So on January 27, Brian Krebs revealed that Wendy’s was looking into whether it had been breached. By February 8 – a long delay by today’s standards – a potential class action lawsuit was filed by attorneys for Jonathan Torres in the Middle District of Florida. Robbie Hargett of Legal Newsline has more on the lawsuit:…
Category: Breach Incidents
Stolen Shire laptop contained patients’ personal and medical info
Pharmaceutical company Shire is notifying an unspecified number of individuals that their personal and medical information was on a laptop stolen from an employee’s car in Washington D.C. The laptop, which was issued by Shire Human Genetic Therapies, Inc. was stolen on December 30th and its theft was reported to the police immediately. Investigation into…
IN: 40 people notified after tax documents found in dumpster
Following up on the station’s earlier report, Paris Lewbel reports: Nearly 40 people have been notified by the Indiana Attorney General’s Office after their tax documents were found in a dumpster. Many of the people were not Indiana residents. […] The Indiana Attorney General also sent a letter to the nearby tax preparer to find…
Commenters on Henry Schein consent order: FTC was too lenient
Public comments on the consent order in FTC v. Henry Schein Practice Solutions are now available. The FTC will be responding to commenters, but I wanted to note one particular point raised by commenter because I hadn’t considered it when I filed my complaint with the FTC, and I think the commenters are right. Note that I did not submit…
22,000 dental patients’ info exposed on unsecured Eaglesoft FTP server
Eaglesoft software by Patterson Dental is a popular patient management system. But just as one security researcher had concerns about patient data security in Henry Schein’s Dentrix G5 software, he’s also had concerns about Eaglesoft, albeit for different reasons. He contacted this site on February 6 and notified CERT of his concern: Eaglesoft does seem to…
The second rule of incident response is to follow the plan
From the who-put-the-frying-pan-in-that-fire dept. Several weeks ago, DataBreaches.net received a complaint concerning a breach involving the Montgomery County Housing Opportunities Commission in Maryland. It seems that a vendor’s 1099 tax statement had been sent to the wrong recipient. It was not a particularly unusual breach, but the 1099 had been sent as an unencrypted attachment to an email, so I read…