While I’ve been busy tracking W-2 phishing scams, let’s not lose sight of the fact that there are other ways for criminals to obtain W-2 or tax information, and that human error continues to turn assets into low-hanging fruit. Interpreters Unlimited recently notified the Vermont Attorney General’s Office that the contents of an employee’s backup device were…
Category: Breach Incidents
Affiliated Santé Group learned that patient info was exposed on GitHub for years
So there was another breach disclosed in January that I didn’t find out about until today. It’s an insider-error situation involving a software developer contractor who unintentionally exposed protected health information (PHI) of 550 patients on GitHub – for more than five years. Here is Affiliated Santé Group’s notification: January 30, 2017 RE: Notice of…
Stolen backup drive contained personal and health info of Local 693 members
Local 693 Plumbers, Pipefitters & HVACR Technicians has disclosed a breach to those enrolled in its benefit fund. The incident has also been reported to HHS. From its notification to members: We are writing to notify you that a device containing information regarding participants and beneficiaries of the Plumbers & Pipefitters Local 693 Benefit Funds (“Funds”),…
UK: Man prosecuted for taking files with job candidates’ personal info with him when he resigned to start rival company
Gregory Orum has been prosecuted at Highbury Corner Magistrates’ Court for an offence of unlawfully obtaining personal data. The defendant, who at the time worked at a recruitment agency based in Hertfordshire, emailed the personal data of approximately 500 candidates to his personal email address as he was leaving to start a new rival recruitment…
More reports of false tax returns in wake of W-2 phishing scams
One of the many companies who became victims of W-2 phishing this year is Berkley Mid-Atlantic Group, a property and casualty insurance firm with headquarters in Virginia. DataBreaches.net became aware of their incident when contacted by a former employee. According to BMAG’s notification to employees dated March 10, they had no then-current evidence of any misuse of employees’…
VCU Health System notifies 2,700 of inappropriate access to their medical records
The Richmond Times-Dispatch reports: Virginia Commonwealth University Health System is notifying about 2,700 people that their or their minor child’s electronic medical records were inappropriately accessed over a three-year period. The university said it has no indication that the private health information has been used for any unintended purposes. The breach was found Jan. 10…