It’s been a confusing few days for those trying to understand what T-Mobile press releases were really saying about what they found when they investigated claims on the Full Disclosure mail list. Their somewhat terse statements led some of us to conclude that they were saying that they had some evidence of data theft, while…
Category: Breach Incidents
IN: Pharmacy pays fine for jeopardizing patient information
In 2006, WTHR in Indianapolis ran a series of investigative reports on how local pharmacies were trashing sensitive prescription information. Their series resulted in legislative and state investigations and rightfully earned them a Peabody Award for the series. But the impact of their series is still being felt. Today, they report that Low Cost Pharmacy…
Class action lawsuit filed over Aetna hack (updated)
Courthouse News Service reports that a class action claim has been filed against insurance giant Aetna as a result of the recent security breach in which hackers gained access to personal information about 450,000 employees, former employees and potential employees. At the time, Aetna stated that the incident exposed the SSN of approximately 65,000 people….
UK: Nightwatchman left tax files centre open and unguarded while he sneaked off for a burger
Stephen Stewart of The Daily Record reports: A hungry security guard left highly sensitive files at risk while he went in search of a McDonald’s. The nightwatchman quit his post at the Customs centre in Dundee and propped open a door so he could get back into the building as he had no keys. […]…
Update: T-Mobile confirms some data theft
I received an updated statement from T-Mobile overnight. Their revised statement confirms that at least some data were stolen, but they do not confirm that the breach described on the the Full Disclosure mail list was as extensive as the hackers claimed when they posted, “We have everything, their databases, confidental documents, scripts and programs…
Amicus Legal Ltd found in breach of the Data Protection Act
From the ICO press release: The Information Commissioner’s Office (ICO) has found Amicus Legal Ltd in breach of the Data Protection Act after reporting a laptop computer containing personal information relating to 100,000 customers was stolen. The laptop, privately owned by a contracted consultant, was not encrypted. According to the Undertaking: The laptop computer, which…