When HITECH was passed as part of the stimulus bill, it introduced new data breach notification requirements, including a requirement that breaches of unsecured personal health information held by covered entities or their business associates affecting more than 500 individuals be reported to the U.S. Department of Health & Human Services. The requirement was somewhat…
Category: Breach Incidents
Equifax offers employees free Equifax credit monitoring after SSN exposed in mailing gaffe
After Equifax recently sent out IRS W-2 statements to most of its current employees and some former employees, they discovered that some employees’ control ID numbers were partially or completely viewable in the return address window of the envelope used by the payroll vendor. In an unspecified number of cases for U.S. employees, the control…
Widespread Data Breaches Uncovered by FTC Probe
The Federal Trade Commission has notified almost 100 organizations that personal information, including sensitive data about customers and/or employees, has been shared from the organizations’ computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud. The agency also has…
(follow-up) Cops say suspected data thief continued spending while awaiting trial
George Warren reports: A data breach involving 29,500 Northern California Kaiser Permanente employees discovered a year ago has led to at least 400 Kaiser employees becoming victims of identity theft, according to criminal investigators. Detectives said the woman accused of stealing the personnel files continued to victimize employees even while she awaited trial. Mia Garza,…
(update) GA: Up to 170,000 Valdosta State grades, other information breached
Arek Sarkissian II reports: A Valdosta State server that was reported as being breached last month could have exposed the information of up to 170,000 students and faculty, the university said on Thursday. Valdosta State officials reported the discovery of a breach on Dec. 11 and estimated it began on Nov. 11. On Thursday, the…
Business Counter-Sues Bank in Fraud Dispute
Linda McGlasson reports: The Texas machinery company that was sued by its bank after a data breach has filed a countersuit against the institution, saying it “won’t be bullied.” The case pits Plano, TX-based Hillary Machinery, Inc. against PlainsCapital Bank, a $4.4 billion institution headquartered in Dallas. Hillary was defrauded by cyber thieves who made…