Archives: Data Breach

Subscribe to Data Breach RSS Feed

Wendy’s Successful in Trimming Data Breach Class Action Suit But No Dismissal

We have previously discussed the class action case filed against Wendy’s as a result of a data breach [view related post]. The case was initially dismissed based upon lack of standing, but the plaintiffs were given the opportunity to amend the Complaint. After the filing of the Amended Complaint, Wendy’s filed a Motion to Dismiss. … Continue Reading

Neiman Marcus Settles Data Breach Class Action Case for up to $1.6 Million

We have followed the Neiman Marcus case from the moment the data breach was announced [view related posts here, here, and here]. After winding through the judicial system, Neiman Marcus has agreed to settle, and the plaintiffs have requested that the Judge approve the proposed settlement, reached after mediation proceedings. The settlement includes a payment … Continue Reading

Air Force Security Clearance Files Compromised on Unsecured Backup Drive

Security researchers have discovered that an unsecured backup drive has compromised thousands of U.S. Air Force documents, including personnel files and sensitive forms filled out by senior and high-ranking officials. These files were openly accessible because they were located on a backup drive connected to the internet wasn’t password protected. The compromised files include the … Continue Reading

Cardiology Group Hard Drive Stolen

Denton Heart Group, located throughout Dallas, has notified 21,665 patients that their protected health information has been compromised as a result of the theft of a hard drive from a locked closet. The hard drive that was in the closet contained the group’s backup data from the practice’s electronic health system—which included apparently of all … Continue Reading

Home Depot Settles with Financial Institutions

A federal judge has preliminarily approved a proposed settlement of $25 million between Home Depot and financial institutions that issued payment cards that were affected by the Home Depot data breach in 2014. This proposed settlement amount is in addition to the $140 million settlement with other payment card issuers such as American Express and … Continue Reading

West Virginia University Medicine University Healthcare Patients Victims of Identity Theft

West Virginia University Medicine University Healthcare (WVUM) has confirmed that it is sending notification letters to over 7,400 of its patients seen at Berkeley Medical Center as a result of an unauthorized access to their information. It further confirmed that 113 of its patients have become the victims of identity theft as a result of … Continue Reading

Verifone Investigating Breach of its Internal Corporate Network

Verifone, the largest maker of credit card point of sale terminals in the U.S., which assists various industries, including retailers, with credit and debit card swipe and process services, has affirmed that it is investigating a breach of its internal corporate network. According to Verifone’s CIO, it is “investigating an IT control matter in the … Continue Reading

Data Breach Involving CloudPets “Smart” Toys Raises Internet-of-Things Security Concerns

On February 27, 2017, news reports disclosed a major security breach involving Spiral Toys, the seller of the CloudPets brand of internet-connected stuffed animals. The Bluetooth-connected CloudPets toys allow users to exchange voice messages between the toys and applications on smartphones or tablets. An investigation by cybersecurity researcher Troy Hunt revealed that customer data for … Continue Reading

Vanderbilt University Medical Center PHI Breached by Patient Transporters

Vanderbilt University Medical Center (VUMC) has announced that it will be sending breach notification letters to over 3,000 patients as a result of unauthorized access to PHI by two patient transporters. According to the announcement, VUMC audited its medical records (as it is required to do by  HIPAA), and found that two individuals who worked … Continue Reading

American Senior Communities Suffers W-2 Scam

W-2 phishing schemes continue to be a problem for companies in every industry. Last week, American Senior Communities based in Indiana announced that one of its employees was scammed through a phishing email and thereafter sent over 17,000 employees’ W-2 forms to the fraudulent emailer. Unfortunately, the scam was not discovered until a month after … Continue Reading

Arby’s Investigating Payment Card Breach

Arby’s has announced that it is investigating its payment card systems after Brian Krebs first reported the incident. According to reports, malware placed on Arby restaurants’ payment card systems allowed attackers to steal credit card data at the time it was swiped in the cash register. The breach is believed to have occurred between October … Continue Reading

Vendor Causes Breach of Over 5,000 Patient Records

The continued risk that vendors pose to companies, including health care entities cannot be overemphasized. This week, Sentara Healthcare (Sentara) announced that one of its third-party vendors was the victim of a “cybersecurity incident” that compromised the names, dates of birth, Social Security numbers, procedure information, demographic information and medications of 5,454 patients who received … Continue Reading

U.S. Military Special Operations Command Workers’ Data Exposed by Vendor

Military personnel continue to be victimized by data breaches. This time, the personal information of healthcare workers employed by Potomac Healthcare Solutions (Potomac), who work for a U.S. Special Operations Command were exposed. The Potomac healthcare workers travel to provide Navy SEALs, Army Green Berets and Rangers, Delta Force members, and Air Force and Marine … Continue Reading

New Hampshire Psychiatric Hospital Patient Records Posted Online by Former Patient

The New Hampshire Department of Health and Human Services has notified up to 15,000 patients of its psychiatric hospital (New Hampshire Hospital) that their names, addresses, Social Security numbers, Medicaid ID numbers and highly sensitive psychiatric health information was posted on a social media site by a former patient. The former patient gained access to … Continue Reading

Medical Marijuana Dispensary Applications Exposed in Cyber Attack

The Nevada Division of Public Health has announced that its Medical Marijuana Program’s online database has suffered a cyber-attack that has exposed 11,700 applications requesting approval to open a medical marijuana dispensary. Medical Marijuana agent cards were accessed, disclosing the names, Social Security number, race, address, and citizenship of the owners and employees of medical … Continue Reading

Massachusetts Data Breach Notification History Now Available Online

The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) has published an online list of data breach notifications issued each year to Massachusetts residents since 2007, the inception of the Commonwealth’s data breach notification law. The list identifies the entity that was breached; the number of Massachusetts residents affected; whether the breach was of … Continue Reading

Trading Card Maker Topps Notifies Customers of Data Breach

According to several media outlets, Topps, whose products include sports trading cards, recently notified customers via email of a security breach. Information that may have been compromised includes bank account numbers, names, and email addresses of customers who placed orders between July 30 and October 12, 2016. Topps has not publicly released the number of … Continue Reading

2016 Was the Year of the Data Breach

Although every year we lament about the significance of data breaches in the past year, 2016 was by far the worst. Data breaches were rampant, victimizing every industry and numbing consumers in the process. It was so bad that consumers began to throw up their hands and say “My personal information is out there anyway. … Continue Reading

Cyber-attack on LA County Compromises 756,000 individuals’ information

A Nigerian national has been charged with a cyber-attack on Los Angeles County employees that compromised the personal information of over 756,000 people. The attack took place on May 13, 2016, when the attacker sent a phishing email to over 1,000 LA County employees from several departments. 108 of the employees provided the hacker with … Continue Reading

November the Worst Month Yet for Healthcare Breaches

We have repeatedly reiterated numerous warnings to the healthcare industry about malware and ransomware [see related posts here and here]. Our predictions have unfortunately become true, as November was the worst month ever for healthcare data breaches, according to self-reports to the Office for Civil Rights (OCR). In the month of November 57 incidents of … Continue Reading
LexBlog