May 262017

Brian Krebs reports:

Earlier this month, KrebsOnSecurity featured a story about a basic security flaw in the Web site of medical diagnostics firm True Health Group that let anyone who was logged in to the site view all other patient records. In that story I mentioned True Health was one of three major healthcare providers with similar website problems, and that the other two providers didn’t even require a login to view all patient records. Today we’ll examine a flaw that was just fixed by Molina Healthcare, a Fortune 500 company that until recently was exposing countless patient medical claims to the entire Internet without requiring any authentication.

Read more on KrebsOnSecurity.com

May 262017

UW Health says that 2,036 patients had information compromised after an employee’s email account was used by an unauthorized user.

UW Health says they learned on March 28, 2017 that a breach of information happened on March 16, 2017.

Officials say an unauthorized individual got access to an employee’s credentials and email account.

UW Health says they immediately started an investigation and disabled the account and password.

Read more on WBAY.

May 242017

Al Jazeera reports:

Qatar has begun an inquiry into a security breach by hackers who posted fake remarks on its national news agency’s platforms by its ruler purportedly criticising US foreign policy.

The incident comes just days after President Donald Trump met Gulf Arab leaders in Riyadh, Saudi Arabia.

“The Qatar News Agency (QNA) website has been hacked by an unknown entity. A false statement attributed to His Highness has been published,” a government statement early on Wednesday said.

Qatar will track down and prosecute the perpetrators, the statement said.

Read more on Al Jazeera.

May 242017

Katrina Butcher reports:

The City of Stillwater announced Wednesday that the information for about 3,000 people has been compromised after an unauthorized party had access to a city computer.

Officials say the unauthorized party had access to the computer for 22 days.

Records with personal information dating from March 15, 2015, to May 16, 2017, for people who were issued citations for violations of city ordinances (with the exception of parking tickets), were on the computer.

Read more on KFOR.

So what does this mean? Does it mean that someone actually bypassed code or does it mean that someone forgot to secure the computer and someone came along and helped themselves? It somewhat sounds like a hack, doesn’t it, until you get to:

The City of Stillwater notified law enforcement and the computer has since been secured.

May 242017

Stephen Joyce reports:

Target Corp. will pay $18.5 million to settle state enforcement actions over the retailer’s payment card hacking breach that affected as many as 60 million customers during the 2013 winter holiday shopping season, a coalition of 47 state attorneys general announced May 23.

The settlement capped an investigation led by Illinois Attorney General Lisa Madigan (D) and Connecticut Attorney General George Jepsen (D), and is the largest multi-state data breach settlement achieved ever, according to a statement from Madigan’s office.

Read more on Bloomberg BNA.