Access Securepak explains its service as a “program designed to allow family members and friends to send packages to inmates.” On Monday, their parent corporation, Centric Group, notified the California Attorney General’s Office of a breach that may have started back in August 2010 but was only recently discovered. The irony of a company name that…
Category: Business Sector
When is “an excess of caution” not excessive?
Over on DataLossDB.org, I was entering a security breach notification sent by Atlanta-based Oldcastle APG, Inc. They had informed the New Hampshire Attorney General’s Office that a laptop containing over 5,000 employees’ names, Social Security numbers, and bank account information had been stolen from an employee’s car. As required by the state. they had attached a…
Shades of 2003: Have contractors started holding individuals’ PII hostage again?
It’s been a long time since I’ve seen any report that a contractor or their employees were holding an organization’s client or patient data hostage as part of a dispute. To my surprise, however, there have been two such reports like that recently. One case is in the healthcare sector and I’ll be blogging about…
The long arm of Connecticut law supports personal jurisdiction over Canadian employee accessing company’s U.S. server
Evan Brown provides a recap of the ruling in in MacDermid, Inc. v. Deiter. The relevant background of the case is that an employee of a U.S. firm who lived and worked in Canada allegedly accessed her firm’s server in Connecticut from her Canadian location and forwarded confidential corporate information from her work e-mail account to…
Verizon FIOS allegedly hacked; 300,000 records dumped; more than 3 million acquired? NO! (updated to include Verizon statements)
Update Sunday 3:34 pm: In response to follow-up questions, Verizon spokesperson Alberto Canal informed this site last night: Some were Verizon customers, most were not. In regards to the number of individuals, the total was about 10% of what was originally reported. In answer to your question about a vulnerability: No there was not. There…
One year later, Jetro/Restaurant Depot is breached again (update2)
It was last year at about this time that we first got wind of an incident involving food services wholesaler Jetro/Restaurant Depot. Malware inserted in their card payment system had exfiltrated mag stripe data (names, card numbers, card expiration dates, and cvv codes) to a server in Russia between late September 2011 and early November…