The Dairy Queen breach, first reported in August, is back in the news this week as more details emerged. In a statement issued yesterday, they write (emphasis added by me): International Dairy Queen, Inc. recently learned of a possible malware intrusion that may have affected some payment cards at certain DQ® locations and one Orange Julius® location…
Month: October 2014
Laptops stolen from Albertina Kerr's Gresham campus contained information on 1,300 psychiatric patients
Eric Apalategui reports: Two laptop computers stolen from Albertina Kerr‘s campus in Gresham may have carried sensitive medical information, including the identities, diagnoses and treatments for up to 1,300 current and former patients. The burglary occurred two months ago, likely on Aug. 6, when someone broke into a single office at Kerr’s crisis psychiatric care facility on Northeast…
Alleged Russian Cyber-Criminal Now Charged in 40-Count Superseding Indictment
A federal grand jury in Seattle returned a second superseding indictment late yesterday charging a Russian national with 11 additional counts and further detailing his alleged scheme to hack into businesses and steal credit card information for later sale over the Internet on “carding” websites. The now 40-count indictment alleges that Roman Valerevich Seleznev, aka…
G.H. Bass & Co announces credit card data breach at Orlando store
Michelle Dendy reports: G.H. Bass & Co. announced on Thursday that a small data capture device was attached to one of the cash registers in its Orlando store for a month. According to a release from G.H. Bass & Co., on Sept. 12 the company discovered an unauthorized person had connected a device to one…
Macomb County, Michigan notifies employees and dependents of business associate breach
Update: After this entry was posted, PHIprivacy.net received additional information indicating that there were actually two Macomb County Business Associates involved in the provision of the file to the County. “One of these two Business Associates is U.S. Health Holdings’ subsidiary Automated Benefit Services,” a spokesperson for the county’s communications firm tells PHIprivacy.net. “The breach did not occur at or by…
Ignoring leak reports and inquiries is just asking for trouble
This is an example of how NOT to secure patient information and how NOT to respond when you’re contacted about a vulnerability. Kevin Wetzel of SLC Security Services LLC posted a vulnerability report on Cape Fear Valley Health System in Fayetteville, NC. The vulnerability, first noted by SLC on August 26, was described as the entity leaking…