Jan 152018
 
Vic Micolucci reports on yet another case where records with personally identifiable information are left behind – and then disposed of improperly – when a business closes:

Hundreds of pages of personal information, including credit card numbers and Social Security numbers, were found in a Jacksonville dumpster behind a business on San Juan Avenue and Blanding Boulevard……. The documents include check numbers, banking account numbers, credit card numbers, and Social Security numbers.

[…]

The common denominator on the papers was a company called H&P Capital.

Read more on News4JAX.

So the owner of the company that moved into that space found boxes of documents in the attics and hired someone to get rid of them. The new owner didn’t check to see whether the documents contained identity information, and merely arranged for T-N-T Movers to get rid of the all the papers.

But what does a job order to get rid of cartons of papers translate to? Does it mean that the contract is satisfied if the cartons are dumped in a nearby dumpster? Do the documents need to be shredded or pulped?

And how is any of this the new owner’s responsibility or the moving company’s responsibility? It was – and should have remained – the responsibility of H&P Capital. Did News4Jax I-Team try to track down the owners of H&P Capital? It’s not like the state would actually do anything, but let’s keep the responsible parties accountable. Yes, it would have been nice if the new owner and/or movers noticed the problem, but when all is said and done, this goes back to H&P Capital.

Update: A little searching on my part revealed that the President of H&P Capital while it was at the 7960 Baymeadows address in Jacksonville was one Noel Pooler. Further, H&P Capital and Noel Pooler appear to have been sued a number of times over collection practices.

 

Jan 142018
 

Laura Donnelly reports:

The medical records of British cancer victims have been handed to a controversial American firm working for one of the world’s biggest tobacco companies, the Daily Telegraph can reveal.

The data covering almost 180,000 patients – every case of lung cancer diagnosed in England over a four year period – was given by health officials to a firm which has acted to cigarette giants Philip Morris International for almost three decades.

It is feared the company could use the anonymised data in legal cases minimising the dangers of smoking, or fighting regulation.

The sensitive information, taken from NHS records, was taken without the consent of any of the cancer sufferers or their families.

Read more on The Telegraph (subscription required).

Jan 132018
 

There are reports tonight that Blackwallet has been the victim of a  DNS hijack.

Looking at the wallet in question, it shows a large number of deposits over the past day, with dozens within the past 6 hours alone.

 

Jan 132018
 

Nicole Perlroth and Mike Isaac report:

“Hello Joe,” read the November 2016 email from someone identifying himself as “John Doughs.” “I have found a major vulnerability in Uber.”

The email appeared to be no different from other messages that Joe Sullivan, Uber’s chief security officer, and his team routinely received through the company’s “bug bounty” program, which pays hackers for reporting holes in the ride-hailing service’s systems, according to current and former Uber security employees.

Yet the note and Uber’s eventual $100,000 payment to the hacker, which was initially celebrated internally as a rare win in corporate security, have since turned into a public relations debacle for the company. In November, when Uber disclosed the 2016 incident and how the information of 57 million driver and rider accounts had been at risk, the company’s chief executive since August, Dara Khosrowshahi, called it a “failure” that it had not notified people earlier. Mr. Sullivan and a security lawyer, Craig Clark, were fired.

Read more on The New York Times. They have also uploaded the email bounty exchange here.

Jan 132018
 

Chris Opfer writes:

Six years after Shane Enslin left his repairman job at a Coca-Cola distribution plant in Pennsylvania, the company told him that his Social Security number and other personal information might have fallen into the wrong hands. A few months later, a declined credit card upended his family vacation. Then came a third unfortunate surprise for Enslin: A federal judge in Pennsylvania ruled that Coca-Cola wasn’t obligated to safeguard his data, which Enslin believes identity thieves used to ring up thousands of dollars in unauthorized purchases.

“This is the company that protects the world’s greatest secret, the formula for Coke,” Donald Haviland, Enslin’s attorney, told Bloomberg Law. “And yet somehow they can’t stop some knucklehead from walking out the door with hundreds of laptops.”

Enslin is appealing the decision, arguing that Coca-Cola should be on the hook because a company tech worker stole computers with his information on them. A similar ruling, in which a state court said University of Pittsburgh Medical Center isn’t liable for a data hack in which fraudsters used UPMC worker information to file false tax returns, is also on appeal.

That’s a great quote from Enslin’s attorney. 🙂

Read more on Bloomberg Law.