Christopher Brown reports: A data-breach victim whose personal information was subject to actual misuse has standing to sue the entity that suffered the breach, a federal appeals court said. Plaintiff Alexsis Webb plausibly alleged an injury-in-fact sufficient to confer standing to sue Injured Workers Pharmacy Inc. based on her allegation that information stolen from the…
Category: Commentaries and Analyses
I had been chatting with a blackhat. They had been working with a whitehat. We were both dealing with the same person.
On April 18, DataBreaches reported that more details had emerged on the arrest of three men by Dutch police in January. The three were suspected of hacking and extorting victims in the Netherlands and elsewhere, obtaining and selling data online, and money laundering. A fourth person linked to the suspects known as “DataBox” had previously…
Costs of some 2022 ransomware attacks: Whitworth University hit with federal lawsuit, Little Rock School District tallies its costs
Whitworth University may start experiencing more legal costs stemming from a ransomware attack in 2022. Kip Hill reports: A Whitworth University student is asking a federal judge to approve a class action against the school for damages stemming from a ransomware attack discovered in July 2022 that affected more than 65,500 people. The lawsuit, filed…
Barrow County notifies people of a breach that began more than a year ago
Barrow County in Georgia issued a breach notice about a breach of its email environment that occurred between March and August of 2022. Its notification, posted on its website, states, in part: The type of information at issue varied for each individual, but included a variation of the following: name; date of birth, Social Security…
HHS Office for Civil Rights Settles HIPAA Investigation with iHealth Solutions Regarding Disclosure of Protected Health Information on an Unsecured Server for $75,000
HHS has announced another Security Rule enforcement action. This one involves iHealth Solutions (dba Advantum Health), a business associate. The incident involved an unsecured server where protected health information of patients was exfiltrated. The iHealth incident had been discovered by Kromtech Security and was first reported by DataBreaches on May 9, 2017. On May 10,…
Sweetwater Union High School District now admits February outage was a hack, but still hasn’t answered questions
There’s an update to a report in February about an outage that wasn’t described at the time as a hack or ransomware attack. Laura Acevedo reports: The Sweetwater Union High School District has confirmed a hack was the cause of a days-long system outage at their facilities, saying the personal information of employees, students, and families…