Kate O’Flaherty reports: UK supermarket Morrisons is facing a massive payout to staff after losing the first data leak class action in the UK. It comes after Andrew Skelton, a senior internal auditor at the retailer’s Bradford headquarters, leaked employee data online in 2014. Last year, a court ruled the firm was liable for his actions….
Category: Of Note
Ca: AHS failed to protect health information, privacy commissioner finds
We had noted this breach on this site back in 2016, but here’s the follow-up. CBC reports: Alberta Health Services has come under fire from the province’s privacy commissioner for its role in the largest and longest-duration privacy breach AHS has ever experienced. The Office of the Information and Privacy Commissioner reported Wednesday that a former AHS…
ABA ethics opinion offers guidance on data breaches
Jason Tashea reports: Lawyers have to safeguard client data and notify clients of a data breach, and the ABA Standing Committee on Ethics and Professional Responsibility has issued a formal opinion that reaffirms that duty. In Formal Opinion 483, issued Tuesday, the standing committee also provided new guidance to help attorneys take reasonable steps to…
Equifax engineer who designed breach portal gets 8 months of house arrest for insider trading
Catalin Cimpanu reports: A former Equifax engineer who coded parts of the company’s breach notification website for last year’s security incident was sentenced this week to eight months of home confinement and restitution of ill-gotten funds after using insider information about the Equifax breach to make over $75,000 from insider trading. The sentence was passed…
Anthem Pays OCR $16 Million in Record HIPAA Settlement Following Largest U.S. Health Data Breach in History
From HHS/OCR, this record-setting announcement: Anthem, Inc. has agreed to pay $16 million to the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules after a series of cyberattacks led…
AU: School students’ private medical details leaked in Google sync privacy mess
Here’s what appears to be a serious breach involving Google drive and syncing. Henrietta Cook reports: Confidential files detailing high school students’ medical conditions, including anxiety issues and those at risk of suicide, have been found on a Melbourne schoolgirl’s iPad. The document contains photos, names and medical and family details of years 7 to 12…