Tag Archives: Data Breach

Choice Hotels Contacts 700,000 Customers About Data Breach Caused by Vendor

In another example of a data breach allegedly caused by a vendor, Choice Hotels is contacting approximately 700,000 of its customers regarding a data breach caused by a third-party vendor that “copied the impacted data from our environment without authorization” to its server. While the data was being transferred to the third-party vendor’s server, it … Continue Reading

Quest Diagnostics Reports Data Breach Affecting 11.9M Patients in Securities Filing

Another day in the healthc are industry, another big data breach. This week, Quest Diagnostics announced in a security filing with the Securities and Exchange Commission, that a collection agency vendor that it uses for collection services notified it that for eight months, an unauthorized user had access to Quest patients’ records, including credit card … Continue Reading

OCR Releases “Improved Web Tool” for Breach Reporting

The Office for Civil Rights (OCR) recently issued an “improved web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and learn how all breaches of health information are investigated and successfully resolved.” The tool, called “The HIPAA Breach Reporting Tool (HBRT) allows individuals … Continue Reading

Neiman Marcus Settles Data Breach Class Action Case for up to $1.6 Million

We have followed the Neiman Marcus case from the moment the data breach was announced [view related posts here, here, and here]. After winding through the judicial system, Neiman Marcus has agreed to settle, and the plaintiffs have requested that the Judge approve the proposed settlement, reached after mediation proceedings. The settlement includes a payment … Continue Reading

Medical Marijuana Dispensary Applications Exposed in Cyber Attack

The Nevada Division of Public Health has announced that its Medical Marijuana Program’s online database has suffered a cyber-attack that has exposed 11,700 applications requesting approval to open a medical marijuana dispensary. Medical Marijuana agent cards were accessed, disclosing the names, Social Security number, race, address, and citizenship of the owners and employees of medical … Continue Reading

Wendy’s faces class action over data breach

We wrote about Wendy’s investigation into a data breach at its chain restaurants at the beginning of January, and now Wendy’s faces a class action over that same breach. The suit claims that Wendy’s negligently exposed customers’ credit card information and lead plaintiff, Jonathan Torres, claims that hackers used his stolen credit card information, to … Continue Reading

Wendy’s investigating potential credit card breaches

Wendy’s may be the latest in a number of companies with Central Ohio operations that have suffered data breaches in recent years. On January 27, Wendy’s announced that it hired a cybersecurity firm to investigate claims of a possible credit card breach at some of its locations.  Initially, the company was notified by its payment … Continue Reading

Data breach class action dismissed against SuperValu for lack of standing

Last week, a Minnesota court ruled that a consolidated class action filed against SuperValu retail chain failed to assert any harm, finding that while SuperValu did suffer two data breaches, the class’s claims of possible future injuries were too speculative, and the class therefore lacked standing to sue. The data breaches occurred in 2014 at … Continue Reading

University of Washington Medical School pays OCR $750,000 for data breach

The Office for Civil Rights (OCR) announced on Monday, December 14, 2014, that it has settled a HIPAA investigation with the University of Washington Medical School involving a data breach in October of 2013. The breach occurred when an employee in the billing office clicked on an email attachment that contained malware and exposed 90,000 … Continue Reading

Dow Jones & Co. notifies 3,500 of data breach

Dow Jones & Co. has notified 3500 of its customers that their information was accessed by an unauthorized individual in a data breach that spanned from August 2012 through July 2015. The unauthorized access, through malware, exposed the names, addresses, email addresses, telephone numbers, and credit card information of 3,500 subscribers, including subscribers to The Wall … Continue Reading

OPM update: OPM hit with another class action suit—this one filed by a Judge

Ho hum. Another class action filed against OPM for its massive data breach. The interesting fact here? The suit’s named plaintiff is a Judge with the Social Security Administration. On Friday, August 7, Social Security Administration Judge Teresa J. McGarry hit the OPM with its latest proposed class action suit alleging that OPM was aware … Continue Reading

United Airlines suffers network breach—same hackers as OPM suspected—dark motives

United Airlines has confirmed that it has suffered a data and network breach that occurred during the same time frame as the OPM breach. Investigators suspect the same Chinese state-sponsored hackers are responsible for both breaches. One theory being advanced about the connection between the two breaches is that the Chinese state-sponsored hackers are targeting specific … Continue Reading

Fred’s Inc. discloses data breach to SEC

In its most recent filing with the Securities and Exchange Commission (SEC), Fred’s Inc. disclosed this week that a security firm found malware in its system that was designed to lift customer credit card information. Although it appears from reports that the hackers may have had access to customer credit card information, the security firm … Continue Reading

Second class action suit filed against Medical Informatics

We previously reported that Medical Informatics Engineering, Inc. was sued over a data breach that occurred in May and affected over 4 million individuals. Thereafter, Indiana AG Gregory Zoeller advised all Hoosiers to freeze their credit to protect themselves. Late last week, a second proposed class action suit was filed against Medical Informatics in California … Continue Reading

Proposed class action case filed against Medical Informatics Engineering

Medical Informatics Engineering, Inc., an electronic medical record service provider, recently disclosed a data breach affecting approximately 4 million individuals. Within days of the disclosure, Medical Informatics was hit with a proposed class action lawsuit alleging that it should be held to a higher standard as its business is based on data security and it failed … Continue Reading

Class action filed against UCLA following data breach

We previously reported that UCLA suffered a data breach affecting 4.5 million patients. Days following the announcement of the breach, plaintiffs filed a proposed class action lawsuit against UCLA, alleging that UCLA should have seen the attack coming and that they “knew or should have known of the risks inherent in maintaining their customers’ nonpublic … Continue Reading

JAMA Releases Study Analyzing Scope and Characteristics of Recent Data Breaches

Reports of security breaches involving health care information have become increasingly prevalent in recent years, and such breaches seem to be continually growing in scope and magnitude. In the April 14, 2015, issue of JAMA, the Journal of the American Medical Association, three California researchers led by Dr. Vincent Liu (hereinafter Liu et al.) sought … Continue Reading

Verizon 2015 Data Breach Investigations Report Out

If you have never taken a close look at Verizon’s yearly Data Breach Investigations Report, we highly recommend that you do. It just came out, and is once again, a very informative read. The Verizon Report received data breach incident information from 70 contributing organizations in 61 countries, which reported on 79,790 security incidents, representing … Continue Reading

Senate Democrats offer Consumer Privacy and Protection Act of 2015

Senate Democrats, led by Senate Judiciary Committee Ranking Member Patrick Leahy of Vermont, introduced legislation on April 30, 2015 directed to online consumer privacy and data protection. The Consumer Privacy and Protection Act of 2015, one of multiple proposals before Congress this year, requires companies storing sensitive personal or financial information on 10,000 or more … Continue Reading

House passes bipartisan bill with liability protections for sharing cyber threat data

In the wake of huge data breaches in the last year, multiple pieces of legislation have been introduced in the past few months relating to cybersecurity and the sharing of information between public and private entities in order to combat increasingly sophisticated cyberattacks. Yesterday, the U.S. House of Representatives passed bipartisan legislation (the Protecting Cyber … Continue Reading
LexBlog