In the big scheme of things, it may be small breach report. But the difference between what Ameriprise Financial told the state attorney general and what they told the client caught my eye. In a notification letter to the New Hampshire Attorney General’s Office, Ameriprise Financial Services informed the state that they had had a…
Category: Commentaries and Analyses
“It is an understatement to say that BlueCross regrets this data breach.”
The breach disclosure notification provided by BCBS of Tennessee to the Maryland Attorney’s General Office has just been made available online. The detailed letter about the theft of 57 hard drives from a Chattanooga facility, dated December 16, 2009, provides additional insight into the mammoth chore BCBS faced trying to determine what data were…
Recommended: The Curious Case of EMI v. Comerica
David Navetta writes: Security breaches in the online banking world continue to yield interesting lawsuits (you can read about three others in this post). The latest online banking lawsuit filed by Experi-Metal Inc. (“EMI”) against Comerica (the “EMI Lawsuit”) provides some new wrinkles that could further illuminate the boundaries of “reasonable security” under the law….
Nl: Student info often leaked
Karin Spaink provides an English summary of a news story on education sector breaches in the Netherlands: The teachers union (Algemene Onderwijsbond) researched how often student information is accessible via Google. They found quite a lot: list of home addresses, student reports, progress reports, assessment reports. The union notified all the universities, faculties and training…
The Cost Of A Breach, Heartland Style: At Least $129 Million; Might Be $229 Million
Evan Schuman comments: In its latest financial report, Heartland Payment Systems reported that it dropped $129 million on data breach costs last year (an incident that briefly placed Heartland on Visa’s Bad Breach Boy list). The company added that it still has a reserve of $100 million for additional expenses. As a processor, Heartland’s pain…
HHS starts to reveal healthcare breaches reported to government
When HITECH was passed as part of the stimulus bill, it introduced new data breach notification requirements, including a requirement that breaches of unsecured personal health information held by covered entities or their business associates affecting more than 500 individuals be reported to the U.S. Department of Health & Human Services. The requirement was somewhat…