Slashgear: Hospitals, insurance companies leak more health data than hackers. “Hospitals, insurance firms, physician offices, and similar companies leak more personal health data than hackers, a new study has revealed. According to researchers with two major US universities, more than half of personal health data breaches resulted from problems with the medical providers themselves rather than an external force, such as hackers.”
BetaNews: Number of data breaches falls but 2018 is still set to be the second worst year on record. “In the final quarter of 2018, the number of reported breaches is down by eight percent and the number of exposed records is down around 49 percent, from seven billion in 2017. The latest Data Breach QuickView report from Risk Based Security shows that seven breaches exposed 100 million or more records with the 10 largest breaches accounting for 84.5 percent of the records exposed this year to date.”
Reuters: Data leak affects thousands of wealthy Moscow residents. “Thousands of wealthy Moscow residents who subscribed to a regional internet provider have had personal data including names, home addresses and mobile numbers posted online. People affected by the high-profile data leak are all clients of Moscow-based internet provider Akado Telecom, a large telecommunications network owned by billionaire businessman Viktor Vekselberg, which said it had opened an inquiry into the incident.”
BBC: Cathay Pacific data hack hits 9.4 million passengers. “Cathay Pacific says the personal data of up to 9.4 million passengers have been accessed in the latest security breach to hit the aviation industry. Passport numbers, email addresses and expired credit card details were among the data leaked.” I can’t tell from the story whether this is a data breach — data was accessed deliberately by a hacker — or a data leak, where an unsecured database was left online. I think it’s a breach.
CNET: Yahoo must pay $50M in damages for security breach. “Yahoo will have to pay $50 million in damages as part of a settlement following massive data breaches in 2013 and 2014. The settlement was filed Monday. In addition to paying $50 million, Yahoo will also have to provide at least two years of credit monitoring services for around 200 million people who had personal information such as names, email addresses and phone numbers stolen.”
Ars Technica: Hack on 8 adult websites exposes oodles of intimate user data. “A recent hack of eight poorly secured adult websites has exposed megabytes of personal data that could be damaging to the people who shared pictures and other highly intimate information on the online message boards. Included in the leaked file are (1) IP addresses that connected to the sites, (2) user passwords protected by a four-decade-old cryptographic scheme, (3) names, and (4) 1.2 million unique email addresses, although it’s not clear how many of the addresses legitimately belonged to actual users.”
AP: Hackers breach HealthCare.gov system, get data on 75,000. “A government computer system that interacts with HealthCare.gov was hacked earlier this month, compromising the sensitive personal data of some 75,000 people, officials said Friday.”