Leveraging Knowledge to Manage Your Data Risks
According to Bleeping Computer, crypto fraud researchers at ZachXBT, and MetaMask developer Taylor Monahan have reported that on October 25, 2023, “hackers have stolen $4.4 million in cryptocurrency using private keys and passphrases stored in stolen LastPass databases.”
According to a post by ZachXBT, “Just on October 25, 2023, alone another~$4.4M was drained from…
Meta (formerly Facebook) has been hit with a revived class action shareholder suit stemming from its involvement with Cambridge Analytica, a firm that infamously mined Facebook user data for hyper-targeted political engagement. The 9th U.S. Circuit Court of Appeals in San Francisco restored shareholders’ claims that Meta falsely stated that user data “could” be compromised…
PharMerica and its subsidiary Amerita’s Specialty Infusion Services (Amerita) are already facing class action lawsuits after patients received a September 5, 2023, data breach notification letter. When the businesses detected suspicious activity on both the PharMerica and Amerita networks, a forensic investigation determined that a threat actor had gained access to the systems sometime in…
In October 2022, Advocate Aurora Health notified three million individuals of a data breach resulting from its use of tracking pixels on its website for tracking website visitor activity. Now, this month, Advocate Aurora Health settled a class action stemming from that data breach for $12.25 million.
In its breach notification to patients, Advocate Aurora…
The Rhode Island General Assembly amended the state’s data breach law, known as the Rhode Island Identity Theft Protection Act (Act) that makes significant changes to notification requirements for state and municipal agencies in the event of a data breach.
The Act requires state agencies and municipalities to notify the State Police of an incident…
EyeMed Vision Care, LLC has agreed to settle allegations lodged against it by four state Attorneys General for $2.5 million stemming from a data breach that occurred in 2020 and effected 2.1 million people.
The settlement is with the AGs of Florida, New Jersey, Oregon, and Pennsylvania. The breach occurred when threat actors infiltrated EyeMed’s…
On May 17, 2023, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement with MedEvolve, Inc. for $350,000. MedEvolve provides practice and revenue cycle management and practice analytics software services to health care entities. The settlement resulted from MedEvolve’s alleged violation of the Health Insurance Portability and Accountability…
OpenAI, the developer of ChatGPT, stated that it has suffered a potential data breach in ChatGPT’s source code due to a vulnerability in the software. OpenAI “took ChatGPT offline…due to a bug in an open-source library which allowed some users to see titles from another active user’s chat history…the same bug may have caused…
New York Attorney General Letitia James announced on March 27, 2023 that she had levied a fine against law firm Heidell, Pittoni, Murphy & Bach LLP for failing to secure personal and health information of clients exposing the information in a data breach.
According to the press release, the law firm agreed to pay…
HIPAA requires that covered entities notify the Office for Civil Rights (OCR) of any breaches of unsecured protected health information that affects less than 500 individuals in a calendar year within 60 days following the end of the calendar year.
Therefore, all breaches that affected less than 500 individuals that occurred in 2022 and have…
