
Data Breach Affects Federal Healthcare System
You probably haven't heard of the Centers for Medicare and Medicaid Systems. They're a low-profile division of the Department of Health and Human Services responsible for administering the Affordable Care Act. Recently, the company announced that they detected anomalous activity in the systems related to the healthcare.gov website that brokers and insurance agents use to assist people who apply for healthcare coverage. The abnormal activity was detected in the Federally Facilitated … Read more
Another Data Breach, This Time At The Pentagon
As many as 30,000 people made up of a mix of both civilian and military personnel have had their personal and financial information exposed. This exposure is what has been reported as a major security breach of the Pentagon. This is proof positive that no organization is safe from watchful hackers scattered all around the world. The Associated Press report on the incident includes: "The department is continuing to gather additional information about the incident, which involves the … Read more
Payment Pages Are Being Compromised To Steal Data
Symantec's most recent statistics have revealed a disturbing trend. Malware designed to compromise checkout pages is seeing a big spike in use, with the company reporting a staggering 248,000 attempts since August 13th of this year, with more than a third of them (36 percent) between September 13th through September 20th. As disturbing as those numbers are, that's just the tip of the iceberg. As Symantec notes on their website: "If we compare the week of September 13 to 20 to the same … Read more
How Long Before You Experience A Cyber Attack?
According to this year's Traveler's Risk Index, published by The Traveler's Indemnity Company, a majority of business owners have a somewhat fatalistic view of hacking and data breaches. The index includes 52 percent of survey respondents indicating that they believe a cyber-attack is inevitable. The other statistics in the report paint a grim picture. Here's a quick overview: 55 percent of business owners say that they have not completed a cyber risk assessment 63 percent say that … Read more
Government Payment Processor Exposes Data On Millions Of Americans
If you use the GovPayNet portal, be advised that your personal information is currently at risk. Although at this point, there's no indication that any hacker has made use of it. The portal is run by Government Payment Service, and is used by many Americans to pay fines, fees and bills generated by more than two thousand different government agencies operating in 35 states. Unfortunately, the way the website is configured, when it issues a receipt for a payment, it numbers those receipts … Read more
Data Breach Notifications May Get Standardized
A new piece of legislation is making its way through the halls of Congress that could standardize and streamline the data security and breach notification process for financial institutions. This is something that most people in the industry tout as an improvement over the current situation. The Consumer Information Notification Requirement Act (H. R. 6743) legislation was approved by committee not long after Congress received a letter cosigned by members from the American Bankers … Read more
An Exploited Website Can Cause Apple Products To Crash
Users of Apple tech have a new reason to worry. A security researcher named Sabri Haddouche, who works for an instant messaging app called "Wire," has published a proof of concept web page. It contains a fatal exploit that can crash and restart iPhones, iPads and any Mac. Essentially then, the entire Apple ecosystem is vulnerable. Worse, the security flaw can be exploited using nothing more than CSS and HTML code. The flaw resides in Apple's WebKit, which is its web rendering engine used … Read more
Popular NAS Device May Easily Be Compromised
Western Digital has a big problem, and if you use the company's "My Cloud" network-attached storage (NAS) storage devices, you've got one too. The WD My Cloud service is enormously popular because it's so convenient, allowing both business owners and individuals to store their files, perform periodic backups, and of course, access their data from anywhere in the world. Recently, security researchers have discovered an authentication bypass vulnerability that could allow an attacker to gain … Read more