Bonum Certa Men Certa

Being Honest About Security Breaches

posted by Roy Schestowitz on Oct 08, 2023

Crochet Blanket In Progress

THE Web (or web) we weaved in nearly 37 years combined (adding the age of this site to its sister site's) is a very large web of nearly 300,000 page, which all reside on the same server now, served in static form without a visitor-accessible (as opposed to user-accessible) back end. Throughout these years there were no known security incidents and now we're extra secure because scripts are not reachable by visitors of the sites or their respective Gemini capsules.

The half dozen [1-6] or so stories below focus on security incidents (via DataBreaches), which are not only very very very costly [2] but involve elaborate cover-ups [1], implicating governments [3] and impacting companies profoundly [4]. They try to blame other nations [5] (not the holes) or downplay the issues [6] (blaming human error) though the net effect is the same.

During my (almost) 12 years at Sirius I witnessed several security breaches. As noted at the time in some videos and articles, those affected were not being notified. Even staff of Sirius was barely made aware at times. Sometimes clients were given a hint, but as far as I can tell, those further down the chain were left in the dark.

A culture of lousy managers in charge (liars without technical skills) is part of the problem. They only care how they're seen, not about people's safety or any sense of integrity.

Related/contextual items from the news:

  1. OrthoAlaska notifies 176,203 patients of breach. When was the breach?

    On October 12, 2022 — almost a full year ago — OrthoAlaska discovered unauthorized activity on their systems. On March 3, 2023, they learned that information on former employees was stored in the system. On April 3, 2023, they notified those affected.

    And that’s where things remained until September 22, 2023, when OrthoAlaska notified HHS that 176,203 patients were affected by a breach.

    Was this the same breach first discovered in October 2022? We do not know because there is no notice on OrthoAlaska’s website at this time.

  2. Data breach at MGM Resorts expected to cost casino giant $100 million

    The data breach last month that MGM Resorts is calling a cyberattack is expected to cost the casino giant more than $100 million, the Las Vegas-based company said.

    The incident, which was detected on Sept. 10, led to MGM shutting down some casino and hotel computer systems at properties across the U.S. in efforts to protect data.

  3. Citizen data leak: NID wing suspends access for suspected govt, pvt partner organisations

    The national identity registration wing of the Election Commission [of Bangladesh] has suspended data access to a number of its government and private partner organisations over suspicions of leaking citizens’ data online, while putting all of its 174 service recipient organisations under watch.

  4. Clorox Expects Double-Digit Sales Drop Following Cyberattack

    Household cleaning product giant Clorox said Wednesday that an August cyberattack had taken a big swipe out of the bleach maker’s sales and profits in the quarter that ended Sept. 30.

    The Oakland, California-based manufacturer maker expects organic sales to drop between 21% and 26% due to widespread disruption, order processing delays and product outages after the August cyberattack.

  5. North Korea Suspected in Massive Hack of DeFi Project Mixin (1)

    The massive breach of a decentralized finance project bears the hallmarks of a North Korean attack, according to a senior White House official.

    Mixin Network, which helps blockchains handle transactions more efficiently, said it had lost less than $150 million in a late-September attack. Originally the company estimated it lost $200 million but reduced it after a final inspection.

  6. NL Health Services Reveals Pediatrics Privacy Breach

    NL Health Services has another privacy breach on its hands.

    The news came quietly in a news release sent out just after 5:30 Friday evening.

    The breach is related to an email sent to the parents and guardians of 253 pediatric patients with diabetes.

    Officials say “the recipients of that email were inadvertently not blind copied,” allowing everyone on the list to see each other’s email addresses.

Other Recent Techrights' Posts

Traf-O-Data, the Company That Jeffrey Epstein's BFF (Bill Gates) (Co)Founded 53 Years and Went Out of Business Due to Heavy Losses
Who will die first, Bill or Microsoft?
A Note on SimilarWeb
Or why SimilarWeb is meaningless for more than 99% of the sites on the Web
IBM Said to be Shutting Down Offices or Sites in the United States
the press can no longer avoid admitting that IBM moves many jobs to India
LLM Slop as Attack Vector on the Reputation of Linux
The attacks on Linux have escalated to information warfare
 
