See the companion press release from the FTC in a previous post. Rite Aid Corporation and its 40 affiliated entities (RAC) have agreed to pay $1 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, the U.S. Department of Health and Human Services (HHS) announced today….
Category: Breach Incidents
Rite Aid Settles FTC Charges That It Failed to Protect Medical and Financial Privacy of Customers and Employees
The following is the FTC’s press release. In the next post, I’ll publish HHS’s press release on their settlement with Rite Aid. Rite Aid Corporation has agreed to settle Federal Trade Commission charges that it failed to protect the sensitive financial and medical information of its customers and employees, in violation of federal law. In…
Citi plugs privacy hole in iPhone banking app
Elinor Mills reports: Citibank has fixed a flaw in its iPhone app that was inadvertently storing customer account data on the mobile devices, the company said on Monday. “During a recent review, we discovered that our U.S. Citi Mobile iPhone banking app was accidentally saving information related to customer accounts in a hidden file on…
SC: Post Office Admits Error in Sending Out Personal Information
Michael Benning reports: The United States Post Office is responding to a story aired on WLTX where two women say they were delivered employees’ personal information. Friday, Anne Clarkson and Sam Ruskin told us they had received a receipt in the mail last week for an outgoing package. On the back of the receipt was…
Hacked investment firm says hack intended as a launch pad
Attorneys for Resnick Investment Advisors in South Carolina have notified the New Hampshire Attorney General’s Office that in June 2010, the investment firm’s network was breached. The breach was discovered on June 22, and the means of attack identified and reported to the FBI. An investigation into the incident reportedly indicated that the breach did…
Former Brio Tuscan Grille employee sentenced
A former Kansas City, Mo., man was sentenced in federal court last week for stealing identity information from customers at the Plaza restaurant where he worked, then using that information to make online purchases. John David Woody, 35, of Los Angeles, Calif., formerly of Kansas City, was sentenced by U.S. Chief District Judge Fernando J….