Adobe Breach Leads RoundupUser Forum Compromised; Hospital Breach Affects 14,000
In this week's breach roundup, software company Adobe has confirmed that its ConnectUsers.com website has been compromised by an unauthorized third party. Also, Women & Infants Hospital, which has facilities in Rhode Island and Massachusetts, is notifying about 14,000 patients about a breach involving the loss of unencrypted backup tapes.
See Also: The Global State of Online Digital Trust
Adobe Shuts Down Site Following Breach
Software company Adobe confirmed that its ConnectUsers.com website was compromised by an unauthorized third party. It took the site offline following news that a hacker posted user information onto information-sharing site Pastebin.
ConnectUsers.com is a forum for the latest resources on Adobe Connect, a web-conferencing service.
To protect users of the forum, Adobe is resetting passwords for site members. It will reach out to them with instructions on how to set up the new passwords once the website has been restored.
The alleged Egyptian hacker, known as ViruS_HimA, claimed on Pastebin that he compromised Adobe servers and took 150,000 e-mails and passwords. The data, the hacker alleges, contains e-mails and passwords for customers including the U.S. Military, Google, NASA and colleges and universities.
"Adobe is a very big company, but they don't really take care of ... security issues," the hacker wrote in his Pastebin message.
Missing Tapes Compromise Health Info
Women & Infants Hospital, which has facilities in Rhode Island and Massachusetts, is notifying about 14,000 patients that their ultrasound images and personal data were compromised after two unencrypted backup tapes went missing.
The backup tape for the Rhode Island location contained ultrasound images dating from 1993 to 1997, and included patient names, dates of birth, dates of exams, physicians' names and, in some cases, Social Security numbers, according to a statement posted on the hospital's website.
The backup tape for the Massachusetts location contained ultrasound images dating from 2002 to 2007, and included the same sensitive information as the compromised tape in Rhode Island.
Affected individuals are being offered free credit monitoring services for one year. As a result of the incident, the hospital has reviewed its policies and procedures and has enhanced its backup tape receipt and storage practices, according to a spokesperson from the organization.
UK Google Compare Vulnerability Identified
A vulnerability in Google's UK vehicle insurance aggregator Google Compare has compromised information on an undetermined number of individuals, according to news reports.
The flaw, which was made known to news outlet The Register by an anonymous source, can expose personal information by simply editing a motor insurance proposal form that is sent to customers after Google Compare sends an application form to numerous underwriters and then sends back details and quotes.
The source of the compromise is third-party software operated by insurance and financial specialist SSP, according to news reports. Google said it was working with SSP to address the issue.
It's unclear if the flaw has led to any instances of identity theft.
Gaming Company Hit with Class Action Suit
Gaming company Blizzard Entertainment, publisher of the popular game World of Warcraft, has been hit with a class action lawsuit following a reported breach in August that affected gamers worldwide.
The breach compromised gamers linked to the company's North American servers, exposing their e-mail addresses, security question answers, cryptographically scrambled passwords and other authentication information.
The lawsuit was filed by law firm Carney Williams Bates Pulliam & Bowman "on behalf of millions of American customers who have been harmed by Blizzard's negligent and deceptive practices related to its customers' account security," according to a press release.
The suit was filed in the Central District of California. It alleges that the company failed to disclose to customers that additional products must be acquired after buying the games to ensure the security of information stored in online accounts that are requisites for playing. "This deceptive upselling, coupled with Blizzard's negligence in maintaining proper security protocols, compromised millions of customers," the press release said.
Blizzard, in a statement to Game Informer magazine, said the suit is "without merit and filled with patently false information, and we will vigorously defend ourselves through the appropriate legal channels."
Card Breach at Hospital Gift Shop
Aultman Hospital in Canton, Ohio, has confirmed a data breach at its gift shop that compromised credit card and debit card information.
The breach occurred between February and September 2012, when an unidentified third party gained access to the information, according to a press release.
Aultman notified local law enforcement and the Secret Service, and also replaced hardware that was affected during the incident. The organization also hired a forensics auditor to assist with the investigation.
The hospital is unsure how many individuals were affected, but says the breach is limited to the gift shop. Aultman is working with credit card companies so the appropriate card holders can be notified.