I received an updated statement from T-Mobile overnight. Their revised statement confirms that at least some data were stolen, but they do not confirm that the breach described on the the Full Disclosure mail list was as extensive as the hackers claimed when they posted, “We have everything, their databases, confidental documents, scripts and programs…
Author: Dissent
Amicus Legal Ltd found in breach of the Data Protection Act
From the ICO press release: The Information Commissioner’s Office (ICO) has found Amicus Legal Ltd in breach of the Data Protection Act after reporting a laptop computer containing personal information relating to 100,000 customers was stolen. The laptop, privately owned by a contracted consultant, was not encrypted. According to the Undertaking: The laptop computer, which…
Electronic Health Records and Privacy Law
Eric A. Klein and Christine C. Cohn write in The National Law Journal: President Obama has declared that electronic medical records will “reduce error rates, reduce our long-term cost of health care and create jobs.” (“Obama’s Prime Time Press Briefing,” The New York Times, Feb. 9, 2009.) Congress has authorized $19 billion to implement provisions…
Bits ‘n Pieces
In the justice system: Eight people involved in a credit card-skimming scheme which netted more than $700,000 from customers of Washington D.C. restaurants pleaded guilty to charges including bank fraud, access device fraud and aggravated identity theft. More. Also see USAO Eastern Virginia press release. (Previous coverage here) Winnipeg Police have charged Mcena Ijaz with…
Crawford & Company employee pleads guilty to stealing claimants’ personal information
Last week, I posted a copy of a press release from the US Attorney’s Office in Maryland stating that Shanell Angelia Bowser had pleaded guilty to stealing personally identifying information of insurance claimants submitted to her employer, described as an unnamed medical insurance adjuster. The release also mentioned that Bowser and/or her co-schemers had also…
Pointer: Commentaries on Merrick Bank v. Savvis
Last week, people started talking about a lawsuit first filed last year by Merrick Bank against Savvis Inc. The basis for the suit is that when Savvis audited CardSystems Solutions for compliance with the CISP security standards of the time, they gave them a clean bill of health. Merrick sued them after the breach, and…