Since I broke news of the Starbucks mobile pay / gift card /credit card attack last Monday, there has been some confusion about what the real risk is, who is to blame, and how to fix the problem. This is not unusual when a security issue arises with a large company that’s not offering a lot of detail about what’s going on.
Starbucks actually never denied that intruders had hijacked consumers accounts, and anyone can find victims complaining about just that with a few moment’s work, but some journalists seemed eager to clear Starbucks of any culpability in the issue. That’s unfortunate, because my email this week makes it clear that plenty of Starbucks customers are pretty angry at the way this issue has been handled, and many of them don’t appreciate being blamed for having their money stolen after they placed their trust in Starbucks.
The hospital system failed to “continuously implement the procedures and risk controls identified” in its insurance application, it states. The data breach was caused by its “failure to regularly check and maintain security patches on its system, its failure to regularly reassess its information security exposure and enhance risk controls, its failure to have a system in place to detect unauthorized access or attempts to access sensitive formation stored on its servers and its failure to control and track all changes to its network to ensure it remains secure among other things.”
When big-money NFL careers are at stake, the use of impact-measuring sensors in football helmets isn’t as routine as one might expect.
The NFL Players Association’s Mackey-White Committee, which spearheads player safety initiatives, spent considerable time discussing not only the potential health benefits of helmet sensors, but also the legal and ethical pitfalls that come with them in mid-April.
Committee members made it clear the NFLPA wants to pursue placing sensors in helmets as soon as the technology meets its standards. But the union also wants to ensure sensor data isn’t used in a way that infringes upon players’ medical privacy rights, or creates scenarios whereby careers are arbitrarily cut short by the teams for which they play.