Paxton Scott reports: A security flaw allowed users of Queer Chart, a startup founded by Stanford students to link members of the campus queer community, to access all users’ names, profile pictures, email addresses, dates of birth, pronouns, schools and anonymous IDs, its founders have acknowledged. An anonymous ID is meant to allow a user…
Category: U.S.
Macy’s Customer Payment Info Stolen in Magecart Data Breach
Lawrence Abrams reports: Macy’s has announced that they have suffered a data breach due to their web site being hacked with malicious scripts that steal customer’s payment information. This type of compromise is called MageCart attack and consists of hackers compromising a web site so that they can inject malicious JavaScript scripts into various sections…
CAH Holdings issues notice after employee email accounts compromised
What follows is a somewhat unsatisfactory notice. It does not indicate when the email accounts were compromised. It does not indicate when the firm first discovered it or how they discovered it. It does not indicate how many people are being notified by them. It does not explain to patients why a holdings firm has…
Choice Cancer Care Treatment Center notifies patients of May data security incident
IRVING, Texas, Nov. 15, 2019 /PRNewswire/ — Choice Cancer Care Treatment Center (“Choice Cancer Care”) operates cancer treatment centers in Texas where it offers individualized cancer treatment plans for patients. Choice Cancer Care is providing notice of an incident that may have involved the privacy of certain patient information in its care. While, to date, the investigation found no evidence of actual or attempted misuse of…
Select Health Network reveals compromise of employee email accounts that may impact an unspecified number of patients
The following press release is by what appears to be a business associate under HIPAA. It does not name the covered entities whose patients or insured members may have been impacted. Will we see notices from those covered entities? Probably not, unless more than 500 were affected for a particular covered entity. The notice also…
Rutledge issues data breach advisories to Arkansas medical providers
Fox16 reports: Arkansas Attorney General Leslie Rutledge today sent an advisory letter to medical licensees throughout Arkansas about their duty to report a data breach under the Personal Information Protection Act (PIPA). The PIPA reporting guidelines, amended in July 2019, mandate that individuals, agencies and businesses notify the Attorney General’s Office at the same time as affected…