In August 2012, I noted a breach involving the theft of backup media from an unattended vehicle of a Cancer Care Group employee. The backup contained information on 55,000 patients and employees. Now, more than three years later, HHS has announced a settlement with CCG over the breach. As seems to be their style, they…
Month: September 2015
UK: WHSmith “bug” spams confidential customer details from “contact us” form
James Temperton reports: WHSmith‘s website has randomly sent out hundreds of private emails to people on its mailing list. The issue appears to come from a broken “contact us” form, with anything customers send through the form being erroneously sent to hundreds of WHSmith’s customers. Details included in the emails include real names, phone numbers,…
UK: London clinic accidentally exposes HIV status of 780 patients
Joseph Patrick McCormick reports that 780 patients at the 56 Dean Street sexual health clinic in London had their names, HIV status, and contact details exposed to one another. The breach occurred when an employee sent out an email newsletter but put the mailing list in the “To:” field instead of the “bcc” field. The clinic…
Meanwhile, back at the OPM breach….
Victims of the breach still have not been notified. OPM will start sending postal laters “later this month.” The government will spend $133 million on identity theft protection services. With options, it could go up to $330 million. ID Experts (Identity Theft Guard Solutions LLC) got the gig to provide the service, which will provide…
Ca: Limestone District School Board concludes breach investigation
CKWS reports: In February the Limestone District School Board launched an investigation after thousands of documents containing personal information including social insurance numbers, addresses, banking and beneficiary information was discovered by a student using a computer at a local school. The records involved both past and present staff dating back to 2001, some 5 thousand people…
MX: Grupo Financiero Banorte Fined $2m for Failure to Notify Customers of Security Breach (updated)
Liisa M. Thomas and Zachary L. Sorman of Winston Strawn write: Mexico’s National Transparency, Information Access, and Data Protection Institute (INAI) recently announced an impending fine of almost $2 million USD to be levied against Grupo Financiero Banorte, the third largest bank in Mexico. According to a statement by an INAI official, the bank failed…