I’ve often thrown up my cyber-hands in disgust at breaches that occur because people leave unencrypted PII or PHI in unattended vehicles. But sometimes, you read an incident report, and you can somewhat relate. This report by attorney Michael Koch, dba Lockhart, Britton & Koch in La Mesa, California is one of those times. From…
Category: U.S.
Breaches have (advertising cost) consequences for hospitals
The following is the abstract of an observational study published on The American Journal of Managed Care. The TL;DR version seems to be that if entities were to spend more proactively on security, they might not have to pay about 64% more annually in advertising costs over the next two years following a breach. Understanding…
California Department of Consumer Affairs suffers malware attack
Vincent Moleski reports: The California Department of Consumer Affairs suffered a malware attack Wednesday morning, affecting workstations and disrupting computer networks. Veronica Harms, the department’s deputy director, said in a prepared statement that all services to the public remained open, but the department had shut down some of its computer information network to protect electronic…
Caribou Coffee Customer Data Exposed In POS Security Breach
A breach involving coffee customer data at Caribou Coffee stores throughout the country. A notice on their web site explains: Data Security Notice Dear Valued Guests: We want to be in touch with you regarding a recent incident that may have involved access to your payment card information. What Happened On November 28, 2018, we…
Eyeware retailer Warby Parker forces password reset; notifies 198,000 customers of credential stuffing attack
Sam Woods reports: Eyewear retailer Warby Parker announced Thursday that it had suffered a cybersecurity breach that may have affected up to 198,000 customers.Hackers accessed customer usernames and passwords from unrelated cyber break-ins at other companies, according to a Warby Parker news release. The hackers then used that information to try to gain unauthorized access to client…
LifeBridge sued over 2016 breach
Remember the LifeBridge malware incident disclosed earlier this year where more than 500,000 patients were notified of a malware incident that had been discovered in March, 2018? LifeBridge’s notification indicated that their investigation had revealed that an unauthorized person had accessed the server in 2016. It wasn’t totally clear to me at the time whether…