Bonum Certa Men Certa

Being Honest About Security Breaches

posted by Roy Schestowitz on Oct 08, 2023

Crochet Blanket In Progress

THE Web (or web) we weaved in nearly 37 years combined (adding the age of this site to its sister site's) is a very large web of nearly 300,000 page, which all reside on the same server now, served in static form without a visitor-accessible (as opposed to user-accessible) back end. Throughout these years there were no known security incidents and now we're extra secure because scripts are not reachable by visitors of the sites or their respective Gemini capsules.

The half dozen [1-6] or so stories below focus on security incidents (via DataBreaches), which are not only very very very costly [2] but involve elaborate cover-ups [1], implicating governments [3] and impacting companies profoundly [4]. They try to blame other nations [5] (not the holes) or downplay the issues [6] (blaming human error) though the net effect is the same.

During my (almost) 12 years at Sirius I witnessed several security breaches. As noted at the time in some videos and articles, those affected were not being notified. Even staff of Sirius was barely made aware at times. Sometimes clients were given a hint, but as far as I can tell, those further down the chain were left in the dark.

A culture of lousy managers in charge (liars without technical skills) is part of the problem. They only care how they're seen, not about people's safety or any sense of integrity.

Related/contextual items from the news:

  1. OrthoAlaska notifies 176,203 patients of breach. When was the breach?

    On October 12, 2022 — almost a full year ago — OrthoAlaska discovered unauthorized activity on their systems. On March 3, 2023, they learned that information on former employees was stored in the system. On April 3, 2023, they notified those affected.

    And that’s where things remained until September 22, 2023, when OrthoAlaska notified HHS that 176,203 patients were affected by a breach.

    Was this the same breach first discovered in October 2022? We do not know because there is no notice on OrthoAlaska’s website at this time.

  2. Data breach at MGM Resorts expected to cost casino giant $100 million

    The data breach last month that MGM Resorts is calling a cyberattack is expected to cost the casino giant more than $100 million, the Las Vegas-based company said.

    The incident, which was detected on Sept. 10, led to MGM shutting down some casino and hotel computer systems at properties across the U.S. in efforts to protect data.

  3. Citizen data leak: NID wing suspends access for suspected govt, pvt partner organisations

    The national identity registration wing of the Election Commission [of Bangladesh] has suspended data access to a number of its government and private partner organisations over suspicions of leaking citizens’ data online, while putting all of its 174 service recipient organisations under watch.

  4. Clorox Expects Double-Digit Sales Drop Following Cyberattack

    Household cleaning product giant Clorox said Wednesday that an August cyberattack had taken a big swipe out of the bleach maker’s sales and profits in the quarter that ended Sept. 30.

    The Oakland, California-based manufacturer maker expects organic sales to drop between 21% and 26% due to widespread disruption, order processing delays and product outages after the August cyberattack.

  5. North Korea Suspected in Massive Hack of DeFi Project Mixin (1)

    The massive breach of a decentralized finance project bears the hallmarks of a North Korean attack, according to a senior White House official.

    Mixin Network, which helps blockchains handle transactions more efficiently, said it had lost less than $150 million in a late-September attack. Originally the company estimated it lost $200 million but reduced it after a final inspection.

  6. NL Health Services Reveals Pediatrics Privacy Breach

    NL Health Services has another privacy breach on its hands.

    The news came quietly in a news release sent out just after 5:30 Friday evening.

    The breach is related to an email sent to the parents and guardians of 253 pediatric patients with diabetes.

    Officials say “the recipients of that email were inadvertently not blind copied,” allowing everyone on the list to see each other’s email addresses.

Other Recent Techrights' Posts

Patriotism is OK, But We Need Facts and Reason, Not Blind Obedience to Authority
Very seldom in the history of human civilisation has groupthink proven to be of real merit
Gemini Links 16/06/2024: Hand Held Maneuvering Unit and Hugo Static Files
Links for the day
Removing the Tumour From IRC
looking back
Windows Sinking Below 13% Market Share in the Island of Jamaica
Microsoft's decline continues and will mostly likely continue indefinitely in Jamaica and its neighbours
 
