DC Health Link Violation Update. Marketing or Monitoring? UNC inadvertently discloses employee tax records.

At a Glance.DC Health Link Violation Update.Marketing or Surveillance?UNC Accidentally Disclose Employee Tax Records.DC Health Link Violation Update.

As we discussed last week, the personally identifiable information of members and employees of the US House of Representatives was disclosed in a breach involving DC Health Link, the health insurance marketplace in the District of Columbia. It was initially unclear how many people were compromised in the incident, but on Friday the DC Health Benefit Exchange Authority announced the death toll exceeded 56,000, the New York Times reports. It’s unclear how many of those affected are members of Congress, but DC Health Link serves about 11,000 members of Congress and their staff. CBS58 reports that CNN received an email from the Senate Sergeant-at-Arms detailing what data was stolen, and it’s worse than initially thought. Both Senate members and staff were affected, and the compromised data includes names, social security numbers, dates of birth, health plan information, and other personal information such as residential addresses, phone numbers, email addresses, ethnicity, and citizenship status. WTOP News notes that DC Health Link released an official statement to members on Friday saying it was conducting a third-party investigation and that it was working with law enforcement and the Federal Bureau of Investigation. The statement continued, “We recognize the seriousness of this incident and have reached out to affected participants to provide three years of free identity and credit monitoring to all three major credit reporting agencies.” Axios adds that a hacker, who goes by the name “Denfur” sells a database he claims is related to a breach and has posted it on what CheckPoint Research calls the “largest English-language dark web hacking forum ” names. The price is only a few dollars, and Denfur expressed his political leanings by signing his post Glory to Russia! Sergey Shykevich, Threat Intelligence Manager at Check Point Research stated, “Such valuable information will be in high demand on the dark web and in the wrong hands can lead to significant downstream consequences.”

READ :  8 Best Lightweight Android Emulators for Windows PC (2023)

Marketing or Monitoring?

Chinese apparel retailer SHEIN faces consequences for a data breach in 2018. New York State Attorney General Letitia James alleges that the fast fashion retailer’s then-parent company Zoetop failed to detect the breach due to weak security measures and that the company was dishonest in handling the incident. James said: “[P]Personal data was stolen and Zoetop tried to cover it up. There is no trend in not protecting consumers’ personal data and lying about it. SHEIN and [sister brand] ROMWE needs to tighten its cybersecurity measures to protect consumers from fraud and identity theft.” A 2022 court ruling in New York resulted in a relatively modest fine of $1.9 million. Now, Naked Security reports, researchers at Microsoft have released a retrospective analysis of version 7.9.2 of SHEIN’s Android app from early 2022, revealing that SHEIN added code to the app that essentially turned it into a marketing spyware tool has turned. By stealthily collecting price and URL data from users’ clipboards, it gathered information about users’ shopping activities. The app has since been updated several times, and Google responded by beefing up Android’s clipboard handling code, but the revelation shows that Google Play apps, even the vetted and approved ones, could use dubious marketing tactics to steal user data collect.

UNC inadvertently discloses employee tax records.

The University of North Carolina (UNC) at Chapel Hill has announced that it inadvertently disclosed sensitive employee information in January when administrators inadvertently sent approximately 1200 Type 1099 tax forms to the wrong recipients. According to the US school, multiple forms were accidentally placed in individual mailing envelopes, meaning some recipients received forms for other employees in addition to the correct form. UNC media relations told News & Observer that on February 28, about a month after the university discovered the error, letters of notification were sent to the individuals and organizations that may have been affected. So far, no misuse of the disclosed data has been detected, and the school says it has “implemented updated processes, technical improvements and staff training to prevent something like this from happening again”.

READ :  How to clear your Android phone cache