Category: U.S.

PA Court Rejects Healthcare Data Breach Class Action Lawsuit

Posted on by Dissent

Elizabeth Snell reports an update to a 2010 breach previously covered on this site: The Pennsylvania Superior Court recently dismissed claims in a healthcare data breach class action lawsuit, explaining that the trial court needs to review the plaintiff’s claim under the Uniform Trade Practices and Consumer Protection Law (UTPCPL). In the case Baum v. Keystone Mercy Health…

Read more

How the Pwnedlist Got Pwned

Posted on by Dissent

Brian Krebs reports: Last week, I learned about a vulnerability that exposed all 866 million account credentials harvested by pwnedlist.com, a service designed to help companies track public password breaches that may create security problems for their users. The vulnerability has since been fixed, but this simple security flaw may have inadvertently exacerbated countless breaches by preserving the data lost in them…

Read more

Two more colleges report compromise of employee W-2 info

Posted on by Dissent

Two more colleges have reported breaches involving employee W-2 data. I’m late picking the first one up, but it seems Allegheny College employees reported problems when filing taxes. On April 14, Angela Mauroni reported that at least 74 non-student employees of the Pennsylvania college had reported such problems.  The college believes the information was accessed through the hacking…

Read more

Federal contractor with cybersecurity ties notifies employees after W-2 info acquired by targeted phishing

Posted on by Dissent

I’ve continued to add entities to my list of firms or entities where employee W-2 information was successfully phished by emails purporting to be from an entity’s executive. One notification I read this morning made me cringe because the firm that was successfully phished has contracts with the government involving mission critical systems for U.S. and coalition…

Read more