Home Depot. Cards stolen in Target. JP Morgan Chase. US cost of data breach. Neiman Marcus breach. Nielsen staffer accidentally sends mass email containing employe. Emerging privacy issues for IS retailers. Medicaid card error was privacy breach. T-Mobile customers impacted in data breach. South Ga. hospital system probing data breach Read more here: ht. Health data breach US. What Rapleaf Knows About You: WSJ Reports: Tech News ? Last week, I pointed out that in the recent brouhaha over privacy and Facebook, the real culprit was San Francisco-based identity and information aggregator, Rapleaf.
And then I explained how the company gathers information, especially by partnering with third-party applications and services such as eTacts, Rapportive and several more. Today, Wall Street Journal’s Emily Steel has written an in-depth (and excellent) expose of this company, whose tentacles are spread deep into the Internet. RapLeaf’s privacy policy states it won’t “collect or work with sensitive data on children, health or medical conditions, sexual preferences, financial account information or religious beliefs.” After the Journal asked RapLeaf whether some of its profile segments contradicted its privacy policy, the company eliminated many of those segments.
Here is what The Wall Street Journal found: Rapleaf’s web of cookies and data-collection end points is pretty vast. Related content from GigaOM Pro (sub req’d): Uk.businessinsider. Roslan Rahman/AFP/Getty The hacker group known as Anonymous released a file on Friday containing about 13,000 passwords, it claims. The stolen account information was posted to Internet file sharing site Ghostbin. That's not the biggest password hack we've ever seen. With millions of passwords in use for sites around the internet, chances are, yours is not among these 13,000.
But these accounts come from a variety of online sources, the Anonymous claims, some of them really popular. DailyDot's Aaron Sankin sifted through the file and discovered the leaks came from the following sites: AmazonWalmartPlayStation NetworkXbox LiveTwitch.tvOrigin.comHulu PlusDellShutterstock The file also included the accounts of a number of dating and porn sites, and it appears to have some passwords for a popular security program known as CyberGhost, which protects you from a hacker snooping on you when you use public WiFi hotspots.
And 2) this is another warning that the bad guys are plentiful in cyberspace. There’s a new sheriff in town: the FCC’s first data breach fine. A new data breach fine that the Federal Communications Commission (“FCC”) is levying should be a wakeup call to all Florida businesses that they must adequately safeguard their consumer’s personal information. On October 24, 2014, the FCC levied its first fine under the Communications Act of 1934 against two companies that allegedly failed to do so. Those companies allegedly placed consumers’ personal information on unprotected Internet servers. Specifically, the FCC alleges that in early 2013 an investigative reporter for Scripps Howard News Service was able to access a consumer’s data file by “conducting a simple Google Search” and that “[o]nce it had located a single file, Scripps shortened that file’s URL and obtained access to the entire directory of applicant and subscriber data.”
The FCC’s action does not specify the level of care a company must exercise to avoid a fine under Sections 201(b) and 222(a) of the Communications Act. Data breach class actions – US developments and implications for Australia. Introduction In the majority of US states, mandatory data breach notification legislation requires organisations who suffer data security breaches to notify regulators and relevant individuals where there has been an unauthorised disclosure of personal information.
Since the introduction of these laws in 2003, there has (until recently) been a significant amount of class action litigation against companies involved in such breaches of data security. These mandatory breach reporting laws have facilitated class action activity by providing claimants with early notification of breaches, and have assisted in identifying the affected class of individuals, with plaintiff firms often launching claims within days (and in some cases, hours) of notification of a breach.
However, all this changed in late 2013 with the US Supreme Court decision in Clapper v. Clapper Decision Standing post-Clapper: Parallels to Australian law and implications for future data breach class actions Concluding thoughts. Stolen laptops = HIPAA settlements totaling nearly two million dollars. Unencrypted laptop computers and other mobile devices pose significant risks to the security of patient information, reminds the U.S. Department of Health and Human Services Office for Civil Rights (OCR) in its announcement yesterday that it collected $1,975,220 from two entities collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.
All HIPAA covered entities and business associates should review these resolutions agreements as they are instructive to handling a key area of risk for just about any such organization – electronic mobile devices – which are frequently lost or stolen, and not encrypted. In one of the cases, OCR found that the covered entity, Concentra Health Services: In other words, OCR claims that although Concentra identified the lack of encryption as a risk, OCR determined that it failed to adequately remediate or manage the risk. Conduct a risk assessment to identify vulnerabilities. Hardware manufacturer LaCie suffered year-long data breach. Posted on 15 April 2014. French computer storage hardware manufacturer LaCie has suffered a data breach that affected a yet unconfirmed number of their customers.
"On March 19, 2014, the FBI informed LaCie that it found indications that an unauthorized person used malware to gain access to information from customer transactions that were made through LaCie’s website," the company shared in the incident notification. "We have hired a leading forensic investigation firm, who is conducting a thorough investigation, and assisting us in implementing additional security measures. Based on the investigation, we believe that transactions made between March 27, 2013 and March 10, 2014 were affected. " The information that was possibly compromised during the breach includes the customers' name, address, email address, payment card number and card expiration date, and likely even their user names and password.