Oak Valley Hospital, located in Oakdale, California, reached a settlement in a class action related to a 2023 data breach. On July 18, 2023, Oak Valley detected suspicious activity on its IT systems. Pursuant to the forensic investigation, Oak Valley determined that an unauthorized third-party had access to its systems from April 21 to July
Data Breach
Microsoft Report Highlights Attacks Against Healthcare Organizations
On October 22, 2024, Microsoft issued a threat trend research report entitled “US Healthcare at risk: Strengthening resilience against ransomware attacks.” In it, Microsoft declares that ransomware attacks against the healthcare sector are “emerging as one of the most significant” cybersecurity threats to healthcare organizations. The attack surface of hospitals “grows more complex” with digital…
Ally Financial Faces Class Actions Over Data Breach
Ally Financial Inc., a digital financial services company, faces two class action lawsuits in the U.S. District Court for the Western District of North Carolina related to an April 2024 data breach. The suits allege that Ally failed to secure customers’ personal information, including Social Security and auto account numbers. One lead plaintiff claims that…
CT AG Settles Data Breach Case with Guardian Analytics
Connecticut Attorney General William Tong announced on October 21, 2024, that his office has settled a data breach case against Guardian Analytics, Inc. for $500,000. The data breach affected the personal information of 157,629 Connecticut residents. The CT AG alleged that Guardian Analytics failed to implement reasonable and appropriate data security across its systems and…
T-Mobile’s $31.5 Million Data Protection and Cybersecurity Settlement with the FCC
This week, the Federal Communications Commission (FCC) announced a data protection and cybersecurity settlement with T-Mobile, resolving the FCC’s investigations related to the data breaches suffered by T-Mobile that affected millions of consumers in 2021, 2022, and 2023.
As part of the settlement, T-Mobile has agreed to:
Privacy Tip #409 – HealthEquity Data Breach Affects 4.3 Million
HealthEquity, an administrator of workplace benefits for more than 15 million people, is notifying 4.3 million individuals, starting on August 9, 2024, that their personal information was compromised. The compromised data includes names, addresses, phone numbers, employee IDs, employers, Social Security numbers, health card numbers, health plan member numbers, benefit types, dependent information, and diagnosis…
Tracfone Settles FCC Investigation for $16 Million
This week, the Federal Communications Commission (FCC) announced a settlement with TracFone Wireless to resolve investigations into whether TracFone failed to reasonably protect its customers’ information from unauthorized access in connection with three data breaches.
The breaches occurred between January 2021 and January 2023. Each of these data breaches involved the exploitation of application programming…
Privacy Tip #406 – Rite Aid Discloses Data Breach
Bleeping Computer has reported that Rite Aid has disclosed a data breach affecting 2.2 million individuals.
According to the report, Rite Aid stated in its filing with the Maine Attorney General that “We determined by June 17, 2024, that certain data associated with the purchase or attempted purchase of specific retail products was acquired by…
Privacy Tip #405 – Compromised Passwords Continue to Provide Easy Opportunities for Threat Actors
Verizon’s 2024 Data Breach Report, a must-read publication, was published on May 1, 2024. The report indicates that “Over the past 10 years, the use of stolen credentials has appeared in almost one-third (31%) of all breaches…”
Stolen credentials mean a user has given their username and password to a threat actor. When that…
Convergent Outsourcing Settles Data Breach Class Action for $2.45 Million
Convergent Outsourcing Inc., a debt-collection agency, settled a data breach class action in the U.S. District Court for the Western District of Washington for $2.45 million. The class action suit against Convergent alleged that the business failed to protect the personal information of over 640,000 individuals. The breach occurred in June 2022.
Plaintiffs alleged that…