Data Breaches - W/E - 101918
About 30,000 Defense Department Employees Had Travel Data Breach (10/15/2018)
Travel records for Department of Defense (DOD) employees were breached, resulting in the theft of personal data and payment card information, the Associated Press (AP) reported. An anonymous US official said that 30,000 employees may have been affected. In a statement, a Pentagon cyber team notified leaders of the incident on October 4. Lieutenant Colonel Joseph Buccino, a Pentagon spokesman, said, "It's important to understand that this was a breach of a single commercial vendor that provided service to a very small percentage of the total population" of DOD personnel. The affected vendor has not been identified and further details, including the dates of the breach, have not been made public.
Travel records for Department of Defense (DOD) employees were breached, resulting in the theft of personal data and payment card information, the Associated Press (AP) reported. An anonymous US official said that 30,000 employees may have been affected. In a statement, a Pentagon cyber team notified leaders of the incident on October 4. Lieutenant Colonel Joseph Buccino, a Pentagon spokesman, said, "It's important to understand that this was a breach of a single commercial vendor that provided service to a very small percentage of the total population" of DOD personnel. The affected vendor has not been identified and further details, including the dates of the breach, have not been made public.
Anthem to Pay $16 Million for Breach that Violated HIPAA Laws (10/17/2018)
The Department of Health and Human Services (HHS) Office for Civil Rights has announced that health insurer Anthem will pay $16 million USD in penalties to settle potential privacy violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules after a series of cyber attacks led to the largest US health data breach in history and exposed the electronic protected health information of almost 79 million people. Anthem is an independent licensee of the Blue Cross and Blue Shield Association operating throughout the United States and is one of the nation's largest health benefits companies. In its investigation, HHS said that Anthem had not implemented the proper controls to circumvent hackers.
The Department of Health and Human Services (HHS) Office for Civil Rights has announced that health insurer Anthem will pay $16 million USD in penalties to settle potential privacy violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules after a series of cyber attacks led to the largest US health data breach in history and exposed the electronic protected health information of almost 79 million people. Anthem is an independent licensee of the Blue Cross and Blue Shield Association operating throughout the United States and is one of the nation's largest health benefits companies. In its investigation, HHS said that Anthem had not implemented the proper controls to circumvent hackers.
Cyber Thieves Selling 35 Million Voter Records in Dark Underground (10/17/2018)
Anomali Labs researchers, in close partnership with Intel 471, a cybercrime intelligence provider, has uncovered a widespread unauthorized information disclosure of US voter registration databases. While the data is typically available to the public for legitimate uses, it has been learned that a large quantity of voter databases are up for sale on the dark underground. The disclosure affects 19 states and is estimated to contain 35 million records. The databases include valuable personally identifiable information and voting history.
Anomali Labs researchers, in close partnership with Intel 471, a cybercrime intelligence provider, has uncovered a widespread unauthorized information disclosure of US voter registration databases. While the data is typically available to the public for legitimate uses, it has been learned that a large quantity of voter databases are up for sale on the dark underground. The disclosure affects 19 states and is estimated to contain 35 million records. The databases include valuable personally identifiable information and voting history.
Facebook: Breach Impacted 30 Million, Not 50 Million (10/15/2018)
Facebook has backtracked on earlier statements, saying that the large-scale breach it disclosed in September has affected far less people than originally thought. The breach was the result of attackers exploiting a bug in Facebook's code that had been infiltrated between July 2017 and September 2018 and then used to launch a cyber assault. "We now know that fewer people were impacted than we originally thought. Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen," Guy Rosen, Facebook's VP of product management, said in a statement.
Facebook has backtracked on earlier statements, saying that the large-scale breach it disclosed in September has affected far less people than originally thought. The breach was the result of attackers exploiting a bug in Facebook's code that had been infiltrated between July 2017 and September 2018 and then used to launch a cyber assault. "We now know that fewer people were impacted than we originally thought. Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen," Guy Rosen, Facebook's VP of product management, said in a statement.