In a closely watched case, a federal judge today ruled against a high school sophomore who refused to wear a student ID embedded with a radio frequency chip that tracks students’ movement on campus.
California and U.S. authorities are investigating whether Kaiser Permanente violated some 300,000 patients’ privacy when dealing with a Mom and Pop document storage company that kept medical records in a shared warehouse and stored sensitive data on home computers.
An Idaho non-profit hospice has been fined $50,000 for losing a laptop containing unencrypted data on 441 patients.The laptop was stolen in February 2011 from a hospice worker’s car and never retrieved, according to news accounts. But Hospice of North Idaho officials say there is no evidence the personal information has been used to commit identity theft or fraud.
UPDATE – Some 4,000 University of Michigan Health Systems patients had their medical data compromised last month when a vendor’s laptop containing medication log files was stolen from a vehicle.That medication management provider, Mountain View, Calif.-based Omnicell, admits it violated both its own and UMHS hospitals’ data storage policies when it left patients’ demographics, medication regimes and admissions records on an unsecured device that was stolen from an Omnicell employee’s car on Nov. 14.
A “blast from the past” surfaced recently among those who play Microsoft Excel-based Sudoku puzzles: malware spread by macros.
Spreading malicious code via macros was the rage among the digital underground in the late 1990s, so much so that Microsoft eventually disabled them by default.
The Federal Trade Commission Tuesday demanded nine data brokerage companies turn over details on how they collect and use consumer information as part of an inquiry into the industry’s business practices.The companies include Acxiom of Little Rock, Ark.; Corelogic of Irvine, Calif.; Datalogix of Westminster, Colo.; eBureau of St. Cloud, Minn.; ID Analytics of San Diego; Intelius of Bellevue, Wash.; Peekyou of New York; Rapleaf of Chicago; and Recorded Future of Cambridge, Mass.
An FBI memo says cyber intruders took advantage of weak credentialing in an industrial control system to gain control of a New Jersey air conditioning company’s heating, ventilation and air conditioning units.
Earlier reports of a planned, sophisticated attack on 30 U.S. banks to siphon millions from fake wire transfers have been vetted by McAfee Labs in a just-released report.
The Federal Trade Commission on Monday said it’s launching “non-public investigations” to determine if mobile application providers are violating federal laws by collecting information on children without their parents’ permission.A report indicates almost 60 percent (235) of the children-centric mobile apps the agency reviewed from Google and Apple app stores collected device IDs and other private data often shared with an advertising network, analytics company or other third party. More than half also displayed advertising, such as one children’s app that showed an advertisement for an adult singles club. Only 20 percent disclosed their privacy policy.
An estimated 1.1 million consumers are at risk of identity theft after thieves broke into servers belonging to Nationwide and Allied insurance companies. Victims include current policyholders and those who sought insurance quotes.The breach took place Oct. 3 and was discovered the same day. Nationwide immediately contacted authorities, but it waited to inform consumers directly. Earlier news accounts offered some hints at the scope of the breach, including some 30,000 victims in Florida and Ohio and 90,000 in Iowa.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
