This might be a good time to follow up on my previous coverage of the FTC complaint against Wyndham, and Wyndham’s motion to dismiss. As I noted previously, this is the first time that the FTC has faced an actual legal challenge to its authority to bring an action over data security. Since my last…
Category: Breach Incidents
UK: ‘Entirely avoidable’ loss of sensitive children’s records leads to penalty for London charity
A social care charity has been served a monetary penalty of £70,000 after highly sensitive information about the care of four young children was lost after being left outside a London home, the Information Commissioner’s Office (ICO) announced today. A social worker, who worked for Norwood Ravenswood Ltd, left the detailed reports at the side of the…
Missing backup tapes reported to TD Bank customers
A letter from TD Bank to affected customers reads, in part: Some of your personal information was included on two data backup tapes that we shipped to another one of our locations in late March 2012. The tapes have been missing since then, and we have been unable to locate them despite diligent efforts. This…
Anatomy Of A Brokerage IT Meltdown
Regulators last year issued the SEC’s first-ever privacy fine against broker-dealer GunnAllen for failing to protect customer data. But former IT staffers say regulators didn’t seem to know half of this cautionary tale of outsourcing and oversight gone wrong. Mathew J. Schwartz adds some mind-boggling details to the case: Dan Saccavino, a former Revere Group…
Android app releases 760,000 users’s personal data, contacts online
Adam Westlake reports: A Japanese smartphone app for Android-powered devices has reportedly leaked the personal data of some 760,000 users on the internet. The address book application, Zenkoku Denwacho (“Nationwide Address Book”), was reported to the Tokyo Metropolitan Police Department on Saturday by NetAgent Co., an information security company, for the breach of user privacy. The application’s developer…
Hackers release personal information of 600 in Ohio State College of Dentistry
Ben Keith reports that one of the entities affected by a recent TeamGhostShell hack was Ohio State College of Dentistry. Okay, but here’s the thing: should the college have notified those whose names, addresses, phone numbers, email addresses and passwords were acquired and dumped on the Internet? You might think “yes,” but Ohio state law…