Kaiser Permanente information leak. Not a surprise. I tried their app but deleted because of the trackers (at least on web, I figure I have a chance to block). Their "website policy" notes that they sell information to ad companies, use web beacons. I love the "we don't store anything except" and then a list of just about anything you'd care about: name, DOB, health and medical info, debit/credit cards.
Prison for cybersecurity expert selling private videos from inside 400,000 homes.
Months before, the guy had given an interview demonstrating how simple it was to hack into wallpads - describing them as something that "middle schoolers with basic knowledge of computers can easily hack."
He later argued in court (unsuccessfully) that the data leak was to publicise the security vulnerabilities... 🙄
Privacy is dead, and all of your data, including medical information, is constantly being sold to the highest bidder. This is a terrible situation, and there should be strict regulations for those who are breaking the law. Source https://www.threads.net/@thebrianpenny/post/C6y2ckfxaDj/
@nixCraft UC health used a 3rd party to keep our medical records n it was hacked in March 2024. All of our private data just "poof" stolen. Also wasn't able to use their pharmacy for new prescriptions bc of back log on cleaning up the mess. #medicalinsurance#databreach
One year on and the OIAC is still quiet on its investigation into last year's Latitude data breach - and the lawyers working on a class action case are not very happy about it.
#CyberSecurity#DataBreach#Biometrics#FacialRecognition#DataProtection#Australia: "Police and federal agencies are responding to a massive breach of personal data linked to a facial recognition scheme that was implemented in bars and clubs across Australia. The incident highlights emerging privacy concerns as AI-powered facial recognition becomes more widely used everywhere from shopping malls to sporting events.
The affected company is Australia-based Outabox, which also has offices in the United States and the Philippines. In response to the Covid-19 pandemic, Outabox debuted a facial recognition kiosk that scans visitors and checks their temperature. The kiosks can also be used to identify problem gamblers who enrolled in a self-exclusion initiative. This week, a website called “Have I Been Outaboxed” emerged, claiming to be set up by former Outabox developers in the Philippines. The website asks visitors to enter their name to check whether their information had been included in a database of Outabox data, which the site alleges had lax internal controls and was shared in an unsecured spreadsheet. It claims to have more than 1 million records.
The incident has rankled privacy experts who have long set off alarm bells over the creep of facial recognition systems in public spaces such as clubs and casinos."
🤡 At Microsoft, years of security debt come crashing down
「 For many critics of Microsoft, the events of the past nine months are the logical conclusion of a company that has ridden the wave of market dominance for decades and ignored years of warnings that its product security and practices failed to meet the most basic standards.
“In a healthy marketplace, these would be fireable offenses,” 」
Regarding the data breach involving clubs and venues in Australia:
A company called Outabox got a contract to do venue signin software. They contracted a Philoipines group to do the actual work, ensuring all data was stored outside of Australia. After 4 years they broke off the deal without payment and grabbed the gathered data and ran. The Australian running the scam has been arrested.
SOME of the venues where Outabox systems are installed:
Breakers Country Club
Bulahdelah Bowling Club
Central Coast Leagues Club
ClubMex Club Mayfield
RSLCity of Sydney RSL
DiggersEttalong diggers
East Maitland Bowling Club
East Cessnock Bowling Club
Fairfield RSL Club
Gwandalan Bowling Club
Halekulani Bowling Club
Hornsby RSL Club
Ingleburn RSL Club
Merivale
Club Old Bar
Club Terrigal
The Tradies Dickson
Erindale Vikings
West Tradies
Check out the latest "Smashing Security" podcast from yours truly and Carole Theriault, looking at Indian election deepfakery, the kindness of the Canadian rail system, Leicester's ransomware attack, and 12 Angry Men!
Thanks to our sponsors Kolide by 1Password, Vanta, and Sonrai Security for their fab support!
Eight "unknown number" hang-up calls already today at 2pm; nine of them yesterday; not one repetition, all but one in our area code.
Is this related to the #UHC data breach? My mom has a United Health care plan (but not a Change Healthcare plan). She would be a prime target (pun intended) at 97 years of age.
Found a nice little Website which lets me check my #password strength.
I like it because it also requires me to input the website and login name so it does not use some stupid general rule but adjusts. And that for only $5/month!
On a unrelated note, does anybody know how someone breached my Gmail and bank accounts recently?
(This is a joke. But it also shows how easy it is to mistake something like a security hole as a feature)