We previously reported about the microphone and video capabilities of Echo technology [view related post]. The FBI is also concerned about this technology being used in toys that are connected to the Internet. The FBI is so concerned that yesterday, it issued a Public Service Announcement that warns consumers that Internet-connected toys “could present privacy … Continue Reading
A cyber-attack against–Bithumb–one of South Korea’s largest cryptocurrency exchanges and one of the five largest in the world—has reaped access to the data of 30,000 users and drained their accounts in the process. Bithumb is one of the biggest ethereum exchanges by volume in South Korea, representing more than 44 percent of trading in that … Continue Reading
Anthem Inc. has reportedly agreed to pay a settlement of $115 million to its customers that were affected by what is being called one of the largest data breaches in U.S. history. The settlement is reportedly the largest ever to result from a data breach in the United States and would end a class action … Continue Reading
Social networking app Wishbone, which is used primarily by teenage girls to vote on various teenage type quizzes, like favorite entertainers or fashion, has been hacked. The intruders have reportedly gained access to users’ (again, primarily female minors) names, unique email addresses and mobile telephone numbers. Not just a few, either. The data compromised included … Continue Reading
Tricky decision to make if you are among the millions that travel for work…. how safe is it? Will the new “laptop travel ban” affect me? What airports am I connecting through that are of concern? Is public Wi-Fi secure? Did that person just look over my shoulder (a.k.a. Shoulder Surfing) while I was opening … Continue Reading
President Trump’s administration is asking Congress to grant the federal government power to track, hack and destroy any type of drone that is flying over domestic soil. The draft legislation includes new exception to laws governing surveillance, computer privacy and aircraft protection. This draft legislation stems from the government’s growing concern for the widespread use … Continue Reading
We have read multiple reports on WannaCry and if you are reading this and don’t know what WannaCry is, Google it for the background story. The clear message is this is not the last major attack we will see, and future attacks will only get more sophisticated. It is being estimated that the cost associated … Continue Reading
Over the past week, many clients and individuals have asked me why some companies and health care facilities were devastated by the WannaCry ransomware, and why others made it through the weekend without a blink of an eye. Simplistically, it is because those who pay attention to security patches that they receive from technology vendors … Continue Reading
We have previously reported on the vicious ransomware Locky and how it victimized companies throughout 2016 [View previous posts here, here, and here]. Although Locky quieted down in late 2016, according to researchers at Cisco Talos, Locky is perking up again in 2017 in a major way. Only this time, instead of using phishing email … Continue Reading
An unknown intruder was able to access team communication platform HipChat last weekend, allowing access to the account information of users, including email addresses, hashed passwords and names. There is also a chance that actual room metadata, which includes the room name and room topic, may have been compromised. The cyber-attacker was able to access … Continue Reading
University of Michigan researchers have discovered that hundreds of applications in Google Play turn Android phones into a server that allow the user to connect the phone directly to a PC and leave open insecure ports available on the smartphone. What does this mean? It means attackers can use the open insecure port to get … Continue Reading
Governor Susana Martinez recently signed into law the New Mexico “Data Breach Notification Act” (the Act), making New Mexico the 48th state (plus Puerto Rico and the District of Columbia) to adopt legislation mandating the provision of notice in the event of a data breach. The Act – which takes effect June 16, 2017 – … Continue Reading
Bangor Health Center, a psychiatric practice located in Bangor, Maine, has notified 4,229 patients that a hacker from Moldova has accessed their psychiatric records, including names, addresses, Social Security numbers, telephone numbers, diagnoses and doctors’ notes. The health center provides outpatient therapy to both children and adults for behavioral health conditions including substance use disorders, … Continue Reading
Two Massachusetts accounting firms separately recently notified the Office of the Massachusetts Attorney General and the Office of Consumer Affairs and Business Regulation of data breach incidents at their firms, resulting in the unauthorized access of their respective clients’ names, addresses and Social Security numbers. The first accounting firm, King McNamara Moriarty LLP (KMM) discovered … Continue Reading
We often talk about how anything that is connected to the Internet is hackable and unsafe, and to be careful about how you buy and connect devices, products, appliances, home security systems and other wireless “things.” These are called the Internet of Things, or “IoT.” Alexa is an IoT “thing.” Cybersecurity literature constantly warns us … Continue Reading
Showing no signs of letting up on enforcement actions, the Office for Civil Rights (OCR) late last week settled an investigation against Metro Community Provider Network MCPN, a Colorado based federally qualified health center, for alleged HIPAA violations. The fine, a whopping $400,000 for the center, which provides health care services to low income patients, … Continue Reading
On Thursday, Internal Revenue Service (“IRS”) Commissioner John Koskinen testified that the personal data of up to a 100,000 taxpayers could have been compromised as a result of criminal use of the Free Application for Federal Student Aid Data Retrieval Tool (“DRT”). Last week, we posted that the IRS disabled the tool after it suspected … Continue Reading
The Illinois Department of Employment Security has revealed that somewhere between 1.2 million and 1.4 million Illinois residents who have received unemployment benefits from the State of Illinois have had their names, dates of birth and Social Security numbers compromised through a hacking of its vendor’s database. The residents are those seeking jobs and using … Continue Reading
McDonald’s Canada has shut down its careers webpage following a breach that occurred in mid-March. A hacker gained access to the jobs section of its website and compromised the personal information, including names, addresses, telephone numbers, employment histories and other job application information of approximately 95,000 individuals. McDonald’s Canada has notified the privacy commissioners in … Continue Reading
We have previously discussed the class action case filed against Wendy’s as a result of a data breach [view related post]. The case was initially dismissed based upon lack of standing, but the plaintiffs were given the opportunity to amend the Complaint. After the filing of the Amended Complaint, Wendy’s filed a Motion to Dismiss. … Continue Reading
I frequently get complaints from small businesses that they don’t have the resources or resilience to properly address cybersecurity and that it is overwhelming to them. Well, it is. We frequently tell businesses that they must be prepared as they might not think they are targets, but they are. But what happened to the relevance … Continue Reading
Yahoo’s troubles for failing to timely disclose security breaches provides rare insight into quantifying the financial and other costs to a company’s shareholders and leadership when a security breach occurs and is mishandled. In 2014, more than a billion Yahoo accounts were hacked. Then in 2015 and 2016, more than 500,000 Yahoo user accounts were … Continue Reading
We continue to see all industries hit with W2 phishing scams, including the health care industry. Citizens Memorial Hospital, located in Bolivar, Missouri, was hit with the scam when one of its employees believed that an email received from another employee was legitimate, and sent the W2s of its employees from 2016 to a hacker. … Continue Reading
Cybersecurity specialists at BAE Systems and Symantec announced last week new evidence suggesting that the criminals behind the notorious 2014 attack on Sony Corp. are also responsible for recent cyber-attacks involving 104 organizations in 31 countries. Researchers and investigators have long attributed the 2014 Sony attack, which crippled computer systems and revealed internal emails, to … Continue Reading
