Spec’s, a Texas superstore selling wines, spirits, and finer foods, has announced that customer data at 34 of its locations may have been snagged by hackers. The hack reportedly began October 31, 2012 and continued until March 20, 2014. Although the breach reportedly affected less than 5% of its transactions, a spokesperson informed the Houston…
Month: March 2014
CA: Data stolen from 5,000 Palomar Health patients after flash drives left in employee's car (updated)
Teri Figueroa reports: About 5,000 patients of Palomar Health had personal information — including medical diagnoses — stolen last month when someone swiped a company laptop and two flash drives from an employee’s vehicle, a company official announced Friday. Read more on U-T San Diego. A statement on Palomar Health’s website says: Notice to Palomar…
Fandango, Credit Karma Settle FTC Charges that They Deceived Consumers By Failing to Securely Transmit Sensitive Personal Information
Two companies have agreed to settle Federal Trade Commission charges that they misrepresented the security of their mobile apps and failed to secure the transmission of millions of consumers’ sensitive personal information from their mobile apps. The FTC alleged that, despite their security promises, Fandango and Credit Karma failed to take reasonable steps to secure…
HHS releases security risk assessment tool to help providers with HIPAA compliance
A new security risk assessment (SRA) tool to help guide health care providers in small to medium sized offices conduct risk assessments of their organizations is now available from HHS. The SRA tool is the result of a collaborative effort by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office…
When to Disclose A Data Breach: How About Never?
Joel Schectman writes: When your company gets attacked by hackers, how much do you tell the public and when? Often the answers are nothing and never, according to an attorney assisting Target Corp. with legal issues arising from its December data breach. There was little consensus on when companies should report data breaches among business executives and officials…
Client data stolen from home of deceased employee?
At the time Chester Ju, an investment representative of McDermott Investment Services, passed away, he had certain client information records at home for his work. What happened to those records became the basis for a breach notification to New Hampshire and some of his clients. Although the personal representative for the deceased investment representative says he…