A news report from a few days ago is actually a good example of the frustration some experience with OCR investigation of breaches. TL;DR version: a breach was reported by the media in March, 2017. This site also noted it. But now, more than one year later, there have been no consequences for the entity,…
Month: July 2018
Clark University notifies students of phishing incident
Clark University in Massachusetts began notifying some students whose personal information, including Social Security Numbers, were in an employee’s email account that had been accessed. According to their notification dated July 20, the university’s investigation revealed that an unauthorized individual could have accessed the employee’s email account between March 19 and March 23rd. From the wording…
Central New York Cardiology notifies 824 patients after appointment records recovered by USPS from mail receptacle
I’m not sure I understand from the notification (reproduced below) how this incident occurred, but Central New York Cardiology is notifying 824 patients after the post office sent them a package of patient records that had been found loose in a mail receptacle. The records were appointment lists from October 2017 that, according to CNYC, should…
Australia Zoo Breached
Australia Zoo, home of the croc hunter otherwise known as Steve Irwin is one of Queensland’s leading tourist attractions. It also attracted the attention of a pentester who has provided CyberWarNews with evidence that the main website for the zoo has been compromised. The pentester, a Pakistani penetration tester named Touseef Gul, has previously made…
Follow-up: More than 1200 people could receive settlements after Flowers Hospital data breach
WTVY reports that if a federal judge approves a proposed settlement of a class action lawsuit, more than 1200 patients of Flowers Hospital in Alabama might receive reimbursement for credit monitoring expenses, payment for up to four hours of lost wages dealing with the breach, and a refund of any interest lost due to tax refund…
PA: State Dept. of Corrections notifies employees, inmates of online security incident with third-party vendor
Fox43 reports: A “security incident” at a third-party vendor may have compromised the personal information of employees, inmates and others involved with the state Department of Corrections, the DOC announced Monday in a press release. The DOC says it has sent letters to those who may have been affected by the incident, which occurred on…