David Pugliese reports: Veterans Affairs is acknowledging another case where the confidential files of a Canadian veteran were accessed, without consent, by an employee of the Royal Canadian Legion. The Ottawa Citizen reported on such cases in early May, but at the time, Veterans Affairs said it was aware of only one complaint about unauthorized…
Category: Insider
Former Excellon employee’s sentencing delayed in hacking case
Debbie Sklar reports: A sentencing hearing was delayed Monday until Aug. 22 for an Oceanside man who staged repeated attacks on a computer system operated by his former employer, a manufacturer of precision laser and mechanical drilling equipment. Prosecutors are recommending that Conrad Pearson be sentenced to 18 months in federal prison and ordered to pay…
NY: Leader behind hospital ID theft ring takes plea deal
Rebecca Rosenberg reports an update to a case first noted in June, 2015: The leader of an identity theft ring that used stolen patient records purchased from a crooked hospital employee to pull off shopping sprees at major Manhattan department stores took a plea deal Monday. Fernando Salazar, 28, admitted to buying the records of 250 Montefiore…
UBS wins $1.1M from Wells Fargo in insider data theft case
William Sprouse reports the outcome of an arbitrated insider data breach case where a departing employee allegedly took client data with him to his new employer. I don’t think this case was ever covered on this site before, but Law360 had reported the lawsuit back in 2012. Sprouse reports: A FINRA arbitration panel ruled a…
UK: Tesco call centre worker fined over customer data breach
So what do you think the penalty/fine should be for an employee wilfully emailing themselves customer data that they had no business copying and taking? Jail time? A monetary penalty? Community service? Keep in mind that the defendant had to return from Lithuania to be sentenced. Sounds serious, right? BBC reports that Thomas Wengierow, 47, who…
Insider breach – Shapeshift’s story
@SwiftonSecurity kept telling everyone on Twitter that we #MUSTREAD the story of what happened at Shapeshift.io. And with good reason: it’s a phenomenal account of an insider breach told with the kind of refreshing honesty that’s often missing in most breach disclosures. It also reads like a thriller. I’m going to give readers a different…