Sam Stanton reports: A worker at California’s Department of Motor Vehicles, which is the subject on an ongoing federal bribery probe into the misuse of department computer files, has been accused of using driver’s license records in an elaborate mail and identity theft case. Sarah Laray Sandoval, 39, was a DMV employee with access to…
Category: U.S.
Sued by Aetna over botched mail notifications, KCC fires back, suing Aetna
“I sue you, You sue me, We both sue too easily. Too easily to let it show. I sue you and that’s all I know.” — wrote Art Garfunkel never. Alison Frankel reports: A day after Aetna sued the claims administrator Kurtzman Carson Consultants for exposing confidential medical information about Aetna clients in a settlement…
Voter, Bee databases hit with ransomware attack
Adam Ashton reports: Two Sacramento Bee databases on a third-party computer server were seized last month by an anonymous hacker who demanded The Bee pay a ransom in Bitcoin to get the data back. The intrusion, which was discovered by a Bee employee last week, exposed one database containing California voter registration data from the…
NC: Thomasville employees’ SSN accidentally released in public records request screw-up
Here we go again. Another public records request where someone sent out records without proper redaction. This time, it’s nearly 270 employees of the city of Thomasville who had their SSN disclosed improperly and then uploaded to Facebook. The city will give them credit monitoring. FOX8 has the story.
FBI Private Industry Notification warns schools about TheDarkOverlord
On January 31, 2018, the FBI released a Private Industry Notification (PIN) warning schools about the hacker(s) known as TheDarkOverlord. The information in the PIN was provided by the FBI and the Department of Education’s Office of the Inspector General, and it appears to be an expanded version of a prior alert to schools issued by…
What to Know About ED’s New Stance On Data Breach Reporting
Sean Tassi reports: Until recently, colleges and universities that experienced a data breach had no unique reporting obligations to the U.S. Department of Education. Institutions were expected to analyze security incidents under applicable federal and state laws and, when appropriate, notify affected individuals and appropriate federal and state agencies. Because the Family Educational Rights and…