Wij willen met u aan tafel zitten en in een openhartig gesprek uitvinden welke uitdagingen en vragen er bij u spelen om zo, gezamelijk, tot een beste oplossing te komen. Oftewel, hoe kan de techniek u ondersteunen in plaats van dat u de techniek moet ondersteunen.

A data breach at the U.S. Marshals Service exposed the personal information of current and former prisoners, TechCrunch has learned.

A letter sent to those affected, and obtained by TechCrunch, said the Justice Department notified the U.S. Marshals on December 30, 2019 of a data breach affecting a public-facing server storing personal information on current and former prisoners in its custody. The letter said the breach may have included their address, date of birth and Social Security number, which can be used for identity fraud.

But the notice didn’t say how many current and former prisoners are affected by the breach.

As the law enforcement arm of the federal courts, U.S. Marshals are tasked with capturing fugitives and serving federal arrest warrants. Last year, U.S. Marshals arrested more than 90,000 fugitives and served over 105,000 warrants.

A spokesperson for the Justice Department did not respond to a request for comment by email or phone.

It’s the latest federal government security lapse in recent weeks.

The Defense Information Systems Agency, a Dept. of Defense division charged with providing technology and communications support to the U.S. government — including the president and other senior officials — said a data breach between May and July 2019 resulted in the theft of employees’ personal information.

Last month, the Small Business Administration admitted that 8,000 applicants, who applied for an emergency loan after facing financial difficulties because of the coronavirus pandemic, had their data exposed.


TechCrunch

The Entertainment Software Association issued an apology of sorts after making available the contact information for more than 2,000 journalists and analysts who attended this year’s E3.

“ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public,” the organization said via statement. “Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again.”

It’s not clear whether the organization attempted to reach out to those impacted by the breach.

In a kind of bungle that utterly boggles the mind in 2019, the ESA had made available on its site a full spreadsheet of contact information for thousands of attendees, including email addresses, phone numbers and physical addresses. While many or most of the addresses appear to be businesses, journalists often work remotely, and the availability of a home address online can present a real safety concern.

After all, many gaming journalists are routinely targets of harassments and threats of physical violence for the simple act of writing about video games on the internet. That’s the reality of the world we currently live in. And while the information leaked could have been worse, there’s a real potential human consequence here.

That, in turn, presents a pretty compelling case that the ESA is going to have a pretty big headache on its hands under GDPR. Per the rules,

In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

There is, indeed, a pretty strong argument to made that said breach could “result in a risk to the rights and freedoms of natural persons.” Failure to notify individuals in the allotted time period could, in turn, result in some hefty fines.

It’s hard to say how long the ESA knew about the information, though YouTuber Sophia Narwitz, who first brought this information to light publicly, may have also been the first to alert the organization. The ESA appears to have been reasonably responsive in pulling the spreadsheet down, but the internet is always faster, and that information is still floating around online and fairy easily found.

VentureBeat notes rightfully that spreadsheets like these are incredibly valuable to convention organizations, representing contact information some of the top journalists in any given industry. Many will no doubt think twice before sharing this kind of information again, of course.

Notably (and, yes, ironically), the Black Hat security conference experienced a similar breach this time last year. It chalked the issue up to a “legacy system.”

Natasha Lomas contributed to this report


TechCrunch

Created by R the Company. Powered by SiteMuze.