Brent Hunsberger reports: Oregon regulators are investigating whether the Archdiocese of Portland violated state law by failing to properly notify employees and volunteers that they could be victims of tax-return fraud. The Oregon Division of Finance and Corporate Securities has received two complaints from consumers about the Archdiocese, which oversees schools and parishes serving 418,000 Catholics in…
Category: Breach Incidents
Wyndham’s former director of security compliance says many Super 8 hotels not PCI DSS compliant
I initially thought I’d just skip posting an article on Consumer Reports that seemed to just be a re-hash of what we knew already about the FTC case against Wyndham. But then I came to this statement: Now, David Durko, former director of Wyndham’s security compliance management, says that many independently owned and operated Wyndham…
Student loan debt collector exposes thousands of students’ loan debts to others
If you fell behind in your student loan repayments to the U.S. Education Department, “Mike Doe” (not his real name) may know about it. He didn’t want to know, but a vendor for NCO Financial Systems, the collection agency contracted by USED, recently sent him other students’ loan repayment collection statements. The statements included the individuals’ names,…
Another lawsuit filed against Maricopa County Community College District over massive breach
Jamie Ross of Courthouse News reports that another lawsuit has been filed against Maricopa County Community College District (MCCCD) following a data breach it disclosed in November 2013 (search MCCCD for all previous coverage on this blog). This latest lawsuit was reportedly filed by Jason Liebich, a current student at Phoenix College. It was filed in…
University of Virginia, Spokeo, Indiana among eight more sites hacked by NullCrew (update1)
Students and employees of the University of Virginia (UVa) may be scratching their heads today and wondering what UVa can or will do to secure its servers better. The university, which was hacked in 2012 by @AnonAntidote and again in 2013 by a former UVa student known as @R00tTh3B0x, has reportedly been hacked yet again –…
Court Rules SilverPop Not Liable for Damages After Data Breach
Back in 2010 and 2011, I posted a number of blog entries about a breach at SilverPop. SilverPop was not particularly transparent/forthcoming about the scope of the breach, but it seemed to be pretty large. Today, Ryan M. Martin of Winston & Strawn LLP writes: A Georgia court recently agreed on a summary judgment motion…