A small business concern. Large organizations
should question requests like this. Why would a CEO request a
spreadsheet like this? More likely, one of his subordinates would
create the spreadsheet and explain it to him.
Magnolia
Health Corporation in Tulare, California has begun
sending out notification letters after someone impersonated their CEO
and “using what appeared to be his email address,” obtained
personal information for all active employees of the corporation and
each of the facilities managed by MHC [Twin
Oaks Assisted Living, Inc., Twin Oaks Rehabilitation And Nursing
Center, Inc., Porterville Convalescent, Inc., Kaweah Manor, Inc.
and Merritt Manor,
Inc.].
The notification to employees does not explain
whether the criminal acquired control of the CEO’s email account or
just faked an address that looked remarkably similar.
DataBreaches.net has sent an inquiry to MHC asking about that.
The breach occurred on February 3, but was not
detected until February 10.
The personal information disclosed was in the form of an Excel spreadsheet that contained the following identifying information for each person: Employee Number, Name, Address, City, State, Zip, Sex, Date of Birth, Social Security Number, Hire Date, Seniority Date, Salary/Hourly, Salary/Rate, Department, Job Title, Last Date Paid, and [name of applicable] Facility.
MHC reported the matter to law enforcement, but as
of the time of the notification
letter dated February 12, they did not know the identity of the
individual(s) responsible for the breach.
Affected employees were
offered one year of complimentary enrollment in Experian’s
ProtectMyID service. Given the nature of this attack, it seems clear
that the criminal(s) were intent on getting personal information for
misuse, so I’m not sure a one-year enrollment will be satisfactory
to employees, but we’ll see, I guess.
According to the
metadata for MHC’s submission to the California Attorney General’s
Office, 563 California residents were affected by the breach.
How did this not come up in testing? Oh, yeah, we
forgot to test with a full Mac system.
Fury after
Adobe Creative Cloud deletes files
After customers updated Creative Cloud, it
accessed their hard drive and deleted the first folder that appeared
in alphabetical order.
Due to file-naming conventions on Mac computers,
the bug often deleted hidden system folders or data backup files.
… The problem came to light on Thursday after
Backblaze, which makes data backup software, started receiving
hundreds of support requests from its customers.
… In a statement, Adobe said: "On the 12
Feb we were notified
that some customers had an issue with an update to the Creative Cloud
Desktop application.
"We removed the update from distribution and
deployed a new one which addresses the issue."
“We're the government. Spending money with no
hope of success is what we do best.”
FBI Seeks
$38 Million Infusion To Gather Advanced Encryption-Busting Tools
… according to the agency's 2017 budget
request, the FBI is seeking another $38.3 million (on top of $31
million already appropriated) to "develop and acquire tools for
electronic device analysis, cryptanalytic
capability, and forensic tools."
… To further its efforts, the FBI hides behind
the guise of battling terrorism, even though it's been proven time
and time again that encryption has had little or no effect on major
terrorist acts (no encryption was used to orchestrate the Paris
attacks in November, for example). Regardless of that, the FBI is
going to continue feeding money to the anti-encryption beast
Perspective.
What voters
want in a president today, and how their views have changed
No comments:
Post a Comment