Hackers broke into The Washington Post's jobs website late last month and stole approximately 1.27 million user IDs and email addresses, the newspaper disclosed Thursday. No passwords or other personal information was affected. Attackers leveraged a security vulnerability on the site to break in twice, on June 27 and 28. The newspaper has since fixed the flaw and implemented additional unspecified security measures to ensure a similar incident does not recur. Affected individuals may receive an increase in spam and phishing messages as a result of the hack, The Washington Post warned.
The FTC Health Breach Notification Rule was enacted 10 years ago to protect the privacy and security of consumer health data not covered by HIPAA, but it was never enforced. A policy decision enacted on Sept. 15 will change that.