Oct 232018

Russell Pollard reports:

Around 400 people who picked up their prescribed medication from the Boots store on St Mark’s Road in Chaddesden, in early September, should be concerned, and should be asking some serious questions of Boots.

The original versions of their ‘prescriptions’ were lost from the store – the whereabouts of their personal data unknown. Copies had to be re-printed to fulfil the orders.

Boots did not to tell the affected customers. Why?

Boots were asked to comment on this breach of confidentiality. The official response was:

“At Boots UK, we are committed to protecting our customers’ privacy and data security. We are aware of our legal requirements, and abide by the data protection legislation and regulatory guidance.”

Read more on Derby News. Not only did they not notify customers, but it sounds like they threatened employees that any disclosure would lead to job repercussions.  Read the entire article and see what you think.

Oct 232018

J. D. Capelouto reports:

A Nigerian man was sentenced to five years and 11 months in prison on Monday for his role in an online scam that accessed the employee bank accounts of several colleges and universities, including some at Georgia Tech, federal prosecutors said Tuesday.

Olayinka Olaniyi, 34, was part of a “phishing” scheme that sent fraudulent emails that appeared to be from legitimate businesses to trick the recipients into providing personal information and passwords, according to officials.

Read more on AJC.

Oct 232018

Michael Liedtke reports:

Yahoo has agreed to pay $50 million in damages and provide two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the biggest security breach in history.

The restitution hinges on federal court approval of a settlement filed late Monday in a 2-year-old lawsuit seeking to hold Yahoo accountable for digital burglaries that occurred in 2013 and 2014, but weren’t disclosed until 2016.


Verizon will now pay for one half of the settlement cost, with the other half paid by Altaba Inc., a company set up to hold Yahoo’s investments in Asian companies and other assets. Altaba already paid a $35 million fine imposed by the Securities and Exchange Commission for the delay in disclosing the breach.

Read more on SFGate.

Oct 232018

A press release issued October 23. It does not indicate the number of patients affected by each of the two incidents or how the attacker(s) gained access to employee email accounts.

Children’s Hospital of Philadelphia (CHOP) is providing to the parents or guardians of some of its current and former patients notice of two recent email incidents, both involving health information.

The first incident, identified on August 24, 2018, occurred when an unauthorized user gained access to a CHOP physician’s email account on August 23, 2018. A second incident, uncovered on September 6, 2018, identified unauthorized access to an additional email account on August 29, 2018.

Once the unauthorized access was identified, CHOP immediately began an investigation with support from a leading forensic firm. The investigation determined that the email accounts contained some patient health information, which may have included patient name, date of birth, and clinical information related to neonatal and/or fetal care provided at CHOP or, in some instances, at the Hospital of the University of Pennsylvania (HUP). These incidents affected a limited number of mothers and babies and did not include the Social Security numbers or financial and credit information of any patients or their parents.

While CHOP is not aware of any actual or attempted misuse of patient information related to these incidents, on October 23, 2018, letters were mailed to patient families whose information was contained in these email accounts. Potentially affected patients are advised to carefully review the statements they receive from their health care providers. If they see services that were not received, they should contact their health care provider immediately.

CHOP takes this matter very seriously and to help prevent future incidents is taking significant measures to provide enhanced levels of security for its email system.

CHOP has established a dedicated call center for patients with questions at 1-800-643-9180, 9 a.m. to 6 p.m. Eastern Time, Monday through Friday. For those who have received neonatal and/or fetal care provided at CHOP or HUP, please visit the CHOP website at www.chop.edu for more information.

CHOP values the privacy and confidentiality of its patients and deeply regrets any concern or inconvenience these incidents may cause patients and their families.

About Children’s Hospital of Philadelphia: Children’s Hospital of Philadelphia was founded in 1855 as the nation’s first pediatric hospital. Through its long-standing commitment to providing exceptional patient care, training new generations of pediatric healthcare professionals and pioneering major research initiatives, Children’s Hospital has fostered many discoveries that have benefited children worldwide. Its pediatric research program is among the largest in the country. In addition, its unique family-centered care and public service programs have brought the 546-bed hospital recognition as a leading advocate for children and adolescents. For more information, visit http://www.chop.edu.

SOURCE Children’s Hospital of Philadelphia

Oct 232018

Zack Whittaker reports:

The website of the Saudi government’s upcoming Future Investment Initiative conference was hacked and defaced with images of the murdered Saudi journalist Jamal Khashoggi.

Several reporters tweeted screenshots of the site after its defacement, purporting to show Saudi crown prince Mohammed bin Salman — the kingdom’s de facto ruler — brandishing a sword. A portion of text on the site was replaced with an accusation the kingdom of “barbaric and inhuman action,” referring not only to the death of Khashoggi but also the government’s involvement in the ongoing offensive in Yemen.

Read more on TechCrunch.