Archives: Data Breach

Subscribe to Data Breach RSS Feed

Cottage Health Pays $2M to CA AG for Data Breach

Cottage Health, a three hospital health care system located in California has agreed to pay the California Attorney General’s Office $2 million to settle allegations that it failed to implement data security safeguards to protect patients’ health information that was accessible online and indexed by search engines. In December 2013, it was discovered that one … Continue Reading

North Carolina DHS Notifies 6,000 of Data Breach of Drug Testing Information

The North Carolina Department of Health and Human Services has notified close to 6,000 individuals that a spreadsheet containing the names, Social Security numbers and test results for routine drug testing for employment, internships and volunteer opportunities was sent via an unencrypted email to a vendor in error. Misdirected emails are a frequent occurrence and … Continue Reading

Data Breach Costs an Average of $3.6 Million

There have been a myriad of research studies attempting to come up with the “cost” of a data breach. The most recent, released by AT&T, estimates that it costs organizations $3.6 million to recover from a data breach. The AT&T team surveyed 700 IT professionals in all industry sectors, and found that the biggest risks … Continue Reading

CFPB Releases Principles for Financial Services Industry for Sharing Data

The Consumer Financial Protection Bureau(CFPB) recently issued principles for the access and disclosure of sensitive data in the financial services industry. The CFPB referred to the guidelines as principles instead of regulations so fintech and other firms can innovate while protecting consumers’ information, and give consumers the ability to consent to the sharing of information … Continue Reading

Maryland Data Breach Notification Law Updated: Effective 1/1/18

The Maryland Personal Information Protection Act has been updated and the new provisions are effective January 1, 2018. The new law expands the definition of personal information that is protected under the statute. Presently, the definition of personal information includes a Maryland resident’s first and last name or initial and last name along with: a … Continue Reading

Hilton Settles Data Breach Investigations with NY and VT AGs

Hilton Domestic Operating Co., Inc. (Hilton) has agreed to pay the New York and Vermont Attorneys General $700,000 to settle allegations that they violated those state consumer protection and data breach notification laws when it failed to implement reasonable security measures to protect consumer data and for waiting nine months to notify consumers of a … Continue Reading

Hyatt Data Breach Impacts 41 Locations in 11 Countries

Hyatt Hotels Corporation recently announced that it had identified malicious software code resulting in unauthorized access to customer payment card information. Hyatt disclosed that upon investigating the incident, it discovered unauthorized access to customer payment cards manually entered or swiped at the front desk of 41 Hyatt-managed locations in 11 countries between March 18, 2017, … Continue Reading

Home Depot Settles Data Breach Class Action Case with Financial Institutions and Counsel for $42.55 million

Following its data breach in 2014, Home Depot was sued by thousands of financial institutions requesting recovery of costs associated with the issuance of new credit and debit cards to 50 million individuals affected by the breach. Last week, an Alabama federal judge approved a proposed settlement with the financial institutions for $27.25 million. The … Continue Reading

Women’s Health Care Group Notifies 300,000 About Ransomware Attack

Women’s Health Care Group of Pennsylvania has notified approximately 300,000 patients that their protected health information has been compromised by a ransomware attack. Although the ransomware became active on May 16, 2017, an investigation into the attack showed that the intruders had access to the Group’s system since January of 2017. The intruders may have … Continue Reading

Data Breach at Italy’s No. 1 Bank Exposes 400,000 Accounts

Italy’s top bank, UniCredit SpA, is yet another victim in a series of cyberattacks exploiting vulnerabilities in the financial services industry. Criminals made off with biographical and loan data from 400,000 UniCredit loan accounts after gaining access to the bank’s computer system through one of UniCredit’s third-party commercial partners. The series of data breaches was … Continue Reading

Three Million Wrestling Fans’ Data Compromised

World Wrestling Entertainment, Inc. (WWE) has announced that it is investigating a “vulnerability of [a] database” containing over three million users’ names, addresses, email addresses, dates of birth, educational background, ethnicity, earnings and children’s ages and genders. The data included social media tracking and posts from WWE stars and fans. According to the company, it … Continue Reading

1 Million Individuals’ Personal Data on Backup Drive is Stolen from Washington State University

File this story in the category of even locking data up in a safe is not secure. Washington State University (WSU) has begun to notify approximately 1 million individuals that their personal data was compromised when a back-up drive that contained the information was stolen from a safe located in the IT Department. The individuals … Continue Reading

North Dakota Medicaid Recipients’ Data Found in Dumpster

The North Dakota Department of Human Services (NDDHS) is notifying 2,452 Medicaid recipients that their protected health information has been compromised when their records were discovered in a dumpster. On May 19, 2017, a member of the public discovered sensitive information in a dumpster and contacted NDDHS. The documents that were discovered included Medicaid worksheets, … Continue Reading

Medicaid Documents Thrown in Dumpster

The North Dakota Department of Human Services has admitted that one of its employees threw Medicaid claim resolution worksheets into a dumpster instead of disposing them in a secure onsite shredding receptacle. The result? The documents were found in the dumpster by a citizen who notified the Department, which then notified almost 2,500 patients of … Continue Reading

2,500 Mothers’ and Newborns’ Personal and Health Information Lost in the Mail

The Arizona Department of Health Services (ADHS) has notified 2,500 patients that their personal and health information has been lost in the mail. The affected patients were mothers and newborns enrolled in the newborn screening program operated by ADHS. The compromised information was contained on paper records, including names, addresses, Social Security numbers, health insurance … Continue Reading

Rite Aid’s Online Store Breached

Rite Aid has admitted that its online eCommerce platform was accessed by unauthorized individual(s) from January 30, 2017, through April 11, 2017, and their customers’ names, addresses and payment card information, including credit and debit card numbers, expiration dates and security codes were compromised. The breach affected any customers using Rite Aid’s online store and … Continue Reading
LexBlog