Ina Steiner reports: Etsy confirmed a privacy breach impacted about 1,500 sellers. The incident was caused by human error and was not related to any hacking or website vulnerability. The incident occurred on January 30, 2018, when an Etsy seller requested a copy of their 2016 federal 1099 tax form. Etsy sent a letter to…
Category: Exposure
Unsecured server exposed thousands of FedEx customer records
Zack Whittaker reports: FedEx has exposed private information belonging to thousands of its customers after a legacy server was left open without a password. The discovery was made by security researchers at the Kromtech Security Center, which posted details of the exposure alongside ZDNet. The data, hosted on a password-less Amazon S3 storage server, was…
Triple-S Advantage notifies 36,305 Puerto Rican members of mailing error involving their information
If you were an entity that wound up as part of a $3.5 million settlement with HHS in 2015, you probably wouldn’t want to be reporting yet another breach to HHS now, particularly if your area was still trying to recover from a major hurricane and crisis. Yet that’s the situation Triple-S Advantage, an independent licensee…
Data breach at MassTaxConnect exposed businesses’ info
Joshua Miller reports: A data mix-up on a state tax portal inadvertently made private data from about 16,500 business taxpayers viewable to other companies, potentially even competitors. The breach lasted from Aug. 7, 2017, through Jan. 23, 2018, and allowed some companies to view other business’s names, federal employer identification numbers, tax payments, and other…
Consequences for HIPAA violations don’t stop when a business closes
There’s a new settlement announcement from HHS OCR that makes clear that even if an entity closes its doors, any HIPAA enforcement action continues: A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 out of the receivership estate to the U.S. Department of Health and Human Services (HHS) Office…
This time, students’ records left behind
Barb Ickes writes: The 6-year-old’s psychological assessment is marked “confidential,” yet, there it is in my inbox. I didn’t read it. Finding it in my email felt wrong enough. But I understand what Jim Ziebell was doing. He was offering an example of the records that were left behind at a former school in Lost…