At a glance.
- Kansas hospital discloses breach impacting over 50,000 individuals.
- US court says CFAA does not apply to data scraping.
- US startup allegedly demonstrates surveillance technology with unprecedented reach.
Kansas hospital discloses breach impacting over 50,000 individuals.
Newman Regional Health, based in the US state of Kansas, has disclosed a data breach in which hospital email accounts were compromised for nearly a year, resulting in the exposure of the data of 52,000 individuals, Infosecurity Magazine reports. The threat actor had access to the accounts from January 2021 until November of the same year, and the exposed data included patient names, medical record numbers, birth dates, email addresses, phone numbers, street addresses, treatment details, and employee data. Newman adds that "A limited group of individuals may have Social Security number or financial information affected.” Law enforcement authorities have been notified and impacted individuals are being contacted via email.
US court says CFAA does not apply to data scraping.
The US Court of Appeals for the Ninth Circuit has determined that the Computer Fraud and Abuse Act (CFAA) doesn’t prohibit companies from scraping publicly available information on the web, a landmark ruling given online platforms have relied on the CFAA to attempt to limit data scraping on their sites. The court ruled employment social media platform LinkedIn could not use the CFAA to prevent hiQ Labs, a data analytics company, from scraping data made publicly available in Linked in member profiles, stating that the scope of the CFAA is limited to computers that require default access permission. The Ninth Circuit determined that "giving companies such as LinkedIn free rein to decide, on any basis, who can collect and use data…risks the possible creation of information monopolies that would disserve the public interest." Mondaq notes that the decision is just the most recent ruling that questions the limitations of the CFAA, but the court did note that companies could have other legal routes to try to control data scraping, such as state trespassing laws and chattel claims.
US startup allegedly demonstrates surveillance technology with unprecedented reach.
The Intercept offers an in-depth investigation into claims that US cell phone location-tracking technology firm Anomaly Six (A6) and social media surveillance provider Zignal Labs were in talks with the US government to create surveillance systems that would allow officials to keep tabs on Russian forces at the Ukrainian border and Chinese nuclear submarines. What’s more, the allegations assert that A6, in an effort to demonstrate the tech’s capabilities, hacked the cellphones of the National Security Agency and Central Intelligence Agency and presented the results during a sales pitch. According to an anonymous source, A6 claims it can track approximately 3 billion devices in real time, or about one-fifth of the world’s population. Zignal Labs has access to Twitter’s “firehose” data stream, allowing the company to view hundreds of millions of tweets a day and combined with A6’s powers, government and corporate clients could have unprecedented surveillance capabilities. The firms could provide their powerful surveillance services to any customer – government or civilian – willing to pay, and in the wrong hands, the tech could allow illicit spying of astronomical proportions. That said, privacy research experts say the companies could have been exaggerating their reach, given that the claims were part of a sales pitch. In response to the allegations, a Zignal spokesperson stated: “While Anomaly 6 has in the past demonstrated its capabilities to Zignal Labs, Zignal Labs does not have a relationship with Anomaly 6. We have never integrated Anomaly 6’s capabilities into our platform, nor have we ever delivered Anomaly 6 to any of our customers.”