It’s encouraging to see breach notification deadlines taken seriously. The Norwegian Data Protection Authority has imposed a monetary penalty of NOK 2.5 million on Argon Medical Devices for breaching Article 33 (1) of the GDPR. That article requires controllers to notify the regulator of a personal data breach within 72 hours. According to Datatilsynet (the…
Category: Breach Incidents
No need to hack when 682,000 medical records are leaking, Monday edition
On March 15, DataBreaches was contacted by a researcher who had found a “bunch of medical docs.” The files included patient intake evaluations, laboratory results, medical records requests, insurance information forms, treatment or consultation notes, and other files you would expect to see in a patient’s records. The patients all appeared to be in Texas,…
Bits ‘n Pieces (Trozos y Piezas)
CR: CONASSIF Hacked With Chinese Characters El Consejo Nacional de Supervisión del Sistema Financiero (CONASSIF) is involved with the Costa Rican financial system. On March 20, the Computer Security Incident Response Center (CSIRT-CR) on the website of the Ministry of Science, Innovation, Technology and Telecommunications (MICITT), issued an alert involving the website of CONASSIF after…
Kroger notifies more than 82,000 Postal Prescription Service patients of mistaken information sharing
On March 10, Kroger’s Healthy Options program, Postal Prescription Services (PPS), issued a statement about a privacy breach. According to their statement, some PPS patients’ names and email addresses were erroneously shared with the grocery side of Kroger’s business due to an internal error. Kroger doesn’t state when the breach first occurred, but they discovered…
Epidemic of Insecure Storage, Backup Devices Is a Windfall for Cybercriminals
Robert Lemos reports: Companies in every industry continue to leave backup and storage platforms unsecured, with more than a dozen issues, including insecure network settings and unaddressed CVEs, affecting the average device. That leaves these repositories — often the first line of protection in the event of a ransomware attack — as sitting ducks for cybercriminals….
Oak Ridge malware attack: Police investigating as city offices remain closed
Donna Smith reports: As city of Oak Ridge employees continued to work offline because of a malware attack on the city’s computer network, officials announced Wednesday afternoon they are working with law enforcement to investigate the attack. When asked if foul play was suspected, city senior communications specialist Lauren Gray said an investigation is considered standard practice…