Joel Wittnebel has a follow-up on a breach involving the City of Oshawa: Despite extensive efforts, only four of the 18 individuals affected by a December 2015 privacy breach in the city’s printing services department have been identified. On Dec, 1 it was discovered that a series of pre-authorized tax payment (PAP) notices had been double-stuffed…
Month: February 2016
That Radiology Regional Center vendor’s breach potentially affected almost half a million patients
When Radiology Regional Center in Florida disclosed that paper records had been lost or fallen off the truck of its vendor, Lee County Solid Waste Division, they reported that they believed that they had retrieved all the records, but they were notifying all potentially affected individuals: Radiology Regional Center has advised potentially impacted patients to (1) place a…
Five Mounties sue RCMP in alleged medical privacy breach
There’s an update to a workplace medical privacy breach involving members of the Royal Canadian Mounted Police (RCMP). I’ve been following the case on this blog since July, 2013. In December 2014, the privacy commissioner found that the RCMP had violated the employees’ privacy by turning over their records to a psychologist. In October 2015, there was a…
Data Broker Defendants Settle FTC Charges They Sold Sensitive Personal Information to Scammers
A group of defendants have settled Federal Trade Commission charges that they knowingly provided scammers with hundreds of thousands of consumers’ sensitive personal information – including Social Security and bank account numbers. The proposed federal court orders prohibit John Ayers, LeapLab and Leads Company from selling or transferring sensitive personal information about consumers to third parties. The defendants will also…
In Cybersecurity, No Harm Does Not Necessarily Mean No Foul
Peter Sullivan, Christopher Escobedo Hart and Colin Zick of Foley Hoag write: How much does the question of harm matter in cybersecurity law? The answer is: It depends on who is bringing the claim. Businesses confronting data breaches can face litigation from private consumers as well as from governmental entities. Managing litigation risk varies in…
Memphis man accused of using stolen patient identity information to defraud banks of $1.6 million
Fox13 reports that Jeremy Jones of Memphis was indicated in federal court for his role in a bank fraud scheme that involved more than $1.6 million. The affidavit of complaint against Jeremy Jones said he started stealing identities of patients of Memphis Neurology back in 2011, and he used those identities to bilk various banks…