Ruh oh. Penn Station, Inc. and some of its franchisees have announced that they have learned of unauthorized access to credit and debit card information in certain franchisee-owned Penn Station East Coast Subs restaurants. Less than 20 percent of Penn Station’s more than 235 restaurants have been identified as potentially affected to date. “We want…
Author: Dissent
SC: Stolen laptop contained veterans' information, VA
Kyle Martin reports: Personal identifying information belonging to more than 800 veterans was contained in a laptop that was stolen two months ago, the Charlie Norwood VA Medical Center said Friday. The 824 affected veterans have been notified and offered free credit monitoring for a year, according to a press release. […] The laptop was…
Vermont Updates Data Breach Notification Law
Cynthia Larose and Amy Malone describe recent changes to Vermont’s law that strengthens some consumer protections: Effective as of May 8, 2012, Vermont’s updated data breach law (Act 109) brings along several changes. The biggest change is in the notification requirements. Notification to consumers must now occur no later than 45 days after discovery of the incident and must…
States crack down on prescription-drug "doctor shopping"
Mary Wisniewski of Reuters has an informative report on the state of prescription databases across states. She writes, in part: Forty-three states now have databases to keep track of who is getting prescriptions for powerful pain relievers such as oxycodone, Vicodin and Opana. Pharmacists enter prescriptions for controlled substances into the database, so prescribers can…
A Six-Figure Credit Breach at Five Guys (updated)
I hate it when we only find out about data breaches from lawsuits, but at least we find out. Marlene Kennedy of Courthouse News reports: Five Guys burger joints failed to safeguard their data, giving hackers access to the accounts of debit-card-paying customers, a bank claims in court. Trustco Bank says the hackers racked up…
OH: Legislation proposal would require online security breaches to be reported
Jim Siegel reports that Rep. John Patrick Carney is planning to introduce a law requiring state agencies, businesses, and institutions to report any database security breach to the Ohio attorney general’s office if any Ohio resident’s personal information was accessed. Notification would have to be made within 40 days of discovery of a breach. Ohio…