Archives: Data Breach

Subscribe to Data Breach RSS Feed

Spear Phishing Scheme Dupes Nine Staff Members at Oregon DHS Compromising PHI of 350,000 in Over 2M Emails

The Oregon Department of Human Services (DHS) announced late last week that nine of its staff members had fallen victim to a phishing campaign and that their email boxes were compromised on January 8, 2019. The intrusion was discovered on January 28, 2019. When the intrusion was discovered, the staff members’ changed their passwords to … Continue Reading

Is Bad Cyber Insurance Coverage Actually Good for Consumers?

The cyber insurance market continues to evolve, and major questions remain unanswered. Should policies cover regulatory fines? Should first- and third-party claims be addressed in separate policies? The list goes on. For the consumer, here is an interesting thought experiment: Is a company having limited access to cyber insurance actually a good thing? Aside from … Continue Reading

Fortnite Players Sue for Alleged Exposure of Payment Information for Vbucks

Players of the popular Fortnite video game have filed a proposed class action suit against the video game’s owner, Epic Games Inc. (“Epic”) alleging that Epic failed to protect players’ accounts, allowing hackers access to their payment details in a 2018 data breach. According to the suit, the players gave Epic their payment information in … Continue Reading

Yet Another Breach

The 2019 calendar year had a rough beginning with several massive data breaches. Just this week, more than 600 million account details were stolen from 16 different websites: Dubsmash MyFitnessPal MyHeritage ShareThis HauteLook Animoto EyeEm 8fit Whitepages Fotolog 500px Armor Games BookMate CoffeeMeetsBagel Artsy DataCamp The account details being sold on the dark web from … Continue Reading

Cottage Health Settles with OCR for $3M

We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $3 million in regard to a security incident that occurred in 2013. On February 7, 2019, the Office for Civil Rights (OCR) issued a press release that it settled HIPAA violations in December … Continue Reading

Community Health System Agrees to Settlement of $4.5 Million for 2014 Data Breach

Community Health System, located in Tennessee, has agreed to settle claims made against it arising from a 2014 data breach for $4.5 million. The data breach, believed to be caused by Chinese hackers, compromised the names, dates of birth, addresses, telephone numbers, and Social Security numbers of 4.5 million patients of the hospital system, which … Continue Reading

San Diego School System Hack Exposes Data of More than 500,000 Students

The San Diego School System has notified current and former students, as well as some employees, that hackers compromised its system and obtained access to a file that included detailed personal information of more than 500,000 students from the 2008-2009 school year. The information accessible included the students’ names, addresses, Social Security numbers, health information, … Continue Reading

Experian® Predicts Cyber Threats in 2019

Experian’s Data Breach Resolution group has released its Data Breach Industry Forecast 2019 Report, which provides predictions for data breaches in 2019, and outlines staggering statistics of data breaches that occurred in 2018. One statistic is that the “number of records compromised in the first half of the year had already surpassed the total number … Continue Reading

Privacy Tip #169 – What to Do When You Get the Breach Notification Email from Starwood Hotels/Marriott

I knew I would get it. It was just a matter of time. The dreaded breach notification email from Starwood Hotels/Marriott hit my inbox this Monday. As you know, I am one that is serious about data privacy. I have received notification of data breaches of my information before, and what irks me is that … Continue Reading

Multiple Lawsuits filed Against Marriott After Data Breach – “One of the Largest Digital Infestations in History”

Calling the Marriott data breach “one of the largest digital infestations in history,” a putative class action was filed in Oregon this week seeking up to $12.5 billion dollars in relief. It should come as no surprise that soon after Marriott announced its massive data breach affecting potentially 500 million customers in the Starwood reservations … Continue Reading

Marriott Announces Massive Data Breach—Illustrates the Importance of Cybersecurity in M&A Due Diligence

Marriott today announced a major data breach, perhaps one of the largest in history. This breach illustrates the often made point that breaches and intrusions happen and go unnoticed for months or years. Marriott’s breach involved an unauthorized party that copied and encrypted information in the Starwood reservations database back in 2014. When Marriott acquired … Continue Reading

2.6 Million Atrium Health Patient Records Compromised by Vendor AccuDoc

Atrium Health and its vendor, AccuDoc Solutions, released a joint announcement this week that AccuDoc’s database of 2.6 million billing records of Atrium Health’s patients has been compromised by a hacking incident. The information contained in the database included patient names, addresses, dates of birth, health insurance information, account balances, dates of service and some … Continue Reading

