WXYZ reports:
Michigan State University is
confirming that someone breached a database that contains around 400,000
records containing personal information.
The breach happened on November
13.
According to MSU, that
information “included names, Social Security numbers, MSU identification
numbers, and in some cases, date of birth of some current and former students
and employees. It did not contain
passwords, financial, academic, contact, gift or health information.”
MSU says they have confirmed
that 449 of records were accessed, before the records were taken offline
within 24 hours of the breach.
Read more on WXYZ.
NBC reports
that those affected include “faculty, staff and students who were employed
by MSU between 1970 and November 13, 2016, or were students between 1991 and
2016.”
The joys of mismanagement never end.
Banking Regulator Imposes New Restrictions on Wells Fargo
The federal government has put Wells Fargo & Co. on a much tighter
leash, requiring the firm’s banking unit to seek approval before making a wide
range of business decisions, after a regulator revoked key portions of a
two-month-old settlement in the company’s sales scandal.
… The bank is now
banned from offering departing executives “golden parachute” payments,
according to the statement from the Office of the Comptroller of the Currency,
and it must get the OCC’s permission before it changes its business plans,
hires or fires senior executives, or revamps its board of directors.
Well, that didn’t take long.
Joël Valenzuela reports:
The U.S. government is seeking
the identity of Coinbase users for tax purposes, sparking fears that Bitcoin’s
anonymity may be compromised.
According to a legal summons filed in the Northern California District Court,
the U.S. Internal Revenue Service (IRS) seeks to identify several Coinbase
users and their financial activity, based on evidence that they may have
violated U.S. tax laws:
Read more on Cointelegraph.
“Just do it. We can
worry about that security and privacy stuff later.” Another example of an organization that can’t
hear warnings!
Bay Sleep Clinic (BSC) has more
than one dozen locations in California offering sleep medicine diagnostic
services. Their site advertises that
BSC:
Provides monitoring during a
complete sleep cycle in our fully equipped, comfortable setting.
That monitoring appears to include video monitoring of
their patients who, after being wired up to monitors, attempt to sleep in one
of their rooms. Unfortunately, the video
monitoring was viewable by anyone and everyone because BSC (or whoever was
responsible for securing the system) did not properly secure one of its Axis
cameras. As a result, anyone could view
one of their rooms on insecam.org.
Yesterday morning, DataBreaches.net was contacted by an
individual who had discovered the problem but did not want to get involved in
making any notification. After verifying
his report that there was a problem and that the IP address belonged to BSC, DataBreaches.net called BSC, but was only able to
leave a message in their general voicemail system. Getting no response after several hours, DataBreaches.net called again, playing
voicemail lottery to try to get any person who might connect me with their
HIPAA privacy officer. Sadly, that call,
too, ultimately went to another voicemail box. Despite tagging the message as “urgent,” there
was no call back.
This morning, DataBreaches.net
sent an email to the clinic. That may
have done the trick, as the cam is now no longer viewable publicly. DataBreaches.net has no information indicating
whether any other cameras of theirs were, or are, also viewable online.
DataBreaches.net has yet to hear back from Bay Sleep Clinic,
so we have no information as to how this happened, for how long patients were
publicly viewable during their sleep studies, and whether BSC intends to
notify its patients, the California Department of Public Health, and/or
HHS.
This post will be updated if a response is received.
Update: DataBreaches.net received a call
from BSC’s external counsel a little while ago. Unless they decide to give me a formal
statement, I will not try to summarize my entire conversation with their
counsel, other than to note that he suggested that it was inappropriate or
unethical to upload patient images, even redacted ones. After giving it some thought, I decided to
remove the redacted screenshots. My
intention is to inform and to improve security for patient data, not to add to
others’ woes.
Amusing? Depends
where you live I guess.
Map: Social Media Monitoring by Police Departments, Cities,
and Counties
One of the year’s top stories, according to my students.
… It’s not yet
clear exactly what the issue was with the Galaxy Note 7. The company has blamed “a very rare manufacturing process error” which caused the
anode and cathode to come into contact. Further
investigations are underway.
Is this because customers should never get free services
or because some campaign contributors don’t want to have to compete with this?
Dems question FCC on data-free apps
… Seven Democratic
senators targeted the so-called "zero-rating" in a letter to FCC Chairman
Tom Wheeler, warning of stifled innovation and other issues if the FCC doesn't
act.
“Without proper oversight and enforcement action,
zero-rating can discriminate against certain services, potentially distorting
competition, stifling innovation, and hampering user choice and free speech,”
they wrote.
“When ISPs, not the consumer, choose online winners and
losers, the very core tenants of net neutrality could be disrupted," the
letter added.
A challenge for my IT Governance students. Nothing happens until the customer start to
use your service.
The Virtual Business Process: A Dilemma
The entire telecom industry is coming to terms with the
reality that existing business models are changing dramatically in the
virtualization era, but there are strong indications lately that this process
is proving problematic for network operators and their vendors alike.
For example, John Isch, director of the Network and Voice
practice for Orange
Business Services in North America, mentioned in a radio show with our
sister site Telco Transformation you
can hear in its entirety here, that one of the challenges to the Orange
network-as-a-service initiative is getting vendors
to accept an on-demand pricing scheme for software licenses of the
virtual network functions (VNFs) it delivers to customers.
… "In this
new environment, I don't want the VNF provider to start charging me -- Orange
-- for the use of that VNF until a customer turns it up," he said. "When
the customer pushes the button, that's when the VNF provider starts charging us
and we start charging the customer. If
the customer turns it off, all that stops."
Perspective.
Another look at a changing world.
How Platforms Will Disrupt the Future of Media and
Entertainment
… To put this in context, more than 20 years ago, the only
outlet for individuals to broadcast their own personal and local interests was
to use public access television channels or write letters to newspaper editors.
But today, we hold a lot more power as broadcasters
using digital outlets like Facebook Live, Twitter, Instagram and Snapchat. And for good reason. The old definition of broadcast and
entertainment was simplistic: Content mainly came from the establishment and
sent in one direction, to us. But that
reality is changing as the media and entertainment and industries are being
turned upside down and outside in.
They’re serious? Have
we gone completely bonkers?
TSA: Keep grandma’s gravy at home but the turducken can fly
From the TSA: “Gravy is sadly prohibited from carry-on
bags unless you pack it in accordance with our liquid polices mentioned above. You can also pack it in your checked baggage.”
Gravy as well as cranberry sauce for that matter fall
under the sometimes mysterious “Liquid Rules”
which basically states that you’re “allowed to take as many 3.4 ounce or
smaller sized containers that will fit in one sealed, clear, quart-sized
zip-top bag – and one bag per person.
Every Saturday…
Hack Education Weekly News
… Deregulation of for-profits
is “likely,” Inside
Higher Ed reports.
… Via
Chalkbeat: “Flooded with questions after Trump win, Denver Public Schools
produces immigration fact sheet.”
… Via
abc.net.au: “Queensland children as young as four will
learn coding and robotics as a compulsory part of their education from next
year.”
… Via
Inside Higher Ed: “IBM picks Blackboard
and Pearson to bring the technology behind the Watson computer
to colleges and universities.”
… Via
Politico: “The average incarcerated adult in the U.S.
scores so low in the ability to understand and work with numbers – numeracy
skills, in research parlance – that they lag behind the unemployed, according
to a report released today by the National Center for Education Statistics. The report looks at the educational background
and work history of prison inmates. It
finds that greater percentages of incarcerated adults scored at the lowest
levels of proficiency in literacy and numeracy skills when compared to the
overall U.S. population.”