We are writing to you because of an incident at Unique Vintage. On September 14, 2013 we discovered a data security incident that involved some of your personal information. Unique Vintage is Payment Card Industry Security Standards Council (“PCI”) compliant and implements the latest measures reasonably possible to protect its customers’ sensitive information. However, the very sophisticated data breach…
Category: Business Sector
Breach notifications: what really happened vs. what they tell us
I’ve often pointed out how breach notification letters to those affected may omit details that consumers might want to know but breached entities probably prefer we not know. I came across another example today. Let’s start with what happened, as described by attorneys for Vector Security to the Maryland Attorney General’s Office. Vector Security provides…
Kierkegaard & Perry Labs report hack through a “known bug” in their platform
I think it would be fair to say that Kierkegaard & Perry Labs, Inc’s breach notification to Maryland in July impressed me somewhat unfavorably. KPL was reporting a hack that had compromised some customers’ names, addresses, and credit card numbers with expiration dates and CVV codes. Their investigation revealed that 8 customers’ information was acquired (not…
ADP coding error also impacted AlliedBarton Security Services, too
I’m still uncovering details of the ADP coding error breach that impacted employees of the City of Houston, US Airways, and McKesson. Now we can add AlliedBarton Security Services to the list of affected clients. And Lennox International. Interestingly, these newly posted reports indicate that 206 of ADP’s clients were affected by this breach. In…
Clark & Anderson accounting firm notifies thousands after unencrypted backup drive stolen from employee’s car
A Maryland accounting firm had to notify 2,906 Maryland residents after an unencrypted backup drive was stolen from an employee’s car at his home. The theft occurred on August 4, but Clark & Anderson, P.A. didn’t learn of it until August 8. In a letter dated August 30 to the Maryland Attorney General’s Office, they…
State Farm call center worker misused customers’ credit card information
Two days after a State Farm auto insurance customer made a payment on their insurance policy over the phone, the customer called State Farm back to report that their credit card information had been misused. State Farm investigated, and one month later, on September 4, the insurer notified the Maryland Attorney General’s Office that they…