Dave Bartkowiak Jr. reports: Blue Cross Blue Shield of Michigan announced Friday that the personal data of nearly 15,000 of Medicare Advantage members may have been compromised after an employee’s laptop computer was stolen in October. Blue Cross said it was notified on Nov. 12, 2018 by COBX, a subsidiary company vendor serving Medicare Advantage business for them, that…
Category: U.S.
UT: Westminster College notifies individuals following phishing attack
Earlier today, I reported that the College of Eastern Idaho was notifying people of a breach after four employees fell prey to a phishing attack. Now here we are, a few hours later, and I’m reporting that Westminster College in Salt Lake City, Utah is notifying people after eleven of their employees fell prey to phishing attacks. Although the…
BevMo notifying thousands of customers after malware compromise of ecommerce site
From their template notification, submitted to the California Attorney General’s Office by Beverages & More (dba “BevMo”): Notice of Data BreachBevMo recently learned of a data incident from the ecommerce service provider that operates our website at www.bevmo.com. This incident may have affected certain customers’ payment card numbers and other information entered on the BevMo…
Four months after disclosing breach, Adams County, Wisconsin notifies HHS
Adams County, WI disclosed a breach in August that affected 258,000 and may have been an insider breach. But they only notified HHS/OCR of that breach a few weeks ago. I wonder why. There’s nothing on their site to explain the late notification.
US Breach Laws Are Coming: South Carolina
Liisa M. Thomas and Shanna M. Pearce of Sheppard, Mullin, Richter & Hampton LLP write: In another change to US state breach notice laws in 2019, South Carolina will have new breach notice requirements for insurance companies. The requirements follow the National Association of Insurance Commissioners’ Insurance Data Security Model Law. South Carolina was the first to…
US Breach Laws Are Coming: Vermont
Liisa M. Thomas and Shanna M. Pearce of Sheppard, Mullin, Richter & Hampton LLP write: On January 1, 2019 Vermont’s breach notice law will include obligations specific to data brokers. A “data broker” is defined as a business that “knowingly collects and sells or licenses to third parties the brokered personal information of a consumer with whom…