DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Shades of 2003: Have contractors started holding individuals’ PII hostage again?

Posted on January 4, 2013 by Dissent

It’s been a long time since I’ve seen any report that a contractor or their employees were holding an organization’s client or patient data hostage as part of a dispute.  To my surprise, however, there have been two such reports like that recently.  One case is in the healthcare sector and I’ll be blogging about that later today on PHIprivacy.net.   The other in the business sector and involves Irvine Scientific.

Although it has managed to fly under the media radar,  on December 18, Irvine notified the New Hampshire Attorney General’s Office that on October 31, an unnamed former contractor contacted them, claiming to be in possession of customers’ credit card information.  The contractor reportedly refused to return the information or even disclose what he information he allegedly possesses. On or about December 18, the  firm notified all customers whose data might have been acquired by the contractor. They also notified the U.S. Secret Service and the Santa Ana Police Department.

According to a spokesperson, Irvine Scientific does not know whether their former contractor is really in possession of customers’ credit card information, but he did have access to the data in the course of his duties as a web developer for the firm. The firm’s notification letter did not indicate what the contractor’s motivation might be, but it seems a reasonable hypothesis that some payment dispute might be at the root of it.

So what happens now? And could this happen to any entity? Probably.  And what would your firm or entity do if it happened to you?

Credit card numbers can be cancelled, although there’s no indication that the contractor has been misusing the information in any way.  And Irvine Scientific may take a reputation hit with their customers who may be unhappy over the inconvenience and the firm’s failure to offer any free credit monitoring service  But if the contractor hoped to have any leverage by threatening the firm about customers’ data, that threat is gone now that they’ve disclosed the breach. The only remaining threat may be to the contractor’s freedom if he’s charged criminally over this or to his pocket if the firm decides to sue him.

No related posts.

Category: Breach IncidentsBusiness SectorOf NoteSubcontractor

Post navigation

← Former IT security manager for SCDOR testifies about the lack of security controls prior to its breach
Medicaid fraud scheme used children's Medicaid numbers and misappropriated therapists' Medicaid provider numbers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.