Security News

More than half of all healthcare vendors have experienced a data breach that exposed protected health information, and it's a costly problem that points to broken third-party risk assessment processes, according to data released by the Ponemon Institute and Censinet. The report shows that 54 percent of healthcare vendors have experienced at least one data breach of protected health information belonging to patients of the healthcare providers they serve.

The U.K. Information Commissioner's Office has fined Cathay Pacific Airways £500,000 over a data breach that exposed the personal information of 9.4 million customers, including 111,000 British citizens, during a four-year period. A Cathay Pacific spokesman tells Information Security Media Group that the airlines cooperated with the ICO during the investigation and that it has taken steps over the last two years to improve its corporate security.

Leisure travel company Carnival Corporation has started informing customers of a data breach that occurred last year and which resulted in their personal information being accessed by a third-party. The company owns 10 global cruise line brands and a tour company, has a fleet of 102 ships visiting more than 700 ports around the world, and employs over 120,000 people.

Wireless carrier T-Mobile is sending notifications to its customers to inform them of a data breach that resulted in some of their personal information being compromised. Because some of these accounts contained account information for T-Mobile customers and employees, the attack essentially resulted in that data being accessed by a third-party.

More organizations are also taking additional steps to prepare beyond their data breach response plan. Integrating data breach response into business continuity plans.

Pharmacy store chain Walgreens has started informing some users of its mobile application that their personal and health-related information may have been seen by other customers. The Walgreens mobile application allows users to shop, refill their prescriptions, get pill reminders, consult a doctor or pharmacist via a live chat feature, print photos in stores, obtain rewards, and store coupons.

Slickwraps, a Kansas company that makes vinyl wraps for phones and other electronics, announced last week that it had suffered a data breach. This was a breach that earned the deep scorn of both the hacker - who was twice blocked by Slickwraps for reporting the vulnerability - and observers after some other hacker went ahead and exploited the company's vulnerable setup.

Britain's Financial Conduct Authority on Tuesday admitted to a data breach, in an embarrassing revelation for the regulator and its boss, who shortly takes over at the Bank of England. The FCA said it had mistakenly published the details of around 1,600 consumers who had complained about the regulator, which is tasked with overseeing the conduct of Britain's key financial sector, including any data breaches by banks for example.

The healthcare industry has significantly more exposed attack surfaces than any other industry surveyed, according to Censys's research findings of cloud risks and cloud maturity by industry, revealed at RSA Conference 2020. The healthcare industry showed significantly more exposed databases and more exposed remote login services.

Slickwraps, a company that provides protection solutions and accessories for phones, computers and other devices, has revealed that user data was compromised recently after a third party accessed an unprotected database left accessible from the Internet. The company did not provide specific information on the number of impacted users, but Troy Hunt, founder of data breach notification service Have I Been Pwned, says that 858,000 unique email addresses were compromised in the data breach.