In March, 2015, the D.C.-based Children’s National Medical Center notified 18,000 patients of a breach that occurred between July 26, 2014 and December 26, 2014 after employees fell for phishing emails. In May, 2015, they were sued over that breach. Now, CNMC has disclosed another breach, this one involving a former vendor who provided medical transcription services. Their press…
Month: May 2016
Ca: Law firm considers launching class action suit against Algonquin College over privacy breach
In June, 2015, Algonquin College in Ottawa disclosed that 1,225 students in the Bachelor of Information Technology and Bachelor of Science in Nursing programs had their personal information on a server that had been accessed. The server compromise occurred in December, 2014, but the college was initially unable to determine exactly what happened. Now a Toronto law…
Personal information of hundreds of City of Houston employees exposed
Greg Picazo reports a City of Houston breach of current and former city employees’ information that will leave you muttering to yourself, “inexcusable:” The names, social security numbers and other financial information was stored in a locked filing cabinet sold by the city at auction in February. Bad enough already, right? How did they not…
PA: Local TD Bank employee charged in identity theft scheme
Jeff Blumenthal reports: A former TD Bank employee was indicted Monday for allegedly stealing customer information and selling it to co-conspirators, who in turn used the data to run an identity theft scheme. Michael Tuffour<, 27, of Philadelphia was charged with one count of bank fraud and three counts of aggravated identity theft. Read more on Philadelphia…
Student disability info ‘lost’ by uni was unencrypted and unsecured
Tom Joyner reports: The disability information of nearly 7,000 current and former students of the University of Sydney “lost” in a major privacy breach in February was unencrypted and unsecured, an internal review of incident has found. The information was lost when a software developer employed by the University left a laptop containing a student disability…
GDPR: potential fines for data security breaches more severe for data controllers than processors, says expert
Have I mentioned recently how much I appreciate columns or posts by lawyers that help educate us non-lawyers? A post in Out-Law.com points out something that is significant for those involved in IT security or advising clients: One of the many changes that the new Regulation will deliver when it comes into force on 25 May 2018 is…