Letting Microsoft systemd Manage /home Was a Terrible Idea All Along
systemd-tmpfiles, deleting /home
When You Touch One of Us You Touch All of Us
We have a principled, uncompromising stance on this matter
Links 16/06/2024: New Sanctions Against Russia, Fentanylware (TikTok) Causing More Problems
Links for the day
Social Control Media in Japan: Twitter (X) Has Collapsed, YouTube Rising (Apparently)
What a genius Mr. Musk is!
Windows Cleansed in South Africa (Already Hovering Around 10% Market Share)
Plus Microsoft's mass layoffs in Africa
[Meme] Satya Nadella's Windows PC RECALLS Not What He Did
Satya got lucky
Usage of Let's Encrypt in Geminispace Has Collapsed (That's a Good Thing!)
Ideally, or eventually, all capsules will sign their own certificates or have their own CA
North Macedonia: Windows Down From 99.2% to 28.5%
Last year it was even measured at 26%
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 15, 2024
IRC logs for Saturday, June 15, 2024
[Meme] The Free(dom) Software Engineer in European Elections
“When the debate is lost, slander becomes the tool of the loser.”
Vista 11 Was 'Leaked' Exactly 3 Years Ago and This One Picture Says It All
how 'well' Vista 11 has done
A Smokescreen for Brad Smith
Maybe the key point was to say "Linux is not secure either" or "Windows and Linux are equally vulnerable", so don't bother dumping Microsoft
Links 15/06/2024: Microsoft's Intellectual Ventures Attacks Kubernetes With Software Patents, More Layoff Waves
Links for the day
Gemini Links 15/06/2024: On Lagrange and on YouTube Getting Worse
Links for the day
Edward Brocklesby: hacker received advance notice of zero-day vulnerabilities in MH and NMH email software
Reprinted with permission from Daniel Pocock
[Meme] Code Liberates Kids
Matthias Kirschner: I can't code, but I can write a book
In Armenia, Bing is Measured at 0.6%, About Ten Times Less Than Yandex
Bing will probably get mothballed in the coming years
[Meme] A Pack and Pact (Collusion Against Computer Users)
They never really cared about users, no more than drug dealers care about drug users...
GNU/Linux in Azerbaijan: From ~0.1% to 7%
Azerbaijan is around the same size as Portugal
Women in Free Software (FOSS) Need Action, Not Mere Words
the men who are loudest about women's rights are some of the very worst offenders
Embrace, Extend, Extinguish Minecraft
These folks should check out Minetest
Techrights Statement on Men Who Viciously Attack Women in Free Software
history shows women will win
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 14, 2024
IRC logs for Friday, June 14, 2024
[Meme] People Who Cannot Find Gainful Employment Because of Their Poor Behaviour Online (Not the People Who Merely Call Them Out on It)
Imagine trying to become a lecturer while talking like this in public
You Too Would Get Nervous
countries where Windows is down to 2%
[Meme] The Two Phases (and Faces) of Microsofters
Microsofters: stalk IRC, then troll IRC
The 'Nobody Reads Techrights Anyway' Crowd
Send In the Clowns
Books in the Making
I intend to spend a considerable amount of time explaining what my family and I were subjected to for the 'crime' of promoting/covering Free software
Microsoft is Still Losing Malta
And GNU/Linux is doing well on laptops and desktops
Tux Machines: Third Party Impending
There will be more next week
Links 14/06/2024: Microsoft Layoffs in the News Again, East-West Conflict/Tensions Update
Links for the day
Links 14/06/2024: Comments on the Death of Email and Lagrange Commentary
Links for the day
Dutch Government Appoints Microsofters to Combat "OSS Fetishism"
What corruption looks like
Microsoft's Collapse in Africa and Shutdown of Entire 'Development Centre'
Unlike what Microsoft claimed in face-saving statements
[Meme] Not Your Typical IRC Troll and Harasser
I say, let's punch nazis...
GNU/Linux's Journey in Qatar: From 0.1% to Over 3%
Windows is no longer an important contender there
Secret Contracts and Corpses
The media pretends it's just some generic "IT" issue, but it is not
Bing Has Run Out of Time and Microsoft Might Dismantle It (Save a Financial Miracle)
How much more of investors' money is Microsoft willing to throw in the trash?
Statement on Antisemitism in Our IRC Network and in Social Control Media
In an ideal world nobody would have to be banned from IRC
Gemini Links 14/06/2024: Ads vs. Content, Why Aliases Are Har
Links for the day
Vista 11 Has Fallen in Switzerland, a Country That is More Microsoft Friendly Than Most of Europe
GNU/Linux rose to its highest level there in almost half a decade
Microsoft is Dying in Africa
Based on the Central African Republic, which "is around the same size as France"
[Meme] Microsoft in Africa
Are you telling me Windows is now down to 1% 'market share' in some countries?
Management of the European Patent Office Misleads Staff on Views of the Office's Staff Committee
The EPO as a workplace very rapidly deteriorates
[Meme] Newer is Worse
"They say those are New Ways of Working (NWoW); New does not mean better, it is worse"
Microsoft Needs to be Banned From Contracts, Including Government Contracts, Not Just for Security Failings But for Criminal Negligence, Corruption, and Fatal Cover-ups
How many deaths will it take for Microsoft to face real, effective scrutiny rather than kid gloves treatment?
Links 14/06/2024: Violence, Famines, and Montana Has More Cows Than People
Links for the day
Microsoft Telecom Layoffs, Facebook Layoffs in Africa: A Month After Microsoft's Mass Layoffs in Lagos (Nigeria) Facebook/Meta Does the Same and Microsoft is Now Retreating and Quitting an Entire Sector! (Affirmed Networks and Metaswitch)
Disasters in the making for GAFAM. Money down the drain.
Papua New Guinea: GNU/Linux Growing, Windows Down Below 15%
it seems indisputable there's headway and momentum
"Planets" Cannot Replace Social Control Media, They're Very Much Akin to It (Censorship Hubs, Gatekeepers)
Don't be subjected to gaslighting; make your own OPML file
Topics That Truly Irritate and Consistently Infuriate the Microsofters (Whenever We Cover These)
Censoring uncomfortable information is a difficult activity that has its limits, even in Reddit
Honduras: Vista 11 Down, GNU/Linux Up
Valve sees GNU/Linux as bigger than Apple's MacOS
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 13, 2024
IRC logs for Thursday, June 13, 2024
LibrePlanet 2024 and the Lost Video/Audio of Talks
After the event was over someone informed us that due to technical issues they had lost (or failed to acquire) recordings of the talks
Choosing Between Options to Outsource to Evades the Best Solution (Self-Hosting)
Most users don't need this sort of complexity
IBM Layoffs at Kyndryl
This can soon spill over to Red Hat
Turkmenistan: GNU/Linux Leaps Past 5% This Month?
This is how statCounter sees it
Watch This Space
what matters most is not the volume or quantity of publications but their underlying depth and quality