Phishing Attack Causes Breach at Southwest Washington Regional Surgery Center

Phishing attacks continue to hit health care providers and experts say the attacks will become even more frequent in 2019. As previously reported, the largest breach of health care information was recently settled by Anthem, which involved almost 80 million individuals’ information, all caused by a phishing email sent to one individual at Anthem [view … Continue Reading

Radisson Loyalty Program Compromised

Radisson Hotel Group has notified some of its global loyalty program customers that hackers have stolen their personal information, including their names, addresses, email addresses, and in some cases, their employment and employers’ name and telephone number, rewards member number and frequent flyer numbers. When it discovered the compromise, it hired investigators and revoked access … Continue Reading

New Jersey AG Announces $200,000 Settlement with Business Associate and Permanent Ban for BA’s Owner due to 2016 Data Breach Affecting Over 1,650 Patients

On November 2, 2018, the New Jersey Attorney General announced a settlement worth up to $200,000 with a former medical transcription company responsible for a breach affecting medical records of up to 1,654 patients of a New Jersey physician network for which the company acted as a business associate. Please see our analysis of an … Continue Reading

Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable

According to reports by WhoWhatWhy and the Associated Press, five security experts have confirmed a private citizen’s allegation that the Georgia Online Voter Database contains a major security flaw and is vulnerable to hackers. According to one of the experts from the University of Michigan, anyone with access to an individual voter’s personal information could … Continue Reading

Parties Seek to Settle Yahoo Data Breach Class Action for $50M

We previously wrote about the Yahoo data breaches, subsequent class action pending in California, and the company’s estimate of potential settlement costs. Based on the Plaintiffs’ recent Motion for Preliminary Approval of Class Action Settlement, filed on October 22, 2018, the parties have tentatively agreed to settle the case for $50,000,000 in settlement funds, $35,000,000 … Continue Reading

Data Breach Announced by CMS – Approximately 75,000 Individuals’ Files Affected

Cyber-attacks on healthcare data are becoming increasingly common and costly and last week even CMS announced that it had suffered a data breach. The breach was detected in the Direct Enrollment pathway that allows agents and brokers to assist consumers with applications in the federal facilitated ACA exchange. The breach affected approximately 75,000 individuals’ files. … Continue Reading

Federal Legislation Enables Consumers to Obtain Security Freezes on Credit Reports Free of Charge

Federal legislation recently took effect that prohibits consumer reporting agencies from charging a fee to place or remove (lift) a security freeze on a consumer credit report in response to a consumer request. The “Economic Growth, Regulatory Relief, and Consumer Protection Act” (the Act) was passed on May 24, 2018. The Act includes important updates … Continue Reading

New Ethics Guidance for Lawyers from the American Bar Association (ABA) Regarding Data Breach and Cyber-attack

We all know data breaches can impact all of us, regardless of whether we are a Fortune 500 company or a small business. Lawyers, of course, are not immune from data attacks and recent guidance from the American Bar Association Standing Committee on Ethics and Professional Responsibility illustrates how critical it is for lawyers and … Continue Reading

Facebook Acknowledges Breach of Sensitive Data for Nearly 30 Million Users

As we previously noted, Facebook originally announced a breach late last month, in which hackers took advantage of a code vulnerability in the website’s “View As” feature, to access user’s data. However, on October 12, 2018, Facebook stepped back the number of affected accounts from 50 to roughly 30 million, and it acknowledged that hackers … Continue Reading

Hacker Hits Toyota Industries N.A.

Toyota Industries North America (TINA) has discovered that a hacker was able to access its corporate email system, compromising the personal and protected health information of approximately 19,000 individuals, apparently most of whom were employees. The data that was potentially compromised included health insurance information, names, addresses, dates of birth, financial information, Social Security numbers, … Continue Reading

Uber Settles Data Breach Case With All 50 State AGs for $148 Million

Yesterday (September 26, 2018), Uber Technologies Inc. agreed to finish inquiries of all 50 states of its 2016 data breach by paying $148 million in different amounts to all 50 states and the District of Columbia. The settlement concludes the investigations into the data breach, which occurred in 2016 when hackers absconded with the personal … Continue Reading

Years-Long Exposure of Sensitive Client Information Results in $200,000 Settlement with New York Attorney General

In late August, the Attorney General of the State of New York announced a $200,000 settlement with a New York-based non-profit organization that provides services to developmentally disabled individuals and their families after concluding that the organization exposed sensitive personal information of its clients on the Internet for almost three years. The settlement is the … Continue Reading
LexBlog