One of the victim companies of a W-2 phishing attack that this site reported in 2017 was a New York firm called Taconic Biocences. A copy of their notification to the Maryland Attorney General’s Office is still available online, here. Recently, News10 in New York reported that there has been a $2.7 million settlement in…
Category: Breach Incidents
Hibiscus Petroleum suffers cyber attack
Mark Lammey reports: Hibiscus Petroleum said today that its IT system was “subjected to an attack” last week. The Malaysian firm said the affected parts of the system were isolated and partially shut down. Hibiscus said the system was gradually being restored and that production operations had not been impacted. Read more on Energy Voice. …
Cancer Treatment Centers of America in Atlanta discloses three phishing incidents in 6 months
The Cancer Treatment Centers of America (CTCA) has had its name cross my desk a lot this past year. And that’s not a good thing. There have been five Cancer Treatment Centers of America breach notices that have been publicly disclosed since November 2018. Three of them involved the Southeastern Regional Medical Center in Atlanta,…
Daily Dicta: The FTC Should Be Suing Itself for How It Handled This Case
Jenna Greene has a column today on the LabMD case. Sadly, it is behind a paywall, but it begins: Government consumer protection lawyers are supposed to be the good guys, the ones in white hats sticking up for the citizenry. Which is why it’s particularly upsetting when it turns out they’re in the wrong—as was…
TN: ‘Father of Identity Theft’ Convicted on 13 Federal Counts
Dark Reading reports: James Jackson, a 58-year-old Memphis resident, used the identities of deceased individuals to steal money from banks and the estates of the dead. James Jackson, the self-proclaimed “Father of Identity Theft,” has been convicted of 13 counts of mail fraud, aggravated identity theft, access device fraud, and theft of mail. He now…
IN: Goshen Health notifies patients potentially impacted by 2018 data security breach
Sometimes, an incident that doesn’t appear to require notification may require notification under HIPAA. In an August, 2018 incident reported on The Elkhart Truth that involved Goshen Health, the health system originally determined that no notification was required, but when forensic investigators came in months later and looked for any information that might have been…