Dealing with a patchwork of state data breach notification laws can be challenging. Dealing with state laws, federal regulations, and the GDPR can be even more difficult. But that may be the situation for Savannah College of Art and Design (SCAD), a private school in Georgia that enrolls students from other states and has a…
Category: U.S.
KeyBank: Hackers of third-party provider stole customer data
Frank Bajak reports: Hackers stole personal data including Social Security numbers, addresses and account numbers of home mortgage holders at KeyBank, the bank reports, in the breach of a third-party vendor that serves multiple corporate clients. The hackers obtained the information on July 5 after breaking into computers at the insurance services provider Overby-Seawell Company,…
Bits ‘n Pieces, Saturday morning edition
In February 2022, NFL’s San Francisco 49ers confirmed a ransomware attack by BlackByte. This week they started mailing notification letters to more than 20,000 people. * * * In a bizarre incident, hackers broke into the ride-hailing service provider Yandex Taxi’s software and sent dozens of cars to the same location, resulting in a traffic…
IRS ‘mistakenly’ posts names, contact numbers and financial information from 120,000 taxpayers’ retirement accounts on its website thanks to human coding error
Ronny Rayes reports: The Internal Revenue Service ‘mistakenly’ posted the names, contact data and financial information from about 120,000 taxpayers’ retirement accounts. The US Treasury Department determined that a human coding error allowed the confidential information to be posted on the IRS’ website before it was taken down, the Wall Street Journal reported. Read more at The…
Samsung says customer data stolen in July data breach
Zack Whittaker and Carly Page reports: Electronics giant Samsung has confirmed a data breach affecting customers’ personal information. In a brief notice, Samsung said it discovered the security incident in late-July and that an “unauthorized third party acquired information from some of Samsung’s U.S. systems.” The company said it determined customer data was compromised on August 4. Read…
LabMD gets another shot at defamation claim against ‘extortionate’ infosec biz
Jessica Lyons Hardcastle reports: LabMD, the embattled and now defunct cancer-testing company, will get another chance at suing security firm Tiversa for defamation following an appeals court ruling. The testing laboratory has long alleged that: Tiversa illegally obtained a 1,178-page computer file containing confidential data on more than 9,000 LabMD patients back in 2008; lied…