Links 04/04/2025: LLM Slop Bubble Bursting and Korea Music Copyright Association Bans Slop 'Music'
Links for the day
Why Microsoft's Shares Sank Almost 20% in Recent Months (the Bubble is Imploding)
verified press reports from the past 24 hours
GNU/Linux Rises to Almost 5% in Algeria While Windows Sinks to All-Time Low
GNU/Linux grew tenfold
Where to Get More Gags
A valued reader recommended that to us
Links 04/04/2025: Tech Stock (Inc. GAFAM) Fall, Google Pretends to Do End-to-End Encrypted Emails (With Google in Control)
Links for the day
To Participate in Fedora Diversity You Must Use Proprietary Software
Not for the first time either
Yandex About to Be Three Times Bigger Than Microsoft (Bing) in Asia
That's about 60% of the world's population
Gemini Links 04/04/2025: Decoupling Updates, Elaho as Gemini Client
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 03, 2025
IRC logs for Thursday, April 03, 2025
Microsoft's Trouble in Africa and Asia
A new all-time high for GNU/Linux
Brett Wilson LLP Reported to the Solicitors Regulation Authority (SRA)
The saddest thing in all this is that law firms can maintain high standards shall they wish to
Links 03/04/2025: Tariff Pains and C.D.C. Cuts
Links for the day
StatCounter: Microsoft is Masking a Disaster, It's Way Behind DeepSeek Already and Interest in LLMs Has Waned
it turns out the money "raised" for "Open" "AI" may not even exist at all
Links 03/04/2025: SoftBank Money for Microsoft "Open" "AI" Probably Doesn't Even Exist, Wikimedia Foundation Blasts LLM Nuisance While Microsoft Admits Demand Has Shrunk
Links for the day
Gemini Links 03/04/2025: Patch Panel and Pictures
Links for the day
Islamic Republic of Iran: GNU/Linux at All-time High This Month, Windows Falls to 12%
Vista 10 is up this month despite being "end of life" (EoL) soon
Indonesia: All-Time Highs for GNU/Linux
What's noteworthy right now is the growth of GNU/Linux
statCounter Says GNU/Linux Usage is Up Again (Internationally)
some preliminary April data
Only on April 1st Can the Free Software Foundation Associate With Microsoft's Open Source Initiative (OSI)
We saw some pranks that day linking the FSF to Microsoft (e.g. "endorsing" Windows)
Confirmed in the Mainstream Media: A Lot of Microsoft "Workloads" Were Just LLM Slop (Helping to Fake Growth for Years, as Microsoft Had Paid "Open" "AI" to Become a "Client") and Demand is Rapidly Waning, Datacentres Canceled and/or Shut Down
Anything to facilitate further accounting fraud
Taiwan's Media Covers Closure of Microsoft's "AI" Lab, It's Time to Talk About the Gradual Death of Windows and Implosion of the "AI" Bubble
Earlier this week we showed that mostly Asian media had the 'nerve' to mention Microsoft silently shutting down its 'AI' lab
IBM Gets Rid of Kelly Chambliss as Mass Layoffs Reported in IBM Consulting, IBM Loses Key Contracts/Graft
IBM Consulting has been in disarray lately
More Gains for GNU/Linux, Based on Web Surveys
the Steam site shows rapid growth for "Linux" this month
Slopwatch: Anti-Linux Articles, Not Even Written by Humans
Why aren't Web sites more vocal about this problem?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, April 02, 2025
IRC logs for Wednesday, April 02, 2025
Links 03/04/2025: Apple Fined Over Secret Surveillance, "Elegant Writer For A More Civilized Age"
Links for the day
Gemini Links 02/04/2025: Books and Cold Tea
Links for the day
Links 02/04/2025: More Layoffs, Nokia Again Takes Advantage of Illegal and Unconstitutional Patent Court With Nokia Staff as 'Judges'
Links for the day
Links 02/04/2025: Seizures and Returns to Windows of 24 Years Ago
Links for the day
LLM Slop Helps Obscure and Distort News About Layoffs (IBM, GAFAM)
It's hard to find accurate information
Links 02/04/2025: Microsoft Developers Are Threatening to Go on Strike, World Backup Day Noted
Links for the day
Gemini Protocol Has Growing Appeal (the Web Got Too Bloated and Full of LLM Slop)
For any "data plan" with bandwidth limits or "tiers" it would be cheaper to use/browse Geminispace
The Web Can Survive LLM Slop, But Only If We Collectively Shun and Discourage Serial Sloppers
Doing nothing ought not be a possibility
Amid Secret Shut-downs and Mass Layoffs at Microsoft (4 Waves of Layoffs in 3 Months of 2025) Some Microsoft Staff Expected to Go On Strike
workers going on strike
Gemini Links 02/04/2025: No more on Mastodon and Gemini Mention Script in Go
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, April 01, 2025
IRC logs for Tuesday, April 01, 2025
My Motion Disbarring or “Striking Off” Brett Wilson LLP for Enabling Violent Americans Who Try to Crush Microsoft Critics in the United Kingdom by Multiple SLAPPs
"Guns for hire" (for Microsoft people who received Microsoft salaries)
The U.S. Patent and Trademark Office Hijacked Again by Patent Litigation Industry, as President Cheeto Prioritises Aggressors
The "mafia" has taken over the "industry" and the Federal system (justice and constitutions trampled upon)
Ubuntu Slop and FUD Manufactured With LLMs and Funded (by Oneself) 'Studies'
Slop and FUD are ruining the Web