Healthcare startup Lyfebin exposed medical images

Healthcare startup Lyfebin exposed thousands of medical imaging files, such as X-rays, MRI scans and ultrasounds. The Los Angeles-based healthcare startup allows doctors and medical staff to store medical images in its “secure environment,” per its website, allowing patients and doctors access from anywhere. But the files were found stored in an unprotected Amazon Web Services (AWS) storage bucket, without a password, allowing anyone who knew the easy-to-guess web address access to the data. The files were dated between September 2018 to October 2019. After we reached out to warn of the security lapse, Lyfebin secured the data. The storage bucket contained more than 93,000 files — many appeared to be duplicates — containing medical scans. The files were stored …

6 tips founders need to know about securing their startup

If you’ve read anything of mine in the past year, you know just how complicated security can be. Every day it seems there’s a new security lapse, a breach, a hack, or an inadvertent exposure, such as leaving a cloud storage server unprotected without a password. These things happen, but they don’t have to; aecurity isn’t as difficult as it sounds, but there’s no one-size-fits-all solution. We sat down with three experts on the Extra Crunch stage at TechCrunch’s Disrupt SF earlier this month to help startups and founders understand what they need to do, when, and why. We asked Google’s Heather Adkins, Duo’s Dug Song, and IOActive’s Jennifer Sunshine Steffens for their best advice. Here’s what they had to …

Facebooks lead EU regulator is asking questions about its latest security fail

Facebook’s lead data protection regulator in Europe has confirmed it’s put questions to the company about a major security breach that we reported on yesterday. “The DPC became aware of this issue through the recent media coverage and we immediately made contact with Facebook and we have asked them a series of questions. We are awaiting Facebook’s responses to those questions,” a spokeswoman for the Irish Data Protection Commission told us. We’ve reached out to Facebook for a response. As we reported earlier, a security research discovered an unsecured database of hundreds of millions of phone numbers linked to Facebook accounts. The exposed server contained more than 419 million records over several databases on Facebook users from multiple countries, including …

UKs ICO fines British Airways a record 183M over GDPR breach that leaked data from 500,000 users

The U.K.’s Information Commissioner is starting off the week with a GDPR bang: This morning, it announced that it has fined British Airways and its parent International Airlines Group (IAG) £183.39 million ($230 million) in connection with a data breach that took place last year that affected a whopping 500,000 customers browsing and booking tickets online. In an investigation, the ICO said that it found “that a variety of information was compromised by poor security arrangements at [BA], including log in, payment card, and travel booking details as well name and address information.” The fine — 1.5% of BA’s total revenues for the year that ended December 31, 2018 — is the highest-ever that the ICO has leveled at a company